Snort mailing list archives

Re: smb alerts problem

From: K Anderson <freebsduser () attbi com>
Date: Fri, 13 Jun 2003 09:40:34 -0700



Gaurav Kumar wrote:

hello snort users

i  have compiled snort with smbalerts. but snort is
not sending the alerts to my wib2000 server.

following is the output from smbclient -

[root@gaurav samba]# smbclient -M  192.168.0.1


try this instead...

smbclient -M <YOUR NETBIOS NAME FOR THE COMPUTER (it is the name of thecomputer to which you want to send the msg to.)>

What is happening is there is a query going on looking for a computernamed 192.168.0.1. Do you have a computer named that? Well, you don'taccording to SMB.

Also, did you compile in the SMB stuffs in to snort? You also need tocreate a file that has the names of the systems you want to send themessages to, that's according to the docs. But I couldn't get it to workeither. But if you do get it working, then there is hope. Hope to hearabout favorable results regarding SMB alerts and snort.

added interface ip=192.168.0.254 bcast=192.168.0.255
nmask=255.255.255.0
session request failed
[root@gaurav samba]#

plz help.

=====
Gauarv Kumar
Security Analyst
E-mail - gaurav () e2-labs com

Phone - +91-40-23555942, 23556538Mobile- +91-40-31068650

e2 labs
Hyderabad
India

[This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.]





__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

smb alerts problem Gaurav Kumar (Jun 13)
- Re: smb alerts problem Joerg Weber (Jun 13)
- Re: smb alerts problem K Anderson (Jun 13)