|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Smb output
From: Frank Knobbe (frank
knobbe.us)
Date: Wed Jul 21 2004 - 16:55:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 2004-07-21 at 16:24, Michael Sconzo wrote:
> The slow(er) part is having the nmblookup take IP -> NetBIOS name
> then using that with smbclient to generate the WinPopUp message.
> Maybe I'm doing it a broken way...that's what I have now tho.
>
> So you lose 'time' by calling multiple external programs and waiting
> for them to return.
As I said, looks like the output plugin could be optimized where the
admin supplies not only the IP address but also the NetBIOS name of the
system to be contacted. All Snort would need to do is populate a UDP
packet and throw it on the wire (without calling smbclient).
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBA/uZNJjGc5ftAw8wRAnamAKDk+A1eL5L+M234yuvjBLmbp45FiQCg4XIO
/QMU/JLu0/et+EtAm3jZFSo=
=M9b5
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]