Re: [Snort-users] Smb output
This is a discussion on Re: [Snort-users] Smb output within the Snort forums, part of the System Security and Security Related category; --=-NOQuGSOOj9IltTMe7K4k Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2004-07-21 at 01:22, Nerijus Krukauskas ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-21-2004
|
|||
|
|||
Re: [Snort-users] Smb output
--=-NOQuGSOOj9IltTMe7K4k Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2004-07-21 at 01:22, Nerijus Krukauskas wrote: > Smb alerting would be soooo sloooow, that snort would start=20 > dropping packets very soon and very fast. Is that really the case? Isn't the SMB alert just a single UDP packet? If so, it would be comparable to a TCP reset packet. Does that slow Snort down that much? Perhaps the SMB plugin just needs to be optimized properly... Regards, Frank --=-NOQuGSOOj9IltTMe7K4k Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBA/tVKJjGc5ftAw8wRAvC2AJ4uyUQiWlt2r9Ozsa2BNJNgaTQTWwC dFpyO WuxMrQYDbcYuUVCy8G29umc= =2Kic -----END PGP SIGNATURE----- --=-NOQuGSOOj9IltTMe7K4k-- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
