[Snort-users] No alert_smb in 2.1.0?
bmc at ...950...
Sat Dec 20 05:22:02 EST 2003
On Fri, Dec 19, 2003 at 09:38:29PM -0600, Frank Knobbe wrote:
> That's ridiculous. SMB alerts (like SNMP alerts) are a single UDP
> packet. Database stuff taxes the system much more. Will spo_database be
> removed in favor of Barnyard as well? Perhaps we should remove all
> non-filesystem plugins..... geesh....
The SMB packets were not generated by snort. They were generated by
executing smbclient after building a complicated commandline string.
More information about the Snort-users