[Snort-users] Snort SMB

Spangberg, Henrik Henrik.Spangberg at ...6584...
Thu Aug 22 04:48:03 EDT 2002


Jepp,
That's right. I'm asking about samba ALERT, i.e. a winpopup dialog. 

// Henrik S

-----Original Message-----
From: David Yip [mailto:dy at ...6387...]
Sent: den 22 August 2002 13:32
To: "Sundström, Tomas"
Cc: 'Spangberg, Henrik'; Snort-Users (E-mail)
Subject: RE: [Snort-users] Snort SMB


I think he is asking about samba ALERT, i.e. a winpopup dialog box, i think.

At 18:31 22/8/2002, Sundström, Tomas wrote:


Hi, 

pass udp $HOME_NET 137:138 <> $HOME_NET 137:138 (msg:"AcceptNetbios";
sid:100002 
7;) 

you choose wheter you pass, alert, log, react to this match. 
This rule only applies on local "broadcasts" sent from windows mashines but
also for samba enabled servers. 

Rgds. Tomas 

-----Original Message----- 
From: Spangberg, Henrik [mailto:Henrik.Spangberg at ...6584...] 
Sent: den 22 augusti 2002 11:25 
To: Snort-Users (E-mail) 
Subject: [Snort-users] Snort SMB 

Hello, 
Does annybody now where to find inforamtion how to configure SNORT wtih smb 
alert. 
Does SAMBA have to be installed? 
>>No 

Most kind regards Henrik 

********************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they 
are addressed. If you have received this email in error please notify 
the sender either by telephone or by e-mail and delete the material 
from any computer. Thank you for your cooperation. 

This footnote also confirms that this email message has been swept by 
MIMEsweeper for the presence of computer viruses. 

www.borealisgroup.com 
********************************************************************** 


------------------------------------------------------- 
This sf.net email is sponsored by: OSDN - Tired of that same old 
cell phone?  Get a new here for FREE! 
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 
_______________________________________________ 
Snort-users mailing list 
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users 

--

David Yip




More information about the Snort-users mailing list