[Oisf-users] smb1/smb2
erik clark
philosnef at gmail.com
Mon Dec 11 17:46:58 UTC 2017
Is there a convenient way to do app-layer protocol alerting to see what on
the network is using smb1 and what is using smb2? I see from:
http://suricata.readthedocs.io/en/suricata-4.0.3/rules/differences-from-snort.html
- smb
- smb2 (disabled internally inside the engine)
We would like to classify all smb traffic by its version, and an app-layer
alert seems to be the best way to go about that, but I don't see how you
can alert on smb2? Just smb(1)? Thanks!
This would be a single purpose box with just those two rules on it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171211/1a308355/attachment.html>
More information about the Oisf-users
mailing list