Snort mailing list archives
Re: Smb output
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 21 Jul 2004 15:42:51 -0500
On Wed, 2004-07-21 at 01:22, Nerijus Krukauskas wrote:
Smb alerting would be soooo sloooow, that snort would start dropping packets very soon and very fast.
Is that really the case? Isn't the SMB alert just a single UDP packet? If so, it would be comparable to a TCP reset packet. Does that slow Snort down that much? Perhaps the SMB plugin just needs to be optimized properly... Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Smb output Maetzky, Steffen (Extern) (Jul 20)
- Re: Smb output sekure (Jul 20)
- Re: Smb output Nerijus Krukauskas (Jul 20)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Michael Sconzo (Jul 21)
- Re: Smb output Frank Knobbe (Jul 21)
- Re: Smb output Nerijus Krukauskas (Jul 21)
- Re: Smb output Nerijus Krukauskas (Jul 20)
- Re: Smb output sekure (Jul 20)
- <Possible follow-ups>
- RE: Smb output Joshua Berry (Jul 22)
- RE: Smb output Frank Knobbe (Jul 22)