Snort mailing list archives
NetBios rules
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 19 Jun 2009 11:07:07 -0600
Hi,
I recently setup some rule profiling on one of my snort sensors, and I noticed these rules taking quite a bit of time:
Num SID GID Checks Matches Alerts Microsecs Avg/Check Avg/Match Avg/Nonmatch
=== === === ====== ======= ====== ===== ========= ========= ============
6 3053 1 71519 0 0 300498 4.2 0.0 4.2
7 3045 1 71519 0 0 300498 4.2 0.0 4.2
8 3057 1 71519 0 0 300498 4.2 0.0 4.2
9 3049 1 71519 0 0 300498 4.2 0.0 4.2
10 3051 1 71519 0 0 298919 4.2 0.0 4.2
11 3043 1 71519 0 0 298919 4.2 0.0 4.2
12 3055 1 71519 0 0 298919 4.2 0.0 4.2
13 3047 1 71519 0 0 298919 4.2 0.0 4.2
They all seem to be NetBIOS rules. With the new DCE2 preprocessor are these rules going to disappear (or be changed) ?
--
Shawn Jefferson, Security Analyst
British Columbia Ferry Services Inc.
Tel: (250) 978-1508
Fax: (250) 405-3533
Shawn.Jefferson () bcferries com<mailto:Shawn.Jefferson () bcferries com> | www.bcferries.com<http://www.bcferries.com>
[X]
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NetBios rules Jefferson, Shawn (Jun 19)
- Re: NetBios rules Nigel Houghton (Jun 19)
- Re: NetBios rules Jefferson, Shawn (Jun 19)
- Re: NetBios rules Nigel Houghton (Jun 19)