[Snort-users] Smb output

Frank Knobbe frank at ...9761...
Wed Jul 21 14:56:08 EDT 2004


On Wed, 2004-07-21 at 16:24, Michael Sconzo wrote:
> The slow(er) part is having the nmblookup take IP -> NetBIOS name
> then using that with smbclient to generate the WinPopUp message.
> Maybe I'm doing it a broken way...that's what I have now tho.
> 
> So you lose 'time' by calling multiple external programs and waiting
> for them to return.

As I said, looks like the output plugin could be optimized where the
admin supplies not only the IP address but also the NetBIOS name of the
system to be contacted. All Snort would need to do is populate a UDP
packet and throw it on the wire (without calling smbclient).


Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040721/cf44503f/attachment.sig>


More information about the Snort-users mailing list