Re: [Snort-users] Smb output

On Wed, Jul 21, 2004 at 04:55:25PM -0500, Frank Knobbe wrote:
>
> As I said, looks like the output plugin could be optimized where the
> admin supplies not only the IP address but also the NetBIOS name of the
> system to be contacted. All Snort would need to do is populate a UDP
> packet and throw it on the wire (without calling smbclient).

Ok, if you re-wrote smbclient (or at least the part that does the
WinPopUp stuff), then yes, you could probably speed it up. But
then you need to get the NetBIOS name out of something etc ... and
calling the external programs via a script or something in a low
traffic environment doesn't cause any loss, and in a high traffic/alert
environment ... that's a not of WinPopUps. All I know is I'm not
gonna volunteer to rewrite smbclient (I'm not that sadistic) [waits
for holy war to start] :)

Then that gets into duplicating work etc ... but if you or somebody
else does it, I wouldn't complain either, and would probably use it.

-=Mike

>
>
> Regards,
> Frank
>



--
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users