Snort mailing list archives
RE: Smb output
From: "Joshua Berry" <jberry () PENSON COM>
Date: Thu, 22 Jul 2004 08:34:54 -0500
Frank Knobbe wrote:
On Wed, 2004-07-21 at 17:13, Michael Sconzo wrote:Ok, if you re-wrote smbclient (or at least the part that does the WinPopUp stuff),No, no. I'm saying don't use smbclient at all. Have Snort populate a
UDP
packet and send it out.
That could be an option. But...
Then that gets into duplicating work etc ... but if you or somebody else does it, I wouldn't complain either, and would probably use it.Heh... I don't even have much time at the moment to work on Snortsam.
:(
And since I don't use the SMB alert, there is no incentive for me either. Speaking of Snortsam, I'm doing something very similar there.
...no one is interested in rewriting this.
And one more thing. How many WinPopUp windows you gonna find after you've been out for just one hour (e.g. having lunch)? Personally I wouldn't want to deal with several hundred open windows at once. :)
If someone were to rewrite it I think it would be better to follow the flexresp method, where you can add an option to a rule to send a WinPopUp on alerts that are most important to you. That way analysts wouldn't be inundated with the WinPopUp's. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Smb output Maetzky, Steffen (Extern) (Jul 20)
- Re: Smb output sekure (Jul 20)
- Re: Smb output Nerijus Krukauskas (Jul 20)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Nerijus Krukauskas (Jul 21)
- Re: Smb output Nerijus Krukauskas (Jul 20)
- Re: Smb output sekure (Jul 20)
- <Possible follow-ups>
- RE: Smb output Joshua Berry (Jul 22)
- RE: Smb output Frank Knobbe (Jul 22)