[Snort-users] smb alerts problem

K Anderson freebsduser at ...4371...
Fri Jun 13 09:41:18 EDT 2003


Gaurav Kumar wrote:
> hello snort users
> 
> i  have compiled snort with smbalerts. but snort is
> not sending the alerts to my wib2000 server.
> 
> following is the output from smbclient -
> 
> [root at ...9456... samba]# smbclient -M  192.168.0.1

try this instead...
smbclient -M <YOUR NETBIOS NAME FOR THE COMPUTER (it is the name of the 
computer to which you want to send the msg to.)>

What is happening is there is a query going on looking for a computer 
named 192.168.0.1. Do you have a computer named that? Well, you don't 
according to SMB.

Also, did you compile in the SMB stuffs in to snort? You also need to 
create a file that has the names of the systems you want to send the 
messages to, that's according to the docs. But I couldn't get it to work 
either. But if you do get it working, then there is hope. Hope to hear 
about favorable results regarding SMB alerts and snort.


> added interface ip=192.168.0.254 bcast=192.168.0.255
> nmask=255.255.255.0
> session request failed
> [root at ...9456... samba]#
> 
> plz help.
> 
> =====
> Gauarv Kumar
> Security Analyst
> E-mail - gaurav at ...9415...
> Phone - +91-40-23555942, 23556538 
> Mobile- +91-40-31068650
> e2 labs
> Hyderabad
> India
>  
> [This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.]
> 
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
> http://calendar.yahoo.com
> 
> 
> -------------------------------------------------------
> This SF.NET email is sponsored by: eBay
> Great deals on office technology -- on eBay now! Click here:
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 






More information about the Snort-users mailing list