Re: [Snort-users] Smb output

--=-ec8KPfl5j6MXX5VgIAHH
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2004-07-21 at 16:24, Michael Sconzo wrote:
> The slow(er) part is having the nmblookup take IP -> NetBIOS name
> then using that with smbclient to generate the WinPopUp message.
> Maybe I'm doing it a broken way...that's what I have now tho.
>=20
> So you lose 'time' by calling multiple external programs and waiting
> for them to return.

As I said, looks like the output plugin could be optimized where the
admin supplies not only the IP address but also the NetBIOS name of the
system to be contacted. All Snort would need to do is populate a UDP
packet and throw it on the wire (without calling smbclient).


Regards,
Frank


--=-ec8KPfl5j6MXX5VgIAHH
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBA/uZNJjGc5ftAw8wRAnamAKDk+A1eL5L+M234yuvjBLmbp45FiQC g4XIO
/QMU/JLu0/et+EtAm3jZFSo=
=M9b5
-----END PGP SIGNATURE-----

--=-ec8KPfl5j6MXX5VgIAHH--



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users