[Snort-users] Snort SMB

Ueli Kistler iuk at ...1171...
Thu Aug 22 10:19:02 EDT 2002


 Hi

.. from README.. :
".. or WinPopup messages to Windows clients using Samba's smbclient"

so...:o) .. install the smbclient.. Snort will execute it using -M
(currently logged in user as source displayed on target host).

If also should have Snort on a Windows box, you can use IDScenter's
program execution feature to start a "net send" when an alert was logged
(or any other program/scripts).
Download: www.packx.net

Regards,
  Ueli Kistler
  eclipse at ...5277...
  www.packx.net

--

Spangberg, Henrik wrote:

>Jepp,
>That's right. I'm asking about samba ALERT, i.e. a winpopup dialog. 
>
>// Henrik S
>
>-----Original Message-----
>From: David Yip [mailto:dy at ...6387...]
>Sent: den 22 August 2002 13:32
>To: "Sundström, Tomas"
>Cc: 'Spangberg, Henrik'; Snort-Users (E-mail)
>Subject: RE: [Snort-users] Snort SMB
>
>
>I think he is asking about samba ALERT, i.e. a winpopup dialog box, i think.
>
>At 18:31 22/8/2002, Sundström, Tomas wrote:
>
>
>Hi, 
>
>pass udp $HOME_NET 137:138 <> $HOME_NET 137:138 (msg:"AcceptNetbios";
>sid:100002 
>7;) 
>
>you choose wheter you pass, alert, log, react to this match. 
>This rule only applies on local "broadcasts" sent from windows mashines but
>also for samba enabled servers. 
>
>Rgds. Tomas 
>
>-----Original Message----- 
>From: Spangberg, Henrik [mailto:Henrik.Spangberg at ...6584...] 
>Sent: den 22 augusti 2002 11:25 
>To: Snort-Users (E-mail) 
>Subject: [Snort-users] Snort SMB 
>
>Hello, 
>Does annybody now where to find inforamtion how to configure SNORT wtih smb 
>alert. 
>Does SAMBA have to be installed? 
>  
>
>>>No 
>>>      
>>>
>
>Most kind regards Henrik 
>
>********************************************************************** 
>This email and any files transmitted with it are confidential and 
>intended solely for the use of the individual or entity to whom they 
>are addressed. If you have received this email in error please notify 
>the sender either by telephone or by e-mail and delete the material 
>from any computer. Thank you for your cooperation. 
>
>This footnote also confirms that this email message has been swept by 
>MIMEsweeper for the presence of computer viruses. 
>
>www.borealisgroup.com 
>********************************************************************** 
>
>
>------------------------------------------------------- 
>This sf.net email is sponsored by: OSDN - Tired of that same old 
>cell phone?  Get a new here for FREE! 
>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 
>_______________________________________________ 
>Snort-users mailing list 
>Snort-users at lists.sourceforge.net 
>Go to this URL to change user options or unsubscribe: 
>https://lists.sourceforge.net/lists/listinfo/snort-users 
>Snort-users list archive: 
>http://www.geocrawler.com/redir-sf.php3?list=snort-users 
>
>--
>
>David Yip
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: OSDN - Tired of that same old
>cell phone?  Get a new here for FREE!
>https://www.inphonic.com/r.asp?r=urceforge1&refcode1=vs3390
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
>
>  
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020822/0c3da839/attachment.html>


More information about the Snort-users mailing list