[Snort-users] smb alerts problem
freebsduser at ...4371...
Fri Jun 13 09:41:18 EDT 2003
Gaurav Kumar wrote:
> hello snort users
> i have compiled snort with smbalerts. but snort is
> not sending the alerts to my wib2000 server.
> following is the output from smbclient -
> [root at ...9456... samba]# smbclient -M 192.168.0.1
try this instead...
smbclient -M <YOUR NETBIOS NAME FOR THE COMPUTER (it is the name of the
computer to which you want to send the msg to.)>
What is happening is there is a query going on looking for a computer
named 192.168.0.1. Do you have a computer named that? Well, you don't
according to SMB.
Also, did you compile in the SMB stuffs in to snort? You also need to
create a file that has the names of the systems you want to send the
messages to, that's according to the docs. But I couldn't get it to work
either. But if you do get it working, then there is hope. Hope to hear
about favorable results regarding SMB alerts and snort.
> added interface ip=192.168.0.254 bcast=192.168.0.255
> session request failed
> [root at ...9456... samba]#
> plz help.
> Gauarv Kumar
> Security Analyst
> E-mail - gaurav at ...9415...
> Phone - +91-40-23555942, 23556538
> Mobile- +91-40-31068650
> e2 labs
> [This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.]
> Do you Yahoo!?
> Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
> This SF.NET email is sponsored by: eBay
> Great deals on office technology -- on eBay now! Click here:
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users