Re: [Snort-users] Smb output

The slow(er) part is having the nmblookup take IP -> NetBIOS name
then using that with smbclient to generate the WinPopUp message.
Maybe I'm doing it a broken way...that's what I have now tho.

So you lose 'time' by calling multiple external programs and waiting
for them to return.

-=Mike


On Wed, Jul 21, 2004 at 03:42:51PM -0500, Frank Knobbe wrote:
> On Wed, 2004-07-21 at 01:22, Nerijus Krukauskas wrote:
> > Smb alerting would be soooo sloooow, that snort would start
> > dropping packets very soon and very fast.
>
> Is that really the case? Isn't the SMB alert just a single UDP packet?
> If so, it would be comparable to a TCP reset packet. Does that slow
> Snort down that much? Perhaps the SMB plugin just needs to be optimized
> properly...
>
> Regards,
> Frank
>



--
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users