Snort mailing list archives
Re: No alert_smb in 2.1.0?
From: Brian <bmc () snort org>
Date: Sat, 20 Dec 2003 08:21:08 -0500
On Fri, Dec 19, 2003 at 09:38:29PM -0600, Frank Knobbe wrote:
That's ridiculous. SMB alerts (like SNMP alerts) are a single UDP packet. Database stuff taxes the system much more. Will spo_database be removed in favor of Barnyard as well? Perhaps we should remove all non-filesystem plugins..... geesh....
The SMB packets were not generated by snort. They were generated by executing smbclient after building a complicated commandline string. Brian ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No alert_smb in 2.1.0? Mike Maki (Dec 19)
- Re: No alert_smb in 2.1.0? Matt Kettler (Dec 19)
- Re: No alert_smb in 2.1.0? Frank Knobbe (Dec 20)
- Re: No alert_smb in 2.1.0? Brian (Dec 20)
- question about spp stream4 retransmission Michel Christophe (Dec 20)
- Re: No alert_smb in 2.1.0? Frank Knobbe (Dec 20)
- Re: No alert_smb in 2.1.0? Frank Knobbe (Dec 20)
- Re: No alert_smb in 2.1.0? Matt Kettler (Dec 19)