[Snort-users] Alert_SMB
This is a discussion on [Snort-users] Alert_SMB within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------=_NextPart_000_01BB_01C3A7A7.732864F0 Content-Type: text/plain; charset="iso-8859-1&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-11-2003
|
|||
|
|||
[Snort-users] Alert_SMB
This is a multi-part message in MIME format.
------=_NextPart_000_01BB_01C3A7A7.732864F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have been trying to get SMB alerts to work with my snort. I have = it running on RH9 and for testing purposes I have 1 rule file active; output alert_smb: workstation.list (which contains only my workstation) alert icmp any any -> 192.168.0.8 any (msg: "Ping!";) I can't get it to work, I feel as though I am missing something but I = don't know what. help! -Scott Elgram IT/Systems Support ------=_NextPart_000_01BB_01C3A7A7.732864F0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1264" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2> I have been trying = to get SMB=20 alerts to work with my snort. I have it running on RH9 and for = testing=20 purposes I have 1 rule file active;</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>output alert_smb: workstation.list = (which contains=20 only my workstation)</FONT></DIV> <DIV><FONT face=3DArial size=3D2>alert icmp any any -> 192.168.0.8 = any (msg:=20 "Ping!";)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I can't get it to work, I feel as = though I am=20 missing something but I don't know what. help!</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-Scott Elgram<BR>IT/Systems=20 Support<BR></FONT></DIV></BODY></HTML> ------=_NextPart_000_01BB_01C3A7A7.732864F0-- ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
