[Snort-users] Smb output
msconzo at ...5072...
Wed Jul 21 14:25:13 EDT 2004
The slow(er) part is having the nmblookup take IP -> NetBIOS name
then using that with smbclient to generate the WinPopUp message.
Maybe I'm doing it a broken way...that's what I have now tho.
So you lose 'time' by calling multiple external programs and waiting
for them to return.
On Wed, Jul 21, 2004 at 03:42:51PM -0500, Frank Knobbe wrote:
> On Wed, 2004-07-21 at 01:22, Nerijus Krukauskas wrote:
> > Smb alerting would be soooo sloooow, that snort would start
> > dropping packets very soon and very fast.
> Is that really the case? Isn't the SMB alert just a single UDP packet?
> If so, it would be comparable to a TCP reset packet. Does that slow
> Snort down that much? Perhaps the SMB plugin just needs to be optimized
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
More information about the Snort-users