Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

864 messages starting Mar 24 10 and ending Feb 07 10
Date index | Thread index | Author index

akos . daniel

Tap and Hub akos . daniel (Mar 24)

Alan Brennan

deploying ClamAV with Snort IDS Alan Brennan (Feb 01)

Alberto Nicolás Gentil Otero - GenSys Telecomunicaciones

Problems! Alberto Nicolás Gentil Otero - GenSys Telecomunicaciones (Feb 02)

Alejandro Cabrera Obed

Snort for Windows: Missing/incorrect dynamic engine lib specifier. Alejandro Cabrera Obed (Mar 31)
Windows IP-less interface Alejandro Cabrera Obed (Mar 26)
Snort rules: CURRENT vs 2.8 Alejandro Cabrera Obed (Mar 31)

alessandrorguard-snortml

out of order ip fragments and frag3 alessandrorguard-snortml (Jan 14)

Alexander Novokhatsky

Re: getting "CGI error" while doing snort installation on windows 2003 Alexander Novokhatsky (Jan 19)
Re: getting "CGI error" while doing snort installation on windows 2003 Alexander Novokhatsky (Jan 20)
Sourcefire commercial IPS Alexander Novokhatsky (Jan 18)

Alex Kirk

Re: Help to run snort on linux machine Alex Kirk (Mar 02)
Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Alex Kirk (Mar 24)
Re: Snort_Inline + Carp Alex Kirk (Feb 03)
Re: "Flow:established" rules are never being fired (2.8.5.2) Alex Kirk (Jan 22)
Re: Snort dying Alex Kirk (Feb 07)
Re: Help tuning snort for performance. Alex Kirk (Feb 11)
Re: Snort 2.8.6-beta and gzip encoding Alex Kirk (Jan 19)
Re: Help to run snort on linux machine Alex Kirk (Mar 02)
Re: Links broken Alex Kirk (Feb 10)
Re: Help on fresh snort... Alex Kirk (Feb 10)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Alex Kirk (Mar 17)
Re: Improve to BACKDOOR c99shell.php command request Alex Kirk (Jan 22)
Re: Help tuning snort for performance. Alex Kirk (Feb 11)
Re: New rule 16433 - EXPLOIT Microsoft Active Directory LDAP query handling denial of service Alex Kirk (Feb 19)
Re: Snort_inline Alex Kirk (Jan 06)
Re: SID 16367 Alex Kirk (Jan 25)

Alex Tatistcheff

Re: frag3 bind_to and ipvar not working Alex Tatistcheff (Mar 13)
Re: Archiving Snort logs Alex Tatistcheff (Feb 24)
Re: Snort Host Attribute table Alex Tatistcheff (Mar 24)
Re: frag3 bind_to and ipvar not working Alex Tatistcheff (Mar 13)
This has real potential Alex Tatistcheff (Feb 26)
Re: Need help 'log to' option of the snort rule Alex Tatistcheff (Mar 26)

Andy Berryman

Re: Is there an acceptable amount of dropped packets for snort? Andy Berryman (Feb 08)
Re: Help tuning snort for performance. Andy Berryman (Feb 26)
Re: Trying to trouble shoot snort isntall. Andy Berryman (Feb 03)
Re: Hogger 0.1.3 released Andy Berryman (Mar 22)
Re: Snort not loading dynamic rules? Andy Berryman (Feb 10)
Re: How to determine which detection search method to use? Andy Berryman (Feb 09)
Re: Help tuning snort for performance. Andy Berryman (Feb 11)
Re: Can't make snort create a core file when it segfaults. Andy Berryman (Feb 08)
Re: Can't make snort create a core file when it segfaults. Andy Berryman (Feb 08)
Re: Can't make snort create a core file when it segfaults. Andy Berryman (Feb 09)
Re: Help tuning snort for performance. Andy Berryman (Feb 11)
Re: Trying to trouble shoot snort isntall. Andy Berryman (Feb 03)
Re: Snort not loading dynamic rules? Andy Berryman (Feb 10)
Snort not loading dynamic rules? Andy Berryman (Feb 10)
Is there an acceptable amount of dropped packets for snort? Andy Berryman (Feb 08)
Re: Trying to trouble shoot snort isntall. Andy Berryman (Feb 03)
Re: Snort Host Attribute table Andy Berryman (Mar 23)
Snort Host Attribute table Andy Berryman (Mar 23)
Re: Hogger 0.1.3 released Andy Berryman (Mar 23)
Question about why/when VRT rules are commented out? Andy Berryman (Feb 18)
How to determine which detection search method to use? Andy Berryman (Feb 09)
Can't make snort create a core file when it segfaults. Andy Berryman (Feb 08)
Pulled Pork over Oinkmaster? Andy Berryman (Mar 11)
Re: Hogger 0.1.3 released Andy Berryman (Mar 22)
Re: Can't make snort create a core file when it segfaults. Andy Berryman (Feb 08)
Re: Help tuning snort for performance. Andy Berryman (Feb 11)
Trying to trouble shoot snort isntall. Andy Berryman (Feb 02)
Quick question about so_rules. I tried searching first...... Andy Berryman (Mar 16)
Cannot get Snort to generate a core file at segfault Andy Berryman (Feb 04)
Re: Can't make snort create a core file when it segfaults. Andy Berryman (Feb 10)
Re: Help tuning snort for performance. Andy Berryman (Feb 11)
Re: Is there an acceptable amount of dropped packets for snort? Andy Berryman (Feb 08)
Anyone having problems with Oinkmaster getting 404 error? Andy Berryman (Mar 11)
Re: Trying to trouble shoot snort isntall. Andy Berryman (Feb 03)
Help tuning snort for performance. Andy Berryman (Feb 11)

bai haoquan

Seek help for update snort-2.6.1 to snort-2.8.5.2 bai haoquan (Mar 08)
The same GID and SID in rule duplicates previous rule in Snort-2.8.5.2 bai haoquan (Mar 10)
seek help for installation for snort2.8 bai haoquan (Jan 22)

beenph

Re: "Making Snort go fast under Linux..." beenph (Feb 24)
Re: BUG: corner case involving http_cookie beenph (Mar 09)
Re: Windows IP-less interface beenph (Mar 26)

Bob Marley

Re: Help on fresh snort... Bob Marley (Feb 10)
Help on fresh snort... Bob Marley (Feb 10)

Brad Doctor

Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Brad Doctor (Feb 26)

Brian Caswell

Re: Snort Manual - HTML? Brian Caswell (Jan 27)
Re: SO rules vs regular rules Brian Caswell (Feb 01)

Brian Lavender

rule to detect maximum duration of a connection Brian Lavender (Mar 29)

Brian Stagemeyer

Snort Brian Stagemeyer (Jan 05)

Carl

Snort Flex response layer 2 address issue Carl (Feb 02)

Chan, Wilson

Re: Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Chan, Wilson (Feb 18)
Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Chan, Wilson (Feb 17)
Re: Snort Overloading BASE? Chan, Wilson (Feb 03)
Managing Multiple Snort Sensors Chan, Wilson (Mar 31)
Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
Multiple instances of snort on the same server? Chan, Wilson (Feb 03)
Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
Re: "Making Snort go fast under Linux..." Chan, Wilson (Feb 24)
Re: Managing Multiple Snort Sensors Chan, Wilson (Mar 31)
Re: Multiple snorts on its own cpu core? Chan, Wilson (Mar 18)
Multiple snorts on its own cpu core? Chan, Wilson (Mar 17)

chris . kniseley

Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 chris . kniseley (Feb 26)

CoryC

Rules MD5 Hash CoryC (Mar 01)

Crook, Parker

Re: HTTP preprocessor and POST data Crook, Parker (Mar 26)
Re: Snort Host Attribute table Crook, Parker (Mar 25)
Re: host attribute table - feature request Crook, Parker (Mar 22)
Re: Hogger 0.1.3 released Crook, Parker (Mar 22)
Re: whitelist rule to 1 ip? Crook, Parker (Mar 03)
Re: snort on OSSIM Crook, Parker (Mar 17)
Re: Snort & Barnyard init.d script for Debian Crook, Parker (Mar 19)
Snort & Barnyard init.d script for Debian Crook, Parker (Mar 19)
Re: HTTP preprocessor and POST data Crook, Parker (Mar 25)
Re: HTTP preprocessor and POST data Crook, Parker (Mar 26)
host attribute table - feature request Crook, Parker (Mar 22)
Re: Tap and Hub Crook, Parker (Mar 24)
Re: snort on OSSIM Crook, Parker (Mar 16)
Re: Hogger 0.1.3 released Crook, Parker (Mar 23)
Re: snort on OSSIM Crook, Parker (Mar 16)
Re: Hogger 0.1.3 released Crook, Parker (Mar 22)
Re: snort on OSSIM Crook, Parker (Mar 16)
Re: host attribute table - feature request Crook, Parker (Mar 22)
Re: This has real potential Crook, Parker (Feb 26)
Re: snort on OSSIM Crook, Parker (Mar 16)
Re: "Making Snort go fast under Linux..." Crook, Parker (Feb 24)
Hogger 0.1.3 released Crook, Parker (Mar 10)
Re: host attribute table - feature request Crook, Parker (Mar 22)
Re: whitelist rule to 1 ip? Crook, Parker (Mar 03)
Re: snort on OSSIM Crook, Parker (Mar 17)

Curt Shaffer

Re: PCRE and uricontent anchor Curt Shaffer (Mar 26)
PCRE and uricontent anchor Curt Shaffer (Mar 26)
Re: PCRE and uricontent anchor Curt Shaffer (Mar 26)
Multi Flow Alert Curt Shaffer (Jan 13)
Re: PCRE and uricontent anchor Curt Shaffer (Mar 26)

Dan Weber

compiling with --enable-inline impacts non-inline sniffing Dan Weber (Mar 30)
"Flow:established" rules are never being fired (2.8.5.2) Dan Weber (Jan 22)
Re: "Flow:established" rules are never being fired (2.8.5.2) Dan Weber (Jan 22)

David Alanis

Re: Which OS to choose for SNORT? (need help) David Alanis (Jan 07)
Re: Which OS to choose for SNORT? (need help) David Alanis (Jan 07)

David Guimaraes

Re: [Emerging-Sigs] VRT Release 2010-02-23 uses "detection_filter" David Guimaraes (Mar 27)

David Gullett

Snort Report 2.0 Beta David Gullett (Mar 08)
Snort 2.8.5 on Ubuntu 8.04 LTS Installation Guide David Gullett (Feb 22)

David Kingsly

error message snort-2.8.5.2 David Kingsly (Jan 02)
Sourcefire 3D David Kingsly (Feb 19)

David . R . Wharton

Re: Have I lost my mind? David . R . Wharton (Jan 13)

D. Hofstee

Tap and Hub D. Hofstee (Mar 24)

Dimitri Syuoul

Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
Re: evaluating snort, can snort do this? commercial support? Dimitri Syuoul (Jan 19)
evaluating snort, can snort do this? commercial support? Dimitri Syuoul (Jan 12)

Dirk Geschke

Re: Strange Alert Dirk Geschke (Feb 10)
Re: Can't make snort create a core file when it segfaults. Dirk Geschke (Feb 09)

Dirk Maarten van Duijn

[Snort devel] Storing Packet data Dirk Maarten van Duijn (Mar 17)

Document Retention

massive amounts of "duplicate previous rule. Ignoring old rule" Document Retention (Mar 05)
2.8.6 Document Retention (Feb 09)
SID 16367 Document Retention (Jan 25)
Re: 2.8.6 Document Retention (Feb 09)

Edin Dizdarevic

Re: Is there an acceptable amount of dropped packets for snort? Edin Dizdarevic (Feb 08)

Edward Bjarte Fjellskål

Re: "Making Snort go fast under Linux..." Edward Bjarte Fjellskål (Feb 24)
Re: HTTP port statistics Edward Bjarte Fjellskål (Mar 30)
"Making Snort go fast under Linux..." Edward Bjarte Fjellskål (Feb 24)
Re: Backports for Ubuntu 8.10 Edward Bjarte Fjellskål (Jan 08)
Re: Multiple snorts on its own cpu core? Edward Bjarte Fjellskål (Mar 19)
Re: This has real potential Edward Bjarte Fjellskål (Feb 26)
Re: Backports for Ubuntu 8.10 Edward Bjarte Fjellskål (Jan 08)
Re: Hogger 0.1.3 released Edward Bjarte Fjellskål (Mar 23)
Re: Multiple snorts on its own cpu core? Edward Bjarte Fjellskål (Mar 18)

Eoin Miller

Compiling Dynamic Rules - Web-ActiveX/Web-IIS/SQL/Multimedia Fail Eoin Miller (Jan 28)
Re: Tap and Hub Eoin Miller (Mar 24)
Re: Help tuning snort for performance. Eoin Miller (Feb 11)
Re: Snort does not deamonize Eoin Miller (Jan 28)
Re: Tap and Hub Eoin Miller (Mar 24)
Re: Compiling Dynamic Rules - Web-ActiveX/Web-IIS/SQL/Multimedia Fail Eoin Miller (Jan 28)
Re: Multiple snorts on its own cpu core? Eoin Miller (Mar 17)

evejou

Re: PCRE and uricontent anchor evejou (Mar 26)

evilghost () packetmail net

Re: Have I lost my mind? evilghost () packetmail net (Jan 13)
Re: Being killed by poor IE rules. evilghost () packetmail net (Jan 27)
Errors with the Snort manual evilghost () packetmail net (Feb 18)
Who is Barny Retch? evilghost () packetmail net (Feb 23)
Re: GID3 SID16408 False Positives evilghost () packetmail net (Feb 09)
Re: GID3 SID16408 False Positives evilghost () packetmail net (Feb 09)
Propose retire of SID 5320 evilghost () packetmail net (Jan 05)
Re: PCRE and uricontent anchor evilghost () packetmail net (Mar 26)
Re: Confessions of a SourceFire Troll evilghost () packetmail net (Jan 29)
Re: Errors in the Snort manual evilghost () packetmail net (Mar 19)
Re: [Emerging-Sigs] Errors with the Snort manual evilghost () packetmail net (Feb 18)
Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 evilghost () packetmail net (Mar 23)
Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 evilghost () packetmail net (Mar 23)
Re: Being killed by poor IE rules. evilghost () packetmail net (Jan 27)
Re: VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 24)
Re: VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 26)
Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 evilghost () packetmail net (Feb 26)
Re: PCRE and uricontent anchor evilghost () packetmail net (Mar 26)
Re: GID3 SID16408 False Positives evilghost () packetmail net (Feb 10)
Re: [Emerging-Sigs] Errors with the Snort manual evilghost () packetmail net (Feb 18)
Re: Downloading older versions of snort evilghost () packetmail net (Jan 15)
Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 evilghost () packetmail net (Mar 24)
Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 evilghost () packetmail net (Feb 26)
Re: [Emerging-Sigs] Surprised by snort classtype. evilghost () packetmail net (Jan 19)
VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 24)
Re: PCRE and uricontent anchor evilghost () packetmail net (Mar 26)
Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 evilghost () packetmail net (Mar 23)
Re: [Emerging-Sigs] Errors with the Snort manual evilghost () packetmail net (Feb 18)
Re: Errors in the Snort manual evilghost () packetmail net (Mar 19)
Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 evilghost () packetmail net (Mar 24)
GID3 SID16408 False Positives evilghost () packetmail net (Feb 09)

Fábio Ferrão

Barnyard2 + Snort Fábio Ferrão (Mar 25)
Snort_Inline + Carp Fábio Ferrão (Feb 03)
How to disable /var/log/snort/alert? Fábio Ferrão (Mar 23)
Snort_inline Fábio Ferrão (Jan 06)
Re: Snort_Inline + Carp Fábio Ferrão (Feb 04)
Barnyard2 + snort Fábio Ferrão (Mar 25)
Re: Barnyard2 + Snort Fábio Ferrão (Mar 26)
Links broken Fábio Ferrão (Feb 10)

Finney Charles E

Re: PCRE and uricontent anchor Finney Charles E (Mar 26)

firnsy

Re: Which OS to choose for SNORT? (need help) firnsy (Jan 08)
Re: Archiving Snort logs firnsy (Feb 23)
Re: problems with using barnyard 2-1.2 firnsy (Mar 30)

Frank Knobbe

Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Frank Knobbe (Mar 24)
Re: Snort Manual - HTML? Frank Knobbe (Jan 18)
Re: Snort Manual - HTML? Frank Knobbe (Jan 18)
Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 Frank Knobbe (Mar 23)
Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 Frank Knobbe (Mar 23)
Re: Which OS to choose for SNORT? (need help) Frank Knobbe (Jan 18)
Re: Which OS to choose for SNORT? (need help) Frank Knobbe (Jan 18)

Franklin Jones

snort.conf "detection engine" Franklin Jones (Mar 30)

Galley, Daniel

Help interpreting snort statistics Galley, Daniel (Mar 24)

George Yunaev

Re: Content rule matches on PCAP but does not match when snort listens George Yunaev (Jan 13)
Content rule matches on PCAP but does not match when snort listens George Yunaev (Jan 13)
Re: "Flow:established" rules are never being fired (2.8.5.2) George Yunaev (Jan 22)
Re: Content rule matches on PCAP but does not match when snort listens George Yunaev (Jan 13)

Greg Cope

Any using snort on solaris 10 with zones Greg Cope (Mar 20)

Guise McAllaster

More poorly performing GID 3 rules.... Guise McAllaster (Feb 03)
Re: More poorly performing GID 3 rules.... Guise McAllaster (Feb 03)
Being killed by poor IE rules... Guise McAllaster (Jan 26)
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
Re: Matching PCRE Guise McAllaster (Jan 19)
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
Re: Introduction to Shared Object Rules blog post Guise McAllaster (Feb 05)
Microsoft Windows ShellExecute and IE7 url handling code execution Guise McAllaster (Jan 08)
Re: Matching PCRE Guise McAllaster (Jan 19)
Re: Being killed by poor IE rules... Guise McAllaster (Jan 27)
Improve to BACKDOOR c99shell.php command request Guise McAllaster (Jan 21)
Re: Generic SQL injection false positives Guise McAllaster (Jan 27)
Re: Snort-sigs Digest, Vol 45, Issue 10 - Rules Update Link. Guise McAllaster (Feb 26)
Surprised by snort classtype... Guise McAllaster (Jan 19)
SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
Re: Microsoft Windows ShellExecute and IE7 url handling code execution Guise McAllaster (Jan 14)
Re: Generic SQL injection false positives Guise McAllaster (Jan 27)
Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Guise McAllaster (Feb 26)
Confessions of a SourceFire Troll Guise McAllaster (Jan 29)

Gustav Koller

Snort 3 beta: Unable to load analyzer module "/usr/local/lib/snort/snort.so" Gustav Koller (Mar 15)

Hafez Kamal

[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released Hafez Kamal (Mar 14)
[HITB-Announce] HITBSecConf2009 - Malaysia Videos Released! Hafez Kamal (Mar 22)
[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released Hafez Kamal (Mar 14)
[HITB-Announce] HITBSecConf2009 - Malaysia Videos Released! Hafez Kamal (Mar 22)
[HITB-Announce] HITBSecConf2009 - Malaysia Videos Released! *Correction* Hafez Kamal (Mar 23)
[HITB-Announce] HITBSecConf2009 - Malaysia Videos Released! *Correction* Hafez Kamal (Mar 23)

Helmut Schneider

Snort does not deamonize Helmut Schneider (Jan 27)
Re: Snort does not deamonize Helmut Schneider (Jan 28)
Re: Snort does not deamonize Helmut Schneider (Jan 28)

infosec posts

Barnyard Not Outputting to Syslog infosec posts (Feb 04)

James Chase

Snort Overloading BASE? James Chase (Jan 20)
Re: Snort Overloading BASE? James Chase (Jan 20)

James Lay

How many ports is considered a portsweep/portscan? James Lay (Mar 18)
Re: How many ports is considered a portsweep/portscan? James Lay (Mar 18)

Jason Brvenik

Re: Is there an acceptable amount of dropped packets for snort? Jason Brvenik (Feb 08)
Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Jason Brvenik (Jan 23)
Re: Can't make snort create a core file when it segfaults. Jason Brvenik (Feb 08)
Re: Can't make snort create a core file when it segfaults. Jason Brvenik (Feb 08)

Jason Haar

Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Jason Haar (Jan 23)
Re: deploying ClamAV with Snort IDS Jason Haar (Feb 01)
Re: Unusual Snort performance stats Jason Haar (Feb 22)
Re: Snort in front of WAF or behind? Jason Haar (Feb 02)
Re: Have I lost my mind? Jason Haar (Jan 21)
Re: evaluating snort, can snort do this? commercial support? Jason Haar (Jan 21)

Jason Wallace

Re: Trying to trouble shoot snort isntall. Jason Wallace (Feb 03)
Re: Slackware 13.0 x86 / Snort 2.8.5.2 make error Jason Wallace (Jan 06)
Re: Snort Host Attribute table Jason Wallace (Mar 25)
Re: Snort Host Attribute table Jason Wallace (Mar 24)
Re: Snort dying Jason Wallace (Feb 08)
Re: Slackware 13.0 x86 / Snort 2.8.5.2 make error Jason Wallace (Jan 06)
SID:1112 Jason Wallace (Mar 31)
Re: Is there an acceptable amount of dropped packets for snort? Jason Wallace (Feb 09)
Re: snort.conf "detection engine" Jason Wallace (Mar 31)
Note to Snort users using Gentoo Linux Jason Wallace (Mar 25)
Re: How to determine which detection search method to use? Jason Wallace (Feb 09)
Re: Errors in the Snort manual Jason Wallace (Mar 19)
Re: Snort Host Attribute table Jason Wallace (Mar 25)
Re: Barnyard2 + snort Jason Wallace (Mar 25)
Re: Snort Host Attribute table Jason Wallace (Mar 25)
Request for Reverse Proxy Guidance Jason Wallace (Mar 31)

Jay Hall

Re: Snort Logging Question Jay Hall (Feb 12)
Snort Logging Question Jay Hall (Feb 12)

Jefferson, Shawn

Re: Hogger 0.1.3 released Jefferson, Shawn (Mar 23)
Re: Links broken Jefferson, Shawn (Feb 23)
Re: Links broken Jefferson, Shawn (Feb 23)
Re: Links broken Jefferson, Shawn (Feb 23)
Re: Barnyard Not Outputting to Syslog Jefferson, Shawn (Feb 04)
Snort in front of WAF or behind? Jefferson, Shawn (Feb 02)
Nmap scan causes X1msgs logs to grow quickly Jefferson, Shawn (Mar 23)
Re: Hogger 0.1.3 released Jefferson, Shawn (Mar 23)

Jeff Kell

Re: VRT Release 2010-02-23 uses "detection_filter" Jeff Kell (Feb 24)

Jeff Nathan

Re: Snort Flex response layer 2 address issue Jeff Nathan (Feb 03)
Re: so_rules broken makefile or bad tarball Jeff Nathan (Jan 27)
so_rules broken makefile or bad tarball Jeff Nathan (Jan 13)

Jens Link

Strange Alert Jens Link (Feb 10)
Re: Strange Alert Jens Link (Feb 10)
Re: Strange Alert Jens Link (Feb 10)

JJ Cummings

Re: http rule is not always triggering JJ Cummings (Feb 16)
Re: Being killed by poor IE rules. JJ Cummings (Jan 27)
Re: Snort Host Attribute table JJ Cummings (Mar 23)
Re: Unable to configure unified2 output JJ Cummings (Mar 31)
Re: Is there an acceptable amount of dropped packets for snort? JJ Cummings (Feb 08)
Re: New to Snort; Unable to download VRT Certified Rules JJ Cummings (Feb 07)
Re: More poorly performing GID 3 rules.... JJ Cummings (Feb 03)
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS JJ Cummings (Jan 13)
Re: Unable to configure unified2 output JJ Cummings (Mar 31)
New version of pulledpork released 0.4.0 the Drunken Leprechaun! JJ Cummings (Mar 26)
Re: Is there an acceptable amount of dropped packets for snort? JJ Cummings (Feb 08)
Re: Question about why/when VRT rules are commented out? JJ Cummings (Feb 18)
Re: Rules MD5 Hash JJ Cummings (Mar 01)
Re: Precompiled rules for 2.8.5.2 in tarball? JJ Cummings (Jan 29)
Re: Being killed by poor IE rules. JJ Cummings (Jan 27)
Re: Pulled Pork over Oinkmaster? JJ Cummings (Mar 11)

Joel Ebrahimi

Re: Older Snort Downloads Joel Ebrahimi (Mar 29)
Older Snort Downloads Joel Ebrahimi (Mar 29)

Joel Esler

Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Joel Esler (Mar 23)
Re: Which OS to choose for SNORT? (need help) Joel Esler (Jan 07)
Re: Quick question about so_rules. I tried searching first...... Joel Esler (Mar 16)
Re: Backports for Ubuntu 8.10 Joel Esler (Jan 08)
Re: Snort not loading dynamic rules? Joel Esler (Feb 10)
Re: Multiple instances of snort on the same server? Joel Esler (Feb 04)
Re: Have I lost my mind? Joel Esler (Jan 13)
Re: Snort Overloading BASE? Joel Esler (Jan 20)
Re: Have I lost my mind? Joel Esler (Jan 13)
Re: Seek help for update snort-2.6.1 to snort-2.8.5.2 Joel Esler (Mar 08)
Re: Is there an acceptable amount of dropped packets for snort? Joel Esler (Feb 08)
Re: How to determine which detection search method to use? Joel Esler (Feb 09)
Re: Hogger 0.1.3 released Joel Esler (Mar 23)
Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Joel Esler (Mar 24)
Re: PCRE and uricontent anchor Joel Esler (Mar 26)
Re: PCRE and uricontent anchor Joel Esler (Mar 26)
Re: Help interpreting snort statistics Joel Esler (Mar 25)
Re: 2.8.6 Joel Esler (Feb 09)
Re: snort on OSSIM Joel Esler (Mar 16)
Re: Help tuning snort for performance. Joel Esler (Feb 11)
Re: Question about rules Joel Esler (Jan 27)
Re: Snort Logging Question Joel Esler (Feb 12)
Re: New to Snort; Unable to download VRT Certified Rules Joel Esler (Feb 08)
Re: Snort Host Attribute table Joel Esler (Mar 25)
Re: [Emerging-Sigs] Errors with the Snort manual Joel Esler (Feb 18)
Re: Errors in the Snort manual Joel Esler (Mar 19)
Re: Which OS to choose for SNORT? (need help) Joel Esler (Jan 07)
Re: host attribute table - feature request Joel Esler (Mar 22)
Re: Help tuning snort for performance. Joel Esler (Feb 11)
Re: Archiving Snort logs Joel Esler (Feb 23)
Re: Sourcefire 3D Joel Esler (Feb 19)
Re: [Emerging-Sigs] Errors with the Snort manual Joel Esler (Feb 18)
Fwd: [Snort-users] host attribute table - feature request Joel Esler (Mar 22)
Re: Matching PCRE Joel Esler (Jan 19)
Re: Signature question Joel Esler (Feb 04)
Re: The same GID and SID in rule duplicates previous rule in Snort-2.8.5.2 Joel Esler (Mar 10)
Re: Snort not loading dynamic rules? Joel Esler (Feb 10)
Re: [Emerging-Sigs] Errors with the Snort manual Joel Esler (Feb 18)
Re: Which OS to choose for SNORT? (need help) Joel Esler (Jan 07)
Re: snort on OSSIM Joel Esler (Mar 16)
Re: whitelist rule to 1 ip? Joel Esler (Mar 03)
Re: host attribute table - feature request Joel Esler (Mar 22)
Re: PCRE and uricontent anchor Joel Esler (Mar 26)
Re: frag3 bind_to and ipvar not working Joel Esler (Mar 13)
Re: SMTP rule "Access Denied for Mail Relay" Joel Esler (Jan 01)
Re: Sourcefire 3D Joel Esler (Feb 19)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Joel Esler (Mar 23)
Re: IDS and IPS simultaneously? Joel Esler (Jan 26)
Re: Archiving Snort logs Joel Esler (Feb 24)
Re: Snort in front of WAF or behind? Joel Esler (Feb 02)
Re: PCRE and uricontent anchor Joel Esler (Mar 26)
Re: More Snort manual errors.... Joel Esler (Mar 17)
Re: Help tuning snort for performance. Joel Esler (Feb 26)
Re: GID3 SID16408 False Positives Joel Esler (Feb 09)
Re: GID3 SID16408 False Positives Joel Esler (Feb 09)
Re: How many ports is considered a portsweep/portscan? Joel Esler (Mar 24)
Re: Unable to run Snort in IPS mode Joel Esler (Feb 22)
Re: SO rules vs regular rules Joel Esler (Feb 01)
Re: Help tuning snort for performance. Joel Esler (Feb 11)
Re: [Emerging-Sigs] Errors with the Snort manual Joel Esler (Feb 18)
Re: snort.conf "detection engine" Joel Esler (Mar 30)
Re: PCRE and uricontent anchor Joel Esler (Mar 26)
Re: Hogger 0.1.3 released Joel Esler (Mar 23)
Re: Snort-users Digest, Vol 46, Issue 32 Joel Esler (Mar 25)
Re: [Emerging-Sigs] Errors with the Snort manual Joel Esler (Feb 18)
Re: Being killed by poor IE rules... Joel Esler (Jan 27)
Re: Help on fresh snort... Joel Esler (Feb 10)
Re: Is there an acceptable amount of dropped packets for snort? Joel Esler (Feb 08)
Re: Snort dying Joel Esler (Feb 07)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Joel Esler (Mar 23)
Re: Errors with Windows .conf Joel Esler (Feb 18)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Joel Esler (Mar 23)
Re: Snort not loading dynamic rules? Joel Esler (Feb 10)
Re: Snort Host Attribute table Joel Esler (Mar 25)
Re: issue of installing Snort_2.8.4.1 and Barnyard2 in Ubunto 9.10 Joel Esler (Mar 03)
Re: PCRE and uricontent anchor Joel Esler (Mar 26)
Re: Errors in the Snort manual Joel Esler (Mar 19)
Fwd: Sourcefire 3D Joel Esler (Feb 19)
Re: out of order ip fragments and frag3 Joel Esler (Jan 14)
Re: How many ports is considered a portsweep/portscan? Joel Esler (Mar 24)
Re: Snort 2.8.6 Joel Esler (Feb 09)
Re: Snort Manual - HTML? Joel Esler (Jan 18)
Re: Snort 2.8.6 Joel Esler (Feb 09)
Re: Help interpreting snort statistics Joel Esler (Mar 24)
Re: Help tuning snort for performance. Joel Esler (Feb 11)
Re: Metadata field in rules to identify target? Joel Esler (Feb 19)
Re: Help tuning snort for performance. Joel Esler (Feb 11)
Re: [Emerging-Sigs] Errors with the Snort manual Joel Esler (Feb 18)
Re: HTTP port statistics Joel Esler (Mar 30)
Re: Quick question about so_rules. I tried searching first...... Joel Esler (Mar 16)
Re: remotely accessing BASE Joel Esler (Mar 11)
Re: Snort 2.8.6 Joel Esler (Feb 09)
Re: Which OS to choose for SNORT? (need help) Joel Esler (Jan 07)
Re: massive amounts of "duplicate previous rule. Ignoring old rule" Joel Esler (Mar 05)
Re: 2.8.6 Joel Esler (Feb 09)
Re: Hogger 0.1.3 released Joel Esler (Mar 23)

John Gay

Re: Strange Alert John Gay (Feb 10)

Joshua Polsky

Re: Snort 2.8.6 Joshua Polsky (Feb 09)
Snort 2.8.6 Joshua Polsky (Feb 09)
Re: Snort 2.8.6 Joshua Polsky (Feb 09)

Juergen Leising

Re: Can't make snort create a core file when it segfaults. Juergen Leising (Feb 08)

Jules Pagna Disso

Re: search algorithm performance Jules Pagna Disso (Jan 25)
search algorithm performance Jules Pagna Disso (Jan 25)

Jun Wan

issue of installing Snort_2.8.4.1 and Barnyard2 in Ubunto 9.10 Jun Wan (Mar 03)
Re: issue of installing Snort_2.8.4.1 and Barnyard2 in Ubunto 9.10 Jun Wan (Mar 04)

justin joseph

Re: Archiving Snort logs justin joseph (Feb 25)

Kaushal Shriyan

Re: snort on OSSIM Kaushal Shriyan (Mar 17)
snort on OSSIM Kaushal Shriyan (Mar 16)
Re: snort on OSSIM Kaushal Shriyan (Mar 17)

Keith Butler

Re: Being killed by poor IE rules... Keith Butler (Jan 26)

Kevin Johnson

BASE 1.4.5 (lilias) released Kevin Johnson (Mar 05)

Kum Weng Luey

Can snort run on bare-metal vm or a virtual machine ? Kum Weng Luey (Mar 30)
Re: Need help with base Kum Weng Luey (Mar 26)
Need help with base Kum Weng Luey (Mar 25)

L0rd Ch0de1m0rt

Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 L0rd Ch0de1m0rt (Mar 24)
Re: Need help 'log to' option of the snort rule L0rd Ch0de1m0rt (Mar 26)
Re: PCRE and uricontent anchor L0rd Ch0de1m0rt (Mar 26)
Re: Need help 'log to' option of the snort rule L0rd Ch0de1m0rt (Mar 26)

ladytechieguruness

New to Snort; Unable to download VRT Certified Rules ladytechieguruness (Feb 07)
Re: New to Snort; Unable to download VRT Certified Rules ladytechieguruness (Feb 07)

Lee Clemens

frag3 bind_to and ipvar not working Lee Clemens (Mar 12)
Re: config quiet not working Lee Clemens (Mar 20)
Re: Snort rules: CURRENT vs 2.8 Lee Clemens (Mar 31)
Re: frag3 bind_to and ipvar not working Lee Clemens (Mar 13)
Re: frag3 bind_to and ipvar not working Lee Clemens (Mar 13)
config quiet not working Lee Clemens (Mar 20)
Re: problems with using barnyard 2-1.2 Lee Clemens (Mar 29)
Re: Tap and Hub Lee Clemens (Mar 24)
Re: FP:10995 rev3 Lee Clemens (Mar 31)

Leon Ward

Re: Snort dying Leon Ward (Feb 08)

ll

Re: Hello ll (Mar 31)
HTTP port statistics ll (Mar 30)
Re: HTTP port statistics ll (Mar 31)

Luis Daniel Lucio Quiroz

Deadline for 3.0 Luis Daniel Lucio Quiroz (Jan 18)

luismanuel . carril

Snort 2.8.6-beta and gzip encoding luismanuel . carril (Jan 14)

lynch meng

Re: stream based av and snort/Stream5 lynch meng (Mar 09)

lynch.meng

stream based av and snort/Stream5 lynch.meng (Mar 09)

Maithili Arjunwadkar

snort rule Maithili Arjunwadkar (Feb 02)

manjushree ks

Re: Need help 'log to' option of the snort rule manjushree ks (Mar 26)
Need help 'log to' option of the snort rule manjushree ks (Mar 26)
Re: Need help 'log to' option of the snort rule manjushree ks (Mar 26)

Marcos Aurelio Rodrigues

Re: Snort_inline Marcos Aurelio Rodrigues (Jan 06)

Marcos Rodriguez

Snort-sigs Digest, Vol 45, Issue 10 - Rules Update Link. Marcos Rodriguez (Feb 26)

Markus Lude

Re: issue of installing Snort_2.8.4.1 and Barnyard2 in Ubunto 9.10 Markus Lude (Mar 03)
question about InlineDrop() Markus Lude (Feb 26)

Mark W. Jeanmougin

Re: Snort_Inline + Carp Mark W. Jeanmougin (Feb 04)
Re: Is there anyone use Spirent or BreakingPoint to test Snort? Mark W. Jeanmougin (Mar 09)
Re: "Making Snort go fast under Linux..." Mark W. Jeanmougin (Feb 25)

Martin Roesch

Re: Which OS to choose for SNORT? (need help) Martin Roesch (Jan 07)
Re: config quiet not working Martin Roesch (Mar 20)
Re: config quiet not working Martin Roesch (Mar 20)
Re: Is there anyone use Spirent or BreakingPoint to test Snort? Martin Roesch (Mar 08)
Re: Older Snort Downloads Martin Roesch (Mar 29)

matthanna

centos 5 mysql and flexresp2 installation matthanna (Jan 20)
centos 5 mysql and flexresp2 installation matthanna (Jan 20)

Matt Jonkman

Suricata Development Meeting Update Matt Jonkman (Mar 04)
Re: [Emerging-Sigs] distance:0; in conjunction with uricontent/content pair. Matt Jonkman (Mar 15)
Re: BUG: corner case involving http_cookie Matt Jonkman (Mar 10)
Suricata Phase Two Planning Meeting Matt Jonkman (Feb 19)
Re: [Emerging-Sigs] Suricata IDS Available for Download! Matt Jonkman (Jan 01)
Suricata 0.8.1 Released Matt Jonkman (Feb 19)

Matt Olney

Re: host attribute table - feature request Matt Olney (Mar 22)
Re: Generic SQL injection false positives Matt Olney (Jan 27)
Re: Pulled Pork over Oinkmaster? Matt Olney (Mar 11)
Re: Snort rules: CURRENT vs 2.8 Matt Olney (Mar 31)
Re: Generic SQL injection false positives Matt Olney (Jan 26)
Re: Multi Flow Alert Matt Olney (Jan 13)
Re: [Snort-sigs] Introduction to Shared Object Rules blog post Matt Olney (Feb 04)
Re: Surprised by snort classtype... Matt Olney (Jan 19)
Re: host attribute table - feature request Matt Olney (Mar 22)
Re: SID:1112 Matt Olney (Mar 31)
Re: Microsoft Windows ShellExecute and IE7 url handling code execution Matt Olney (Jan 15)
Re: The same GID and SID in rule duplicates previous rule in Snort-2.8.5.2 Matt Olney (Mar 10)
Re: how to set proxy for oinkmaster Matt Olney (Jan 27)
Re: how to set proxy for oinkmaster Matt Olney (Jan 27)
Re: VRT Release 2010-02-23 uses "detection_filter" Matt Olney (Feb 24)
Re: How many ports is considered a portsweep/portscan? Matt Olney (Mar 18)
Re: More Snort manual errors.... Matt Olney (Mar 17)
Re: Question about rules Matt Olney (Jan 27)
Re: Generic SQL injection false positives Matt Olney (Jan 08)
Re: Updated rule sid 3192 WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt Matt Olney (Feb 24)
Re: SID:1112 Matt Olney (Mar 31)
Re: Quick question about so_rules. I tried searching first...... Matt Olney (Mar 16)
Re: More Snort manual errors.... Matt Olney (Mar 17)
Re: Pulled Pork over Oinkmaster? Matt Olney (Mar 11)
Re: Update from v2.8.5.1 to v2.8.5.3 (rpm) = FAIL Matt Olney (Feb 17)
Re: Different output options for different alerts Matt Olney (Mar 17)
Re: Content rule matches on PCAP but does not match when snort listens Matt Olney (Jan 13)
Re: Who is Barny Retch? Matt Olney (Feb 23)
Re: Signature question Matt Olney (Feb 04)
Re: Snort Host Attribute table Matt Olney (Mar 25)
Re: Matching PCRE Matt Olney (Jan 19)
Re: Being killed by poor IE rules... Matt Olney (Jan 26)
Re: Updated rule sid 3192 WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt Matt Olney (Feb 24)
Re: Rule parser rejects content matches longer than depth but doesn't for within. Matt Olney (Mar 17)
Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Matt Olney (Mar 24)
Re: Matching PCRE Matt Olney (Jan 19)
Re: snort rule Matt Olney (Feb 02)
Re: Can snort run on bare-metal vm or a virtual machine ? Matt Olney (Mar 30)
Re: HTTP port statistics Matt Olney (Mar 30)
Re: Updated rule sid 3192 WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt Matt Olney (Feb 25)
Re: Being killed by poor IE rules... Matt Olney (Jan 27)
Re: More poorly performing GID 3 rules.... Matt Olney (Feb 03)

Matt Watchinski

Re: Metadata field in rules to identify target? Matt Watchinski (Feb 19)
Re: Can't make snort create a core file when it segfaults. Matt Watchinski (Feb 08)
Re: Unusual Snort performance stats Matt Watchinski (Feb 22)
Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)
Re: FP:10995 rev3 Matt Watchinski (Mar 30)
Re: Unusual Snort performance stats Matt Watchinski (Feb 22)
Re: HTTP preprocessor and POST data Matt Watchinski (Mar 26)
Re: Trying to trouble shoot snort isntall. Matt Watchinski (Feb 03)
Re: Can't make snort create a core file when it segfaults. Matt Watchinski (Feb 08)
Re: Trying to trouble shoot snort isntall. Matt Watchinski (Feb 03)
Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)
Re: HTTP preprocessor and POST data Matt Watchinski (Mar 30)

mex

Bug in 2.8.4.1? mex (Feb 05)

Michael Steele

Re: Which OS to choose for SNORT? (need help) Michael Steele (Jan 07)
Re: how to set proxy for oinkmaster Michael Steele (Jan 27)

Mike Cox

Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Mike Cox (Mar 23)
More Snort manual errors.... Mike Cox (Mar 17)
SO rules vs regular rules Mike Cox (Jan 14)
Re: [Emerging-Sigs] Errors with the Snort manual Mike Cox (Feb 18)
Re: SO rules vs regular rules Mike Cox (Feb 03)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Mike Cox (Mar 23)
Errors in the Snort manual Mike Cox (Mar 19)
Re: SO rules vs regular rules Mike Cox (Feb 01)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Mike Cox (Mar 17)
Downloading older versions of snort Mike Cox (Jan 15)

Mike Guiterman

Re: Rules MD5 Hash Mike Guiterman (Mar 02)
Re: Snort Manual - HTML? Mike Guiterman (Jan 25)
2010 Snort Scholarship - Apply Now Mike Guiterman (Mar 17)
Follow Matt Watchinski's Video Blog From RSA Mike Guiterman (Mar 02)
Re: Links broken Mike Guiterman (Feb 23)

Mike Lococo

Re: Unable to configure unified2 output Mike Lococo (Mar 31)
Unable to configure unified2 output Mike Lococo (Mar 30)
Re: Unable to configure unified2 output Mike Lococo (Mar 31)
Re: Unable to configure unified2 output Mike Lococo (Mar 31)
Re: Unable to configure unified2 output Mike Lococo (Mar 31)
Re: snort.conf "detection engine" Mike Lococo (Mar 30)

Mike Messick

Re: http_header Mike Messick (Jan 15)
http_header Mike Messick (Jan 15)
Re: http_header ** SOLVED Mike Messick (Jan 19)

Morgan Cox

Re: whitelist rule to 1 ip? Morgan Cox (Mar 03)
whitelist rule to 1 ip? Morgan Cox (Mar 03)
Re: whitelist rule to 1 ip? Morgan Cox (Mar 03)

Nerijus Krukauskas

Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 24)
Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 24)
Re: How many ports is considered a portsweep/portscan? Nerijus Krukauskas (Mar 18)

Nick Moore

Re: How to disable /var/log/snort/alert? Nick Moore (Mar 23)
Re: Need help with base Nick Moore (Mar 26)
Re: Tap and Hub Nick Moore (Mar 24)
Re: Unable to configure unified2 output Nick Moore (Mar 31)
Re: New to Snort; Unable to download VRT Certified Rules Nick Moore (Feb 07)

Nigel Houghton

Re: Who is Barny Retch? Nigel Houghton (Feb 23)
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Nigel Houghton (Jan 13)
Re: Being killed by poor IE rules... Nigel Houghton (Jan 27)
Re: Errors with the Snort manual Nigel Houghton (Feb 18)
Re: Sourcefire commercial IPS Nigel Houghton (Jan 18)
Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Nigel Houghton (Feb 26)
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Nigel Houghton (Jan 13)
Re: Trying to trouble shoot snort isntall. Nigel Houghton (Feb 03)
Re: Unable to run Snort in IPS mode Nigel Houghton (Feb 22)
Re: Unable to run Snort in IPS mode Nigel Houghton (Feb 23)
Re: Which OS to choose for SNORT? (need help) Nigel Houghton (Jan 08)
Re: Compiling Dynamic Rules - Web-ActiveX/Web-IIS/SQL/Multimedia Fail Nigel Houghton (Jan 28)
Re: VRT Release 2010-02-23 uses "detection_filter" Nigel Houghton (Feb 24)
Re: Being killed by poor IE rules. Nigel Houghton (Jan 27)
Re: Downloading older versions of snort Nigel Houghton (Jan 15)
Re: Anyone having problems with Oinkmaster getting 404 error? Nigel Houghton (Mar 11)
Re: Strange Alert Nigel Houghton (Feb 10)
Re: just something to note about ftpbounce keyword. Nigel Houghton (Mar 18)
Re: Snort does not deamonize Nigel Houghton (Jan 27)
Re: Strange Alert Nigel Houghton (Feb 10)
Re: Rules and sensor management Nigel Houghton (Feb 08)
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Nigel Houghton (Jan 13)
Re: Unable to run Snort in IPS mode Nigel Houghton (Feb 22)

Patrick Mullen

Re: [Snort-sigs] Introduction to Shared Object Rules blog post Patrick Mullen (Feb 08)
Re: Compiling Dynamic Rules - Web-ActiveX/Web-IIS/SQL/Multimedia Fail Patrick Mullen (Feb 03)
Re: More poorly performing GID 3 rules.... Patrick Mullen (Feb 03)
Re: SO rules vs regular rules Patrick Mullen (Feb 03)
Introduction to Shared Object Rules blog post Patrick Mullen (Feb 04)

Paul Halliday

New tool: EDV Paul Halliday (Mar 06)

Paul Schmehl

Re: Have I lost my mind? Paul Schmehl (Jan 13)
Re: Archiving Snort logs Paul Schmehl (Feb 24)
Re: PCRE and normalized content Paul Schmehl (Jan 13)
Snort payload .bin files Paul Schmehl (Mar 11)
Re: PCRE and normalized content Paul Schmehl (Jan 13)
Re: Matching PCRE Paul Schmehl (Jan 19)
Re: Snort does not deamonize Paul Schmehl (Jan 27)
Have I lost my mind? Paul Schmehl (Jan 13)
Re: Matching PCRE Paul Schmehl (Jan 19)
Re: Rules and sensor management Paul Schmehl (Feb 09)
Re: Snort does not deamonize Paul Schmehl (Jan 28)
Rules and sensor management Paul Schmehl (Feb 08)
Re: Have I lost my mind? Paul Schmehl (Jan 13)
Re: problems with using barnyard 2-1.2 Paul Schmehl (Mar 29)
Re: Matching PCRE Paul Schmehl (Jan 19)
PCRE and normalized content Paul Schmehl (Jan 13)
Matching PCRE Paul Schmehl (Jan 19)
Detecting sql injection Paul Schmehl (Jan 13)

Perry, Brian

Re: More poorly performing GID 3 rules.... Perry, Brian (Feb 04)

Peter Adams

[SPAM] Diplomatic Envoy from the Carribean Islands Peter Adams (Jan 29)

phillip bailey

Re: Can snort run on bare-metal vm or a virtual machine ? phillip bailey (Mar 30)
Snorby for snort (VmWare appliance version 1.1) phillip bailey (Mar 13)
Re: port mirror with linux phillip bailey (Mar 15)

Phil Wood

snort Version 2.8.6.rc (Build 16), option -r large.pcap, ... Value too large for defined data type Phil Wood (Feb 23)

Pradeep Lamabam

remotely accessing BASE Pradeep Lamabam (Mar 11)

Priyadarsan Roy

Re: Backports for Ubuntu 8.10 Priyadarsan Roy (Jan 08)
Backports for Ubuntu 8.10 Priyadarsan Roy (Jan 08)

Randal T. Rioux

Re: Which OS to choose for SNORT? (need help) Randal T. Rioux (Jan 07)
Re: Snort_inline Randal T. Rioux (Jan 06)
Snort 2.8.5.2 on AIX 6.1 - Update Randal T. Rioux (Jan 09)
Slackware 13.0 x86 / Snort 2.8.5.2 make error Randal T. Rioux (Jan 05)
saporte () snecma fr Randal T. Rioux (Jan 06)
Re: Sourcefire 3D Randal T. Rioux (Feb 19)
Re: stream based av and snort/Stream5 Randal T. Rioux (Mar 09)
Re: Snort 2.8.5.2 on AIX 6.1 - Update Randal T. Rioux (Jan 09)
Re: Snort 2.8.5.2 on Solaris 10 (SPARC) - make error Randal T. Rioux (Jan 12)
Re: deploying ClamAV with Snort IDS Randal T. Rioux (Feb 01)
Re: Which OS to choose for SNORT? (need help) Randal T. Rioux (Jan 08)
Re: Snort Manual - HTML? Randal T. Rioux (Jan 27)
Re: Is there an acceptable amount of dropped packets for snort? Randal T. Rioux (Feb 08)
Re: "Making Snort go fast under Linux..." Randal T. Rioux (Feb 24)
Re: Snort 2.8.5.2 on AIX 6.1 - Update Randal T. Rioux (Jan 09)
Snort 2.8.5.2 on Solaris 10 (SPARC) - make error Randal T. Rioux (Jan 12)
Snort Manual - HTML? Randal T. Rioux (Jan 13)
Re: Slackware 13.0 x86 / Snort 2.8.5.2 make error Randal T. Rioux (Jan 06)

RA Operations

Aanval 5.5 (Snort & Syslog intrusion and correlation) released RA Operations (Mar 31)

Ray Caparros

Re: Can snort run on bare-metal vm or a virtual machine ? Ray Caparros (Mar 30)
Re: New to Snort; Unable to download VRT Certified Rules Ray Caparros (Feb 07)
Re: Unable to run Snort in IPS mode Ray Caparros (Feb 22)
Re: snort on OSSIM Ray Caparros (Mar 16)
Re: whitelist rule to 1 ip? Ray Caparros (Mar 03)

Red Wookie

Re: Error compiling Red Wookie (Feb 26)
Error compiling Red Wookie (Feb 26)

redwookie

IDS and IPS simultaneously? redwookie (Jan 26)
Re: Error compiling redwookie (Feb 26)

Research

Sourcefire VRT Certified Snort Rules Update 2010-01-06 Research (Jan 06)
Sourcefire VRT Certified Snort Rules Update 2010-03-10 Research (Mar 10)
Sourcefire VRT Certified Snort Rules Update 2010-01-21 Research (Jan 21)
Sourcefire VRT Certified Snort Rules Update 2010-01-12 Research (Jan 12)
Sourcefire VRT Certified Snort Rules Update 2010-03-09 Research (Mar 09)
Sourcefire VRT Certified Snort Rules Update 2010-02-09 Research (Feb 09)
Sourcefire VRT Certified Snort Rules Update 2010-01-15 Research (Jan 15)
Sourcefire VRT Certified Snort Rules Update 2010-01-26 Research (Jan 26)
Sourcefire VRT Certified Snort Rules Update 2010-03-04 Research (Mar 04)
Sourcefire VRT Certified Snort Rules Update 2010-03-17 Research (Mar 17)
Sourcefire VRT Certified Snort Rules Update 2010-03-23 Research (Mar 23)
Sourcefire VRT Certified Snort Rules Update 2010-02-23 Research (Feb 23)
Sourcefire VRT Certified Snort Rules Update 2010-02-26 Research (Feb 26)
Sourcefire VRT Certified Snort Rules Update 2010-03-30 Research (Mar 30)
Sourcefire VRT Certified Snort Rules Update 2010-02-17 Research (Feb 17)
Sourcefire VRT Certified Snort Rules Update 2010-02-25 Research (Feb 25)
Sourcefire VRT Certified Snort Rules Update 2010-01-28 Research (Jan 29)

Ricardo Barbosa

Re: Question about rules Ricardo Barbosa (Jan 27)
Re: Question about rules Ricardo Barbosa (Jan 27)
Re: Question about rules Ricardo Barbosa (Jan 27)
Re: Question about rules Ricardo Barbosa (Jan 27)
Question about rules Ricardo Barbosa (Jan 26)

Richard Bejtlich

Re: port mirror with linux Richard Bejtlich (Mar 14)
Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
Re: Tap and Hub Richard Bejtlich (Mar 26)

Richard Tyrrell

Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Feb 26)
Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Feb 18)

rmkml

Crusoe Researches offer new rule for detecting last Opera browser overflow rmkml (Mar 07)
maybe rename msg on sid 1451 ? rmkml (Jan 27)
small typo on sid 1565/web-cgi eshop.pl arbitrary commane execution attempt rmkml (Jan 27)

Rob Dixon

Re: Libnet errors Rob Dixon (Feb 23)
Libnet errors Rob Dixon (Feb 23)
Re: Which OS to choose for SNORT? (need help) Rob Dixon (Jan 07)

rob iscool

Snort.org shared object rules cause a Segmentation fault on FreeBSD 7.2 after a few packets rob iscool (Mar 09)

Rodrigo Montoro(Sp0oKeR)

Re: PCRE and normalized content Rodrigo Montoro(Sp0oKeR) (Jan 13)
Re: http_header Rodrigo Montoro(Sp0oKeR) (Jan 15)
Re: PCRE and normalized content Rodrigo Montoro(Sp0oKeR) (Jan 13)
Re: PCRE and normalized content Rodrigo Montoro(Sp0oKeR) (Jan 13)

Roman Vasilyev

libnet 1.1 Roman Vasilyev (Jan 22)

Ronny Vaningh

Re: "Making Snort go fast under Linux..." Ronny Vaningh (Feb 24)

Russ Combs

Re: Can't make snort create a core file when it segfaults. Russ Combs (Feb 10)
Re: Unable to run Snort in IPS mode Russ Combs (Feb 24)
Re: Errors in the Snort manual Russ Combs (Mar 19)
Re: Error compiling Russ Combs (Feb 26)
Re: Libnet errors Russ Combs (Feb 23)
Re: Errors in the Snort manual Russ Combs (Mar 19)
Re: UDP alerts with sneeze Russ Combs (Mar 12)
Re: Can't make snort create a core file when it segfaults. Russ Combs (Feb 10)
Re: [Snort devel] Storing Packet data Russ Combs (Mar 17)
Re: How many ports is considered a portsweep/portscan? Russ Combs (Mar 19)
Re: Unable to run Snort in IPS mode Russ Combs (Feb 25)
Re: Unable to run Snort in IPS mode Russ Combs (Feb 25)
Re: Error compiling Russ Combs (Feb 26)

Russell Fulton

Re: Managing Multiple Snort Sensors Russell Fulton (Mar 31)
Re: New to Snort; Unable to download VRT Certified Rules Russell Fulton (Feb 07)
problems with using barnyard 2-1.2 Russell Fulton (Mar 29)

Ryan Jordan

Re: Unusual Snort performance stats Ryan Jordan (Feb 22)
Re: How many ports is considered a portsweep/portscan? Ryan Jordan (Mar 24)
Re: Backports for Ubuntu 8.10 Ryan Jordan (Jan 11)
Re: seek help for installation for snort2.8 Ryan Jordan (Jan 22)
Re: host attribute table - feature request Ryan Jordan (Mar 22)
Re: seek help for installation for snort2.8 Ryan Jordan (Jan 23)
Re: search algorithm performance Ryan Jordan (Jan 25)
Re: Backports for Ubuntu 8.10 Ryan Jordan (Jan 08)
Re: New to Snort; Unable to download VRT Certified Rules Ryan Jordan (Feb 08)
Re: Snort not loading dynamic rules? Ryan Jordan (Feb 11)

Sadanand Ghagare

snort not running as service Sadanand Ghagare (Jan 25)
winsnort - getting database error while accessing main base page Sadanand Ghagare (Jan 26)
Re: Which OS to choose for SNORT? (need help) Sadanand Ghagare (Jan 08)
Winsnort giving error "Login failed for user 'base'" Sadanand Ghagare (Jan 26)
How to make snort wokring for mutliple network interfaces in Windows? Sadanand Ghagare (Feb 08)
how to set proxy for oinkmaster Sadanand Ghagare (Jan 27)
Re: Which OS to choose for SNORT? (need help) Sadanand Ghagare (Jan 07)
getting "CGI error" while doing snort installation on windows 2003 Sadanand Ghagare (Jan 19)
Which OS to choose for SNORT? (need help) Sadanand Ghagare (Jan 07)
Re: Which OS to choose for SNORT? (need help) Sadanand Ghagare (Jan 07)
Re: Which OS to choose for SNORT? (need help) Sadanand Ghagare (Jan 07)
Re: Which OS to choose for SNORT? (need help) Sadanand Ghagare (Jan 07)
Re: getting "CGI error" while doing snort installation on windows 2003 Sadanand Ghagare (Jan 20)
Re: getting "CGI error" while doing snort installation on windows 2003 Sadanand Ghagare (Jan 19)
Re: snort not running as service Sadanand Ghagare (Jan 25)
Re: getting "CGI error" while doing snort installation on windows 2003 Sadanand Ghagare (Jan 25)

Sandro guly Zaccarini

Re: VRT Release 2010-02-23 uses "detection_filter" Sandro guly Zaccarini (Feb 24)
Re: Help on fresh snort... Sandro guly Zaccarini (Feb 10)
divert socket odd behaviour Sandro guly Zaccarini (Feb 22)

Seth Art

Re: Snort not loading dynamic rules? Seth Art (Feb 12)
Re: Help tuning snort for performance. Seth Art (Feb 12)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
Re: Precompiled rules for 2.8.5.2 in tarball? Seth Art (Jan 29)
Re: Multiple instances of snort on the same server? Seth Art (Feb 04)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
Precompiled rules for 2.8.5.2 in tarball? Seth Art (Jan 29)
Re: Unable to run Snort in IPS mode Seth Art (Feb 23)

Sethsec

Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17 Sethsec (Mar 23)

Sharma, Ashish

Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
Re: Archiving Snort logs Sharma, Ashish (Feb 24)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 23)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 24)
Unable to run Snort in IPS mode Sharma, Ashish (Feb 21)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 26)
Archiving Snort logs Sharma, Ashish (Feb 23)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 24)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 25)
Re: Unable to run Snort in IPS mode Sharma, Ashish (Feb 22)

snort

Re: Barnyard2 + Snort snort (Mar 25)
Re: Barnyard2 + Snort snort (Mar 25)
Re: Barnyard2 + snort snort (Mar 25)
FP:10995 rev3 snort (Mar 30)
Re: Barnyard2 + Snort snort (Mar 25)

Snort Releases

Snort 2.8.5.3 Now Available Snort Releases (Feb 17)
Snort 2.8.5.3 Now Available Snort Releases (Feb 17)
Snort 2.8.6 RC Now Available Snort Releases (Feb 05)
Snort 2.8.6 RC Now Available Snort Releases (Feb 05)

snort user

Fnord snort user (Jan 07)
Re: TTL Evasion and Snort/Stream5 snort user (Jan 05)
Re: Rule parser rejects content matches longer than depth but doesn't for within. snort user (Mar 17)
TTL Evasion and Snort/Stream5 snort user (Jan 05)

spiffy pickle

Signature question spiffy pickle (Feb 04)

sri harsha

Help to run snort on linux machine sri harsha (Mar 02)
UDP alerts with sneeze sri harsha (Mar 11)

Steven Sturges

Re: BUG: corner case involving http_cookie Steven Sturges (Mar 10)
Re: BUG: corner case involving http_cookie Steven Sturges (Mar 15)
Re: question about InlineDrop() Steven Sturges (Feb 26)
Re: Bug in 2.8.4.1? Steven Sturges (Feb 05)
Re: Slackware 13.0 x86 / Snort 2.8.5.2 make error Steven Sturges (Jan 06)
Re: BUG: corner case involving http_cookie Steven Sturges (Mar 10)
Re: Slackware 13.0 x86 / Snort 2.8.5.2 make error Steven Sturges (Jan 06)
Re: just something to note about ftpbounce keyword. Steven Sturges (Mar 18)
Re: Snort 2.8.5.2 on AIX 6.1 - Update Steven Sturges (Jan 09)
Re: BUG: corner case involving http_cookie Steven Sturges (Mar 10)

surman .

port mirror with linux surman . (Mar 14)

Sven Wurth

Re: http rule is not always triggering Sven Wurth (Feb 17)
http rule is not always triggering Sven Wurth (Feb 16)

Tim Clarkson

Re: Rules and sensor management Tim Clarkson (Feb 09)

Todd Wease

Re: compiling with --enable-inline impacts non-inline sniffing Todd Wease (Mar 30)
Re: Slackware 13.0 x86 / Snort 2.8.5.2 make error Todd Wease (Jan 06)
Re: Snort 2.8.5.2 on Solaris 10 (SPARC) - make error Todd Wease (Jan 12)
Re: Snort 2.8.5.2 on Solaris 10 (SPARC) - make error Todd Wease (Jan 13)
Re: snort Version 2.8.6.rc (Build 16), option -r large.pcap, ... Value too large for defined data type Todd Wease (Feb 23)
Re: Have I lost my mind? Todd Wease (Jan 13)
Re: Strange Alert Todd Wease (Feb 10)
Re: Reload via Signal HUP does not work if you aren't root or are chroot Todd Wease (Jan 25)
Re: Snort does not deamonize Todd Wease (Jan 28)
Re: Unable to configure unified2 output Todd Wease (Mar 31)
Re: Have I lost my mind? Todd Wease (Jan 13)
Re: Have I lost my mind? Todd Wease (Jan 13)

Tushar Modi

Re: snort information Tushar Modi (Mar 24)
Re: Snort-users Digest, Vol 46, Issue 32 Tushar Modi (Mar 25)

Vipul M Sawant

MySQL schema sig_class - duplicate index Vipul M Sawant (Jan 05)

vishesh kumar

Hello vishesh kumar (Mar 31)

volga629

SMTP rule "Access Denied for Mail Relay" volga629 (Jan 01)
Re: SMTP rule "Access Denied for Mail Relay volga629 (Jan 01)
SMTP rule "Access Denied for Mail Relay" volga629 (Jan 01)

Williams Jon

Metadata field in rules to identify target? Williams Jon (Feb 19)

Will Metcalf

Re: BUG: corner case involving http_cookie Will Metcalf (Mar 10)
BUG: corner case involving http_cookie Will Metcalf (Mar 09)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 15)
Re: evaluating snort, can snort do this? commercial support? Will Metcalf (Jan 12)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 17)
Re: just something to note about ftpbounce keyword. Will Metcalf (Mar 17)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 10)
Re: Snort_Inline + Carp Will Metcalf (Feb 03)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 11)
Rule parser rejects content matches longer than depth but doesn't for within. Will Metcalf (Mar 17)
Re: More Snort manual errors.... Will Metcalf (Mar 17)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 23)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 24)
Re: deploying ClamAV with Snort IDS Will Metcalf (Feb 01)
Re: Rule parser rejects content matches longer than depth but doesn't for within. Will Metcalf (Mar 17)
Re: just something to note about ftpbounce keyword. Will Metcalf (Mar 18)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 10)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 23)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 24)
Re: deploying ClamAV with Snort IDS Will Metcalf (Feb 01)
Re: [Emerging-Sigs] distance:0; in conjunction with uricontent/content pair. Will Metcalf (Mar 15)
Re: Rule parser rejects content matches longer than depth but doesn't for within. Will Metcalf (Mar 17)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 15)
Re: [Emerging-Sigs] distance:0; in conjunction with uricontent/content pair. Will Metcalf (Mar 15)
Re: [Oisf-users] distance, uricontent Will Metcalf (Mar 18)
Re: Request for Reverse Proxy Guidance Will Metcalf (Mar 31)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 10)
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 23)
Re: BUG: corner case involving http_cookie Will Metcalf (Mar 10)
just something to note about ftpbounce keyword. Will Metcalf (Mar 17)
Re: [Emerging-Sigs] distance:0; in conjunction with uricontent/content pair. Will Metcalf (Mar 15)

Willst Mail

Reload via Signal HUP does not work if you aren't root or are chroot Willst Mail (Jan 25)
Unusual Snort performance stats Willst Mail (Feb 22)
Re: Unusual Snort performance stats Willst Mail (Feb 23)
Re: Managing Multiple Snort Sensors Willst Mail (Mar 31)
Snort as an anomalous behavior IDS Willst Mail (Mar 31)
Re: Snort-users Digest, Vol 45, Issue 10 Willst Mail (Feb 04)
Re: Unusual Snort performance stats Willst Mail (Feb 22)
Updated rule sid 3192 WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt Willst Mail (Feb 24)
Different output options for different alerts Willst Mail (Mar 17)
New rule 16433 - EXPLOIT Microsoft Active Directory LDAP query handling denial of service Willst Mail (Feb 18)

Xavi Garcia

Re: HTTP preprocessor and POST data Xavi Garcia (Mar 26)
Re: HTTP preprocessor and POST data Xavi Garcia (Mar 30)
HTTP preprocessor and POST data Xavi Garcia (Mar 25)
Re: HTTP preprocessor and POST data Xavi Garcia (Mar 31)
Re: HTTP preprocessor and POST data Xavi Garcia (Mar 26)
Re: HTTP preprocessor and POST data Xavi Garcia (Mar 25)

xnhp0320

Is there anyone use Spirent or BreakingPoint to test Snort? xnhp0320 (Mar 08)

Yun Zheng Hu

Possible Stream5 evasion by using very small packets Yun Zheng Hu (Mar 12)

Zakai Kinan

Re: Snort dying Zakai Kinan (Feb 09)
Re: Snort dying Zakai Kinan (Feb 09)
Snort dying Zakai Kinan (Feb 07)

Previous period

Next period