[Snort-users] No alert_smb in 2.1.0?

Brian bmc at ...950...
Sat Dec 20 05:22:02 EST 2003


On Fri, Dec 19, 2003 at 09:38:29PM -0600, Frank Knobbe wrote:
> That's ridiculous. SMB alerts (like SNMP alerts) are a single UDP
> packet. Database stuff taxes the system much more. Will spo_database be
> removed in favor of Barnyard as well? Perhaps we should remove all
> non-filesystem plugins..... geesh....

The SMB packets were not generated by snort.  They were generated by
executing smbclient after building a complicated commandline string.

Brian




More information about the Snort-users mailing list