Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

892 messages starting Jul 14 10 and ending Jul 16 10
Date index | Thread index | Author index

Agile Aspect

blocking outbound ports Agile Aspect (Jul 14)

Ahmed Qaisi

Re: Snort report has "No Data" Ahmed Qaisi (Aug 04)

Alan Ptak

Re: Difference between Dynamic library rules vs regular rules in snort.conf? Alan Ptak (Jul 22)

Alejandro Cabrera Obed

Re: Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 07)
Re: Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 12)
oinkmaster.pl download error Alejandro Cabrera Obed (Jul 05)
Re: Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 13)
Oinkmaster can't get rules Alejandro Cabrera Obed (Jul 07)

Alex Kirk

Re: Rule efficiency Alex Kirk (Jul 23)
Re: sid 16665 ? Alex Kirk (Jul 09)
Re: msg update for these, please? Alex Kirk (Sep 28)
Re: Rule efficiency Alex Kirk (Jul 23)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 Alex Kirk (Sep 28)
Re: snort DOS rules & DDOS rules Alex Kirk (Jul 07)
Re: msg update for these, please? Alex Kirk (Sep 28)
Re: Rule efficiency Alex Kirk (Jul 23)
Re: msg update for these, please? Alex Kirk (Sep 28)
Re: sig_id 15362 Alex Kirk (Sep 29)
Re: Rule performance profiling question Alex Kirk (Sep 15)
Re: msg update for these, please? Alex Kirk (Sep 28)
Re: Unknown rule option: 'sd_pattern' Alex Kirk (Jul 15)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Alex Kirk (Aug 11)
Re: False positive on sid:17246 Alex Kirk (Sep 15)
Re: FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 Alex Kirk (Jul 27)
Re: Rule efficiency Alex Kirk (Jul 23)
Re: msg update for these, please? Alex Kirk (Sep 28)

Alex Tatistcheff

Re: Snort Configurations Alex Tatistcheff (Sep 22)
Re: suppressing alert... Alex Tatistcheff (Sep 22)
Re: Rule efficiency Alex Tatistcheff (Sep 07)

Al MailingList

Re: [Snort-sigs] [Emerging-Sigs] VRT on Suricata Al MailingList (Jul 22)
Re: [Emerging-Sigs] [Snort-sigs] VRT on Suricata Al MailingList (Jul 22)

Anas.B

Re: Startup !!! Anas.B (Jul 14)
Startup !!! Anas.B (Jul 13)

Andres carrera

Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres carrera (Sep 17)

Andres Carrera Rivera

Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 19)
Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 14)
Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
Snort Anomaly Detection 2 Andres Carrera Rivera (Sep 16)
Snort Anomaly Detection Andres Carrera Rivera (Sep 13)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 18)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 20)
Fwd: Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)
Re: Fwd: Re: Snort Anomaly Detection Andres Carrera Rivera (Sep 17)

Andy Berryman

Re: Rule performance profiling question Andy Berryman (Sep 16)
Re: False positive on sid:17246 Andy Berryman (Sep 15)
Re: Snort home net and external net question Andy Berryman (Sep 03)
Question about downloading rules with Oinkmaster Andy Berryman (Jul 13)
Re: Performance profiling not working snort 2.8.6 Andy Berryman (Sep 15)
False positive on sid:17246 Andy Berryman (Sep 15)
Rule performance profiling question Andy Berryman (Sep 15)
More false positives on rules? Andy Berryman (Sep 16)
Snort home net and external net question Andy Berryman (Sep 03)
nmap scan settings for using with Hogger Andy Berryman (Sep 29)
Re: More false positives on rules? Andy Berryman (Sep 16)
Performance profiling not working snort 2.8.6 Andy Berryman (Sep 13)
Re: Question about downloading rules with Oinkmaster Andy Berryman (Jul 13)
Re: Performance profiling not working snort 2.8.6 Andy Berryman (Sep 13)
Re: Snort home net and external net question Andy Berryman (Sep 03)

Anthony Rees

Re: Looking for a DB. Anthony Rees (Aug 28)
Re: Snort Logging to Snort Report Anthony Rees (Aug 11)

arulgobinath emmanuel

Snort IPS mode couldn't detect the fragmented icmp packet. arulgobinath emmanuel (Jul 15)

Bamm Visscher

Re: Vlan Tagging Issue with Snort Bamm Visscher (Sep 10)

beenph

Re: Mmapped Capture on Linux beenph (Aug 12)
Re: Homebrew unified2 processing vs barnyard2 beenph (Jul 19)
Question regarding config binding configuration option. beenph (Jul 07)
Re: Homebrew unified2 processing vs barnyard2 beenph (Jul 19)
Re: Snorby SBSA beenph (Aug 27)
Re: Mmapped Capture on Linux beenph (Aug 13)
Re: Question regarding config binding configuration option. beenph (Jul 07)
Re: Mmapped Capture on Linux beenph (Aug 13)
Re: Bizarre signature beenph (Jul 21)

Bernhard Guillon

Re: Snort Anomaly Detection Bernhard Guillon (Sep 13)
Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
Re: Snort Anomaly Detection Bernhard Guillon (Sep 22)
Re: Snort Anomaly Detection Bernhard Guillon (Sep 17)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 19)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Bernhard Guillon (Sep 20)

Bhagya Bantwal

Re: base64 for http_inspect Bhagya Bantwal (Aug 02)
Re: base64 for http_inspect Bhagya Bantwal (Aug 02)
Re: file_data entry in snort manual Bhagya Bantwal (Aug 10)
Re: file_data entry in snort manual Bhagya Bantwal (Aug 10)
Re: http_* keywords Bhagya Bantwal (Aug 25)

Bill Pickens

Build Options Bill Pickens (Jul 30)

Billy Marshall

Re: pulledpork re-organizing rules? Billy Marshall (Aug 10)
pulledpork re-organizing rules? Billy Marshall (Aug 10)
snort version 2.8.6.1 with 2.8.6.0 rules Billy Marshall (Aug 10)
email test Billy Marshall (Jul 06)
Re: Linking rules in BASE Billy Marshall (Aug 24)
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Billy Marshall (Aug 26)

BlackLight

Re: Snort 2.8.6.1, "Error: Failed to find LibVersion()" while trying to develop a preprocessor module BlackLight (Jul 30)
Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module BlackLight (Jul 28)
Re: Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module BlackLight (Jul 28)

Bobby Venal

General inline question Bobby Venal (Aug 04)
Rule ID question Bobby Venal (Sep 16)

Bradlee Landis

Re: snort inline mode is not working with iptables Bradlee Landis (Sep 07)
Snort IDS Not Working Bradlee Landis (Sep 03)

Bruce A. Sanders

Re: Invitation to connect on LinkedIn Bruce A. Sanders (Jul 28)

Bryan Arenal

100% Outstanding - what does that mean? Bryan Arenal (Aug 09)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 Bryan Arenal (Sep 15)
Re: 100% Outstanding - what does that mean? Bryan Arenal (Aug 09)
Re: 100% Outstanding - what does that mean? Bryan Arenal (Aug 09)

carlopmart

Re: Recommended NFS configuration to store snort logs carlopmart (Sep 24)
Recommended NFS configuration to store snort logs carlopmart (Sep 23)
Re: Recommended NFS configuration to store snort logs carlopmart (Sep 24)

Castle, Shane

Re: Snorby SBSA Castle, Shane (Aug 27)
libtool versions and snortsam Castle, Shane (Jul 29)
Re: MP3's are evil... Searching for traffic basedupon uploaded file type... Castle, Shane (Aug 05)
Re: Recommended NFS configuration to store snort logs Castle, Shane (Sep 24)
Re: Snorby SBSA Castle, Shane (Aug 27)
preprocessor ftp_telnet_protocol: FP on spaces Castle, Shane (Sep 01)
Re: FPs on 13711-13713 Castle, Shane (Aug 27)
Re: Snort Alert [1:14782:0] Castle, Shane (Aug 26)
FPs on 13711-13713 Castle, Shane (Aug 26)

ccie 6862

[SPAM] ccie 6862 (Jul 15)

cfp

Ruxcon 2010 Final Call For Papers cfp (Aug 19)

Chamila Garusinghe

difficulity configureing libnet Chamila Garusinghe (Jul 29)
Failed to initialize dynamic preprocessor: SF_SMTP version 1.1.8 Chamila Garusinghe (Aug 03)

Chan, Wilson

Cant detect Nessus and MS Baseline scanner in Snort v2.8.6 Chan, Wilson (Jul 20)
Difference between Dynamic library rules vs regular rules in snort.conf? Chan, Wilson (Jul 21)
Re: Cant detect Nessus and MS Baseline scanner in Snort v2.8.6 Chan, Wilson (Jul 21)

Chen Chao

running snort on Chen Chao (Aug 03)

chido42

Re: acid_ag_alert empty : can't have a Graph Alert Data in Base chido42 (Jul 09)
acid_ag_alert empty : can't have a Graph Alert Data in Base chido42 (Jul 08)
Re: acid_ag_alert empty : can't have a Graph Alert Data in Base chido42 (Jul 09)

Chong Lee Poh

Alerts of ftp_telnet Chong Lee Poh (Aug 09)

Chris Eidem

Snort hangs when starting in daemon mode Chris Eidem (Jul 20)
Re: Snort hangs when starting in daemon mode Chris Eidem (Jul 20)

Chris Stevens

SMTP MS Windows Mail UNC navigation remote command execution rule #11837 Chris Stevens (Jul 04)

Christopher A. Libby

Snorby SBSA Christopher A. Libby (Aug 27)
SNORBY Web Interface - better in Firefox than IE? Christopher A. Libby (Sep 16)

CoryC

NTSUG.ORG CoryC (Jul 16)
Getting Snort version as bash variable CoryC (Aug 03)

Crook, Parker

Re: Difference between Dynamic library rules vs regular rules in snort.conf? Crook, Parker (Jul 22)
Re: Snort 2.8.6.1 Now Available Crook, Parker (Jul 23)
Re: rule download problem Crook, Parker (Jul 01)
Re: Snort 2.8.6.1 Now Available Crook, Parker (Jul 23)
Re: PortVar lookup Crook, Parker (Jul 01)
Re: [Snort-sigs] [Emerging-Sigs] VRT on Suricata Crook, Parker (Jul 22)
Re: still having download problems Crook, Parker (Jul 01)

dan (ddp)

Re: Oinkmaster can't get rules dan (ddp) (Jul 07)

Daniel Shepherd

Re: perfmonitor pre-processor issues Daniel Shepherd (Sep 30)
perfmonitor pre-processor issues Daniel Shepherd (Sep 30)

David Guimaraes

Re: Logging MAC address with snort, barnyard2 & MySQL David Guimaraes (Aug 22)
Problems with so_rules+base+barnyard2. David Guimaraes (Aug 06)

David Gullett

Re: FW: Snort report has "No Data" David Gullett (Aug 08)
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." David Gullett (Aug 26)
North Texas Snort User's Group David Gullett (Jul 15)

David Means

Re: http_uri ... where does it end? David Means (Sep 23)

Dawson,Scottie

SnortSP 3.0b3 error on make Dawson,Scottie (Jul 13)
Re: SnortSP 3.0b3 error on make Dawson,Scottie (Jul 15)

Document Retention

Snort 2.9.0 and Intel QuickAssist Document Retention (Sep 02)

Edward Bjarte Fjellskål

Re: snort installation error Edward Bjarte Fjellskål (Aug 10)

Edward Fjellskål

Re: Performance Monitor Graphing Tool Edward Fjellskål (Sep 03)
Re: Performance Monitor Graphing Tool Edward Fjellskål (Sep 02)

Eoin Miller

Re: Homebrew unified2 processing vs barnyard2 Eoin Miller (Jul 19)
Re: http_inspect claims no cookies in trafficr? Eoin Miller (Jul 12)
http_inspect - no gzip decompressed data processed? Eoin Miller (Jul 15)
Re: Performance Monitor Graphing Tool Eoin Miller (Sep 02)
http_inspect claims no cookies in trafficr? Eoin Miller (Jul 12)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Eoin Miller (Aug 10)
Re: Snort 2.8.6.1 Now Available Eoin Miller (Jul 23)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Eoin Miller (Aug 11)
Re: Snort Stats Output - Dropping 300%+ of Packets? Eoin Miller (Sep 09)
http_inspect's Configuration Effect on Signatures Eoin Miller (Jul 16)
Re: Bizarre signature Eoin Miller (Jul 21)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Eoin Miller (Aug 11)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Eoin Miller (Aug 10)
Snort Stats Output - Dropping 300%+ of Packets? Eoin Miller (Sep 09)
Re: Snort Configurations Eoin Miller (Sep 23)
http_* keywords Eoin Miller (Aug 19)
http_client_body, distance and ignoring requirement for content match? Eoin Miller (Aug 10)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 Eoin Miller (Sep 28)
Re: Sizing of a box requiring 2x10Gbps Eoin Miller (Jul 08)

Fábio Ferrão

Error Oinkmaster Fábio Ferrão (Jul 06)
Oinkmaster can't get rules Fábio Ferrão (Jul 08)

Flavian Dola

Disable a rule when another trigger Flavian Dola (Jul 15)

Florian Westphal

[RFC][DAQ] nfq: add support for unprivileged operation Florian Westphal (Aug 03)
[DAQ][PATCH 2/3] nfq: fix _acquire return value on select EINTR error Florian Westphal (Aug 03)
[DAQ][PATCH 3/3] nfq: add "queuelen" option to set nfqueue length Florian Westphal (Aug 03)
[DAQ][PATCH 1/3] fix --enable-xyz-module options Florian Westphal (Aug 03)
Re: [DAQ][PATCH 1/3] fix --enable-xyz-module options Florian Westphal (Aug 03)

Franklin Jones

Re: rule download problem Franklin Jones (Jul 01)

Fuat Yosanto

Re: Linking custom dynamic-preprocessor Fuat Yosanto (Jul 21)
Re: Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Aug 18)
Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Jul 30)
Re: Linking custom dynamic-preprocessor Fuat Yosanto (Jul 22)
Re: Linking custom dynamic-preprocessor Fuat Yosanto (Jul 22)
Re: Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Aug 23)

Gabe Alicea

Re: Snort IDS - Fault Tolerance? Gabe Alicea (Aug 02)

Garland, Ken R

Re: Startup !!! Garland, Ken R (Jul 14)
Re: Startup !!! Garland, Ken R (Jul 14)

Greg Lane

Re: Snort Configurations Greg Lane (Sep 23)
Snort Logging to Snort Report Greg Lane (Aug 11)
Re: Snort Configurations Greg Lane (Sep 23)
Re: Snort Configurations Greg Lane (Sep 22)
Re: Snort Configurations Greg Lane (Sep 23)
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Greg Lane (Aug 27)
FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Greg Lane (Aug 25)
Re: Snort Configurations Greg Lane (Sep 24)
sig_id 15362 Greg Lane (Sep 29)
Performance Monitor Graphing Tool Greg Lane (Sep 02)
FW: Snort Configurations Greg Lane (Sep 23)
Re: Snort Configurations Greg Lane (Sep 23)
Snort Configurations Greg Lane (Sep 22)
No Logging No Output No Data Greg Lane (Aug 26)
Re: Snort Configurations Greg Lane (Sep 23)

Gregory Zill

ssn_file location Gregory Zill (Aug 19)

Guillaume Blanc

Logging MAC address with snort, barnyard2 & MySQL Guillaume Blanc (Aug 20)

Hafez Kamal

[HITB-Announce] HITB2010 SIGNINT Sessions Hafez Kamal (Aug 26)
[HITB-Announce] HITB Magazine Issue 003 + HITBSecConf2010 - Amsterdam Hafez Kamal (Jul 04)
[HITB-Announce] HITB Magazine Issue 003 + HITBSecConf2010 - Amsterdam Hafez Kamal (Jul 04)
[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th Hafez Kamal (Jul 29)
[HITB-Announce] HITB2010 SIGNINT Sessions Hafez Kamal (Aug 26)
[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th Hafez Kamal (Jul 29)

Hatim Alghamdi

Re: snort inline mode is not working with iptables Hatim Alghamdi (Aug 09)

infosec posts

Re: Vlan Tagging Issue with Snort infosec posts (Sep 10)
Re: Vlan Tagging Issue with Snort infosec posts (Sep 14)
Vlan Tagging Issue with Snort infosec posts (Sep 09)
Re: Vlan Tagging Issue with Snort infosec posts (Sep 13)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 infosec posts (Sep 28)
Re: Vlan Tagging Issue with Snort infosec posts (Sep 17)
Re: Vlan Tagging Issue with Snort infosec posts (Sep 10)

Isherwood, Jeffrey - IS

Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 23)
Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 26)
Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 26)
unsubscribe Isherwood, Jeffrey - IS (Aug 10)
Rule efficiency Isherwood, Jeffrey - IS (Jul 23)
Re: MP3's are evil... Searching for traffic based upon uploaded file type... Isherwood, Jeffrey - IS (Aug 05)
Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 23)
MP3's are evil... Searching for traffic based upon uploaded file type... Isherwood, Jeffrey - IS (Aug 05)

James Lay

Bump..any news on amazoneaws.com? James Lay (Jul 07)
Re: Oinkmaster can't get rules James Lay (Jul 14)
Re: Bump..any news on amazoneaws.com? James Lay (Jul 07)
Re: Oinkmaster can't get rules James Lay (Jul 12)
RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 15)
Re: RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 16)
Re: Oinkmaster can't get rules James Lay (Jul 13)
Re: Native iPhone App for live Snort and Syslog events James Lay (Jul 15)
Re: Bump..any news on amazoneaws.com? James Lay (Jul 07)

Jamie Riden

Re: [Emerging-Sigs] [Snort-users] VRT on Suricata Jamie Riden (Jul 21)

Jason Brvenik

Re: snort inline mode is not working with iptables Jason Brvenik (Aug 07)
Re: Performance Monitor Graphing Tool Jason Brvenik (Sep 02)
Re: snort unified and unified2 log extraction Jason Brvenik (Jul 15)

Jason Haar

Re: MP3's are evil... Searching for traffic based upon uploaded file type... Jason Haar (Aug 05)
Re: Homebrew unified2 processing vs barnyard2 Jason Haar (Jul 19)
max bpf filter size? Jason Haar (Jul 18)

Jason Wallace

no_stream_inserts Jason Wallace (Jul 12)
Re: Snort home net and external net question Jason Wallace (Sep 03)
Re: Snort performance output strangeness? Jason Wallace (Jul 23)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jason Wallace (Jul 22)
Re: Performance Monitor Graphing Tool Jason Wallace (Sep 03)
http_uri ... where does it end? Jason Wallace (Sep 23)
Re: Snort performance output strangeness? Jason Wallace (Jul 20)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jason Wallace (Jul 22)
Re: Snort performance output strangeness? Jason Wallace (Jul 22)
Re: preprocessor alert Jason Wallace (Aug 04)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jason Wallace (Jul 22)

Jefferson, Shawn

Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
Re: how to disable compile-time reload option? Jefferson, Shawn (Sep 30)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jefferson, Shawn (Jul 22)
BASE and Bigfix Jefferson, Shawn (Sep 07)
Re: msg update for these, please? Jefferson, Shawn (Sep 28)
Re: msg update for these, please? Jefferson, Shawn (Sep 28)
Re: Oinkmaster can't get rules Jefferson, Shawn (Jul 19)
Re: Snorby SBSA Jefferson, Shawn (Aug 27)
Re: Snort home net and external net question Jefferson, Shawn (Sep 03)
Re: Bizarre signature Jefferson, Shawn (Jul 21)
Re: Snort 2.8.6.1 Now Available Jefferson, Shawn (Jul 23)
Rule 3:13476 direction? Jefferson, Shawn (Sep 01)
Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
Re: command line options... Jefferson, Shawn (Sep 23)
Re: threshold.conf and performance on snort Jefferson, Shawn (Jul 06)
Re: compilation problem 2.8.6 Jefferson, Shawn (Jul 09)
Re: Snort home net and external net question Jefferson, Shawn (Sep 03)
Re: rule download problem Jefferson, Shawn (Jul 02)
Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
BASE and Bigfix part 2 Jefferson, Shawn (Sep 28)
Re: Rule 3:13476 direction? Jefferson, Shawn (Sep 07)

Jens Link

Re: Unknown rule option: 'sd_pattern' Jens Link (Jul 15)
Pulledpork behind Proxy Jens Link (Jul 08)
Re: Pulledpork behind Proxy Jens Link (Jul 09)
Unknown rule option: 'sd_pattern' Jens Link (Jul 15)

Jim Mccullough

Re: Invitation to connect on LinkedIn Jim Mccullough (Jul 28)

Jimmy Crackcorn

Snort performance output strangeness? Jimmy Crackcorn (Jul 20)
Disabling TCP Timestamp is outside of PAWS window? Jimmy Crackcorn (Jul 23)
Re: Disabling TCP Timestamp is outside of PAWS window? Jimmy Crackcorn (Jul 23)
Re: Snort performance output strangeness? Jimmy Crackcorn (Jul 23)
Re: Snort performance output strangeness? Jimmy Crackcorn (Jul 22)
Re: What's the difference between the shipped snort.conf's? Jimmy Crackcorn (Jul 28)
Re: Disabling TCP Timestamp is outside of PAWS window using pulledpork? Jimmy Crackcorn (Jul 26)
What's the difference between the shipped snort.conf's? Jimmy Crackcorn (Jul 28)

JJC

Re: pulledpork re-organizing rules? JJC (Aug 10)
Re: rule download problem JJC (Jul 01)
Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) JJC (Jul 19)
Re: still having download problems JJC (Jul 01)
Re: rule download problem JJC (Jul 01)
Re: Sizing of a box requiring 2x10Gbps JJC (Jul 07)
Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem JJC (Aug 27)
Re: still having download problems JJC (Jul 01)
Re: Performance Monitor Graphing Tool JJC (Sep 02)
Re: ignore traffic from specific IP JJC (Jul 09)
Re: Oinkmaster can't get rules JJC (Jul 14)
Re: nmap scan settings for using with Hogger JJC (Sep 29)
Re: FW: Oinkmaster can t get rules JJC (Jul 28)
Re: FW: Oinkmaster can't get rules JJC (Jul 26)
Re: Recent Rule Changes JJC (Jul 01)
Re: still having download problems JJC (Jul 01)
Re: Snort Stats Output - Dropping 300%+ of Packets? JJC (Sep 09)
Re: Bump..any news on amazoneaws.com? JJC (Jul 07)
Re: Linking rules in BASE JJC (Aug 24)
Re: Pulledpork behind Proxy JJC (Jul 09)
Re: Pulledpork behind Proxy JJC (Jul 09)

JJ Cummings

Re: Homebrew unified2 processing vs barnyard2 JJ Cummings (Jul 19)
Re: Snorby SBSA JJ Cummings (Aug 27)
Re: rule download problem JJ Cummings (Jul 02)
Re: Pulledpork behind Proxy JJ Cummings (Jul 08)
Re: Performance Monitor Graphing Tool JJ Cummings (Sep 02)
Re: Problems with so_rules+base+barnyard2. JJ Cummings (Aug 06)
Re: Snort Alert [1:14782:0] JJ Cummings (Aug 26)
Re: disabled flowbits? JJ Cummings (Aug 26)
Re: Snorby SBSA JJ Cummings (Aug 27)

Joel Ebrahimi

Re: Sizing of a box requiring 2x10Gbps Joel Ebrahimi (Jul 07)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Ebrahimi (Sep 17)

Joel Esler

Re: snort hardware Joel Esler (Aug 11)
Re: What's the difference between the shipped snort.conf's? Joel Esler (Jul 28)
Re: [Emerging-Sigs] what s the real difference here? Joel Esler (Jul 13)
Re: how to create testing data files?? Joel Esler (Aug 15)
Re: pulledpork re-organizing rules? Joel Esler (Aug 10)
Re: suppressing alert... Joel Esler (Sep 22)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)
Re: Oinkmaster can't get rules Joel Esler (Jul 12)
Re: Oinkmaster can't get rules Joel Esler (Jul 07)
Re: Microsoft .lnk vulnerability Joel Esler (Jul 22)
Re: Question about downloading rules with Oinkmaster Joel Esler (Jul 13)
Re: how to create testing data files?? Joel Esler (Aug 14)
Re: Snort Configurations Joel Esler (Sep 23)
Re: North Texas Snort User's Group Joel Esler (Jul 15)
Re: perfmonitor pre-processor issues Joel Esler (Sep 30)
Re: Snort 2.8.6.1 Now Available Joel Esler (Jul 22)
Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Joel Esler (Aug 27)
Re: What's the difference between the shipped snort.conf's? Joel Esler (Jul 28)
Re: RESOLVED Re: Oinkmaster can't get rules Joel Esler (Jul 15)
Re: Snort 2.8.6.1 Now Available Joel Esler (Jul 22)
Re: utoh... 2.8.6.1 is out but what about the rules files?? Joel Esler (Jul 25)
Re: command line options... Joel Esler (Sep 25)
Re: command line options... Joel Esler (Sep 25)
Re: nmap scan settings for using with Hogger Joel Esler (Sep 29)
Re: Oinkmaster can't get rules Joel Esler (Jul 08)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)
Re: [Emerging-Sigs] what s the real difference here? Joel Esler (Jul 13)
Re: Performance Monitor Graphing Tool Joel Esler (Sep 02)
Re: Unknown rule option: 'sd_pattern' Joel Esler (Jul 15)
Re: Oinkmaster can't get rules Joel Esler (Jul 13)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 21)
Re: Failed to initialize dynamic preprocessor: SF_SMTP version 1.1.8 Joel Esler (Aug 03)
Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Joel Esler (Jul 19)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)
Re: Snort Configurations Joel Esler (Sep 23)
Re: What s the difference between the shipped snort.conf's? Joel Esler (Jul 29)
Re: [Emerging-Sigs] what s the real difference here? Joel Esler (Jul 13)
Re: Sizing of a box requiring 2x10Gbps Joel Esler (Jul 07)
Re: Invitation to connect on LinkedIn Joel Esler (Jul 27)
Re: unified2 logs are empty Joel Esler (Jul 09)
Re: specific-threats file messed up? Joel Esler (Sep 15)
Re: Rule efficiency Joel Esler (Jul 23)
Re: how to disable compile-time reload option? Joel Esler (Sep 30)
Re: base64 for http_inspect Joel Esler (Jul 30)
Re: Snort home net and external net question Joel Esler (Sep 04)
Re: Snorby SBSA Joel Esler (Aug 27)
Re: Bump..any news on amazoneaws.com? Joel Esler (Jul 07)
Re: [Emerging-Sigs] what s the real difference here? Joel Esler (Jul 13)
Re: Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module Joel Esler (Jul 28)
Re: gen-msg file Joel Esler (Jul 26)
Re: Rule performance profiling question Joel Esler (Sep 15)
Re: Snort home net and external net question Joel Esler (Sep 03)
Re: Bizarre signature Joel Esler (Jul 21)
Re: sigs Joel Esler (Aug 31)
Re: Rule performance profiling question Joel Esler (Sep 16)
Re: More false positives on rules? Joel Esler (Sep 16)
Re: compilation problem 2.8.6 Joel Esler (Jul 09)
Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
Re: Oinkmaster can't get rules Joel Esler (Jul 13)
Re: Rule performance profiling question Joel Esler (Sep 15)
Re: snort DOS rules & DDOS rules Joel Esler (Jul 07)
Re: ip address error Joel Esler (Jul 23)
Re: Startup !!! Joel Esler (Jul 14)
Re: how to disable compile-time reload option? Joel Esler (Sep 30)
Re: compilation problem 2.8.6 Joel Esler (Jul 09)
Re: Snort Configurations Joel Esler (Sep 23)
Re: snort installation error Joel Esler (Aug 10)
Re: compilation problem 2.8.6 Joel Esler (Jul 09)
Re: compilation problem 2.8.6 Joel Esler (Jul 09)
Re: Homebrew unified2 processing vs barnyard2 Joel Esler (Jul 19)
Re: Microsoft .lnk vulnerability Joel Esler (Jul 22)
Re: Snort Logging to Snort Report Joel Esler (Aug 11)
Re: Native iPhone App for live Snort and Syslog events Joel Esler (Jul 16)
Re: [Emerging-Sigs] what's the real difference here? Joel Esler (Jul 13)
Re: snort hardware Joel Esler (Aug 11)
Re: snort unified and unified2 log extraction Joel Esler (Jul 15)
Re: Snort 2.8.6.1 Now Available Joel Esler (Jul 23)
Re: gen-msg file Joel Esler (Jul 26)
Re: Build Options Joel Esler (Jul 30)
Re: Oinkmaster can't get rules Joel Esler (Jul 14)
Re: how to create testing data files?? Joel Esler (Aug 14)
Re: threshold.conf and performance on snort Joel Esler (Jul 06)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Joel Esler (Sep 21)
Re: Snort home net and external net question Joel Esler (Sep 03)
Re: Performance profiling not working snort 2.8.6 Joel Esler (Sep 13)
Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Joel Esler (Aug 27)
Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 21)
Re: suppressing alert... Joel Esler (Sep 22)
Re: Vlan Tagging Issue with Snort Joel Esler (Sep 10)
Re: gen-msg file Joel Esler (Jul 26)
Re: [Emerging-Sigs] sensitive data pre-processor Joel Esler (Sep 29)
Re: [Emerging-Sigs] what s the real difference here? Joel Esler (Jul 14)
Re: perfmonitor pre-processor issues Joel Esler (Sep 30)
Re: still having download problems Joel Esler (Jul 01)
Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
Re: Snort 2.8.6.1 Now Available Joel Esler (Jul 23)
Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
Re: gen-msg file Joel Esler (Jul 23)
Re: Snort 2.8.6.1 Now Available Joel Esler (Jul 23)
Re: snort inline mode is not working with iptables Joel Esler (Aug 09)
Re: utoh... 2.8.6.1 is out but what about the rules files?? Joel Esler (Jul 26)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 Joel Esler (Sep 28)
Re: Question about downloading rules with Oinkmaster Joel Esler (Jul 13)
Re: Bump..any news on amazoneaws.com? Joel Esler (Jul 07)
Re: snort priority Joel Esler (Jul 01)
Re: blocking outbound ports Joel Esler (Jul 14)
Re: Alerts of ftp_telnet Joel Esler (Aug 09)
Re: Rule performance profiling question Joel Esler (Sep 16)
Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)

Joe Pampel

Re: Recommended NFS configuration to store snort logs Joe Pampel (Sep 24)

Joe S

Snort configuration file location Joe S (Sep 24)

John Hally

correct rule url/IDSPM? John Hally (Jul 30)
Re: correct rule url/IDSPM? John Hally (Jul 30)

John York

Re: still having download problems John York (Jul 01)
Re: Recent Rule Changes John York (Jul 01)
still having download problems John York (Jul 01)
Microsoft .lnk vulnerability John York (Jul 22)

Jonathan Saint-Léger

Performance increase while duplicating processes Jonathan Saint-Léger (Jul 01)

José R . Cristo Almaguer

problem when starting snort José R . Cristo Almaguer (Sep 03)

Joshua . Kinard

Does 'ttl' allow less-than-or-equal and greater-than-or-equal? Joshua . Kinard (Aug 30)
Isdataat's 'rawbytes' parameter Joshua . Kinard (Aug 18)
Re: Does 'ttl' allow less-than-or-equal and greater-than-or-equal? Joshua . Kinard (Sep 02)
PCRE and the Snort-specific modifiers Joshua . Kinard (Aug 13)

JP Vossen

Re: Recent [unilateral, unannounced] Rule Changes JP Vossen (Jul 01)

JS

threshold.conf and performance on snort JS (Jul 06)
Re: threshold.conf and performance on snort JS (Jul 07)
Re: threshold.conf and performance on snort JS (Jul 07)

Jun Wan

Re: Oinkmaster can't get rules Jun Wan (Jul 25)
Re: What s the difference between the shipped snort.conf's? Jun Wan (Jul 28)
Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)
snort installation error Jun Wan (Aug 10)
FW: Oinkmaster can't get rules Jun Wan (Jul 25)
FW: Snort report has "No Data" Jun Wan (Aug 05)
Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 24)
Re: What s the difference between the shipped snort.conf's? Jun Wan (Jul 29)
Re: What's the difference between the shipped snort.conf's? Jun Wan (Jul 28)
Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 24)
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "No Data..." Jun Wan (Aug 25)
Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)
Re: Snort report has "No Data" Jun Wan (Aug 04)
Snort report has "No Data" Jun Wan (Aug 04)
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Jun Wan (Aug 26)
Re: FW: Snort 2.8.6 & Snort Report 1.3.1 with "NoData..." Jun Wan (Aug 27)
FW: BASE1.4.5 is not working properly Jun Wan (Aug 10)
Re: FW: Oinkmaster can t get rules Jun Wan (Jul 28)
FW: FW: Snort report has "No Data" Jun Wan (Aug 06)

Justin Heath

Re: 100% Outstanding - what does that mean? Justin Heath (Aug 09)

K D

Re: Homebrew unified2 processing vs barnyard2 K D (Jul 19)
Re: Homebrew unified2 processing vs barnyard2 K D (Jul 19)
Homebrew unified2 processing vs barnyard2 K D (Jul 19)

kevin huber

Developping Snort Preprocessor kevin huber (Aug 10)

KjetilR

Cannot get IDMEF logs with Snort IDMEF Plugin KjetilR (Sep 11)

Korodev

Snort 2.9 & DAQ Issues (daq_static) Korodev (Aug 18)
Re: Snort 2.9 & DAQ Issues (daq_static) Korodev (Aug 18)
Re: Rule efficiency Korodev (Jul 23)

Kum Weng Luey

unified2 logs are empty Kum Weng Luey (Jul 08)

Kungu Panda

tagged packets Kungu Panda (Jul 12)
sid 16665 ? Kungu Panda (Jul 09)

Kun, Mike

Re: Linking rules in BASE Kun, Mike (Aug 24)
Linking rules in BASE Kun, Mike (Aug 24)
Compilation problem with 2.8.6.1 Kun, Mike (Aug 11)
Bizarre signature Kun, Mike (Jul 21)
Re: Bizarre signature Kun, Mike (Jul 21)
Re: PortVar lookup Kun, Mike (Jul 01)
PortVar lookup Kun, Mike (Jul 01)
Re: Linking rules in BASE Kun, Mike (Aug 24)

Kw Luey

Re: unified2 logs are empty Kw Luey (Jul 09)

L0rd Ch0de1m0rt

Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 L0rd Ch0de1m0rt (Sep 29)
Re: FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 L0rd Ch0de1m0rt (Jul 27)
Re: report a small bug L0rd Ch0de1m0rt (Jul 09)
Re: Developping Snort Preprocessor L0rd Ch0de1m0rt (Aug 10)
Re: Developping Snort Preprocessor L0rd Ch0de1m0rt (Aug 10)

Lawrence R. Hughes, Sr.

Snort Alert [1:14782:0] Lawrence R. Hughes, Sr. (Aug 26)
snort DOS rules & DDOS rules Lawrence R. Hughes, Sr. (Jul 07)
Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Lawrence R. Hughes, Sr. (Aug 27)
Re: snort 2.8.6.1/base/ barnyard2 unified2 classification_id Lawrence R. Hughes, Sr. (Sep 02)
snort 2.8.6.1/base/ barnyard2 unified2 classification_id Lawrence R. Hughes, Sr. (Sep 02)
Problems with snort2.8.6.1 Lawrence R. Hughes, Sr. (Jul 23)
Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Lawrence R. Hughes, Sr. (Aug 27)
snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Lawrence R. Hughes, Sr. (Aug 27)

ll

Re: gen-msg file ll (Jul 26)
snort priority ll (Jul 01)
Re: gen-msg file ll (Jul 25)
Re: Segmentation fault ll (Aug 03)
Re: gen-msg file ll (Jul 26)
Re: gen-msg file ll (Jul 26)
preprocessor alert ll (Aug 04)
gen-msg file ll (Jul 23)
Segmentation fault ll (Aug 03)
Re: gen-msg file ll (Jul 26)

Marcos Rodriguez

Re: Developping Snort Preprocessor Marcos Rodriguez (Aug 10)
Re: command line options... Marcos Rodriguez (Sep 23)

Mario D. Santana

Re: Rules2C source code? Mario D. Santana (Jul 23)
Rules2C source code? Mario D. Santana (Jul 22)

Martin Roesch

Re: max bpf filter size? Martin Roesch (Jul 18)
Re: 100% Outstanding - what does that mean? Martin Roesch (Aug 09)
Re: SnortSP 3.0b3 error on make Martin Roesch (Jul 14)
Re: [Emerging-Sigs] VRT on Suricata Martin Roesch (Jul 21)

matan monitz

Snort 2.8.6.1 segfaults on freeBSD with pref_rules and suppress track by_src matan monitz (Aug 01)
Re: Snort 2.8.6.1 segfaults on freeBSD with pref_rules and suppress track by_src matan monitz (Aug 01)

Matthew Olney

Re: [Snort-sigs] [Emerging-Sigs] VRT on Suricata Matthew Olney (Jul 22)

Matthew Watchinski

Re: PCRE and the Snort-specific modifiers Matthew Watchinski (Aug 14)
Re: utoh... 2.8.6.1 is out but what about the rules files?? Matthew Watchinski (Jul 24)
Re: Disabling TCP Timestamp is outside of PAWS window? Matthew Watchinski (Jul 23)

Matt Jonkman

Re: [Emerging-Sigs] VRT on Suricata Matt Jonkman (Jul 21)
Re: [Emerging-Sigs] VRT on Suricata Matt Jonkman (Jul 22)
OISF Brainstorming Meeting -- Last Call for Seats!! Matt Jonkman (Jul 13)

Matt Olney

Re: [Emerging-Sigs] [Snort-sigs] VRT on Suricata Matt Olney (Jul 22)

Matt Watchinski

Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Matt Watchinski (Aug 11)
Re: [Emerging-Sigs] what s the real difference here? Matt Watchinski (Jul 14)
Re: Disabling TCP Timestamp is outside of PAWS window? Matt Watchinski (Jul 23)
Re: hardware doubt Matt Watchinski (Jul 23)
Re: Rules2C source code? Matt Watchinski (Jul 23)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Matt Watchinski (Aug 11)
Re: Disable a rule when another trigger Matt Watchinski (Jul 15)

mbahe_suro

Linking custom dynamic-preprocessor mbahe_suro (Jul 21)

Michael Altizer

Re: [DAQ][PATCH 1/3] fix --enable-xyz-module options Michael Altizer (Aug 03)
Re: Mmapped Capture on Linux Michael Altizer (Aug 13)
Re: [RFC][DAQ] nfq: add support for unprivileged operation Michael Altizer (Aug 03)

Mike Guiterman

Re: Recent Rule Changes Mike Guiterman (Jul 01)
Re: Recent [unilateral, unannounced] Rule Changes Mike Guiterman (Jul 01)

Mike Lococo

Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 19)
Re: Performance Monitor Graphing Tool Mike Lococo (Sep 03)
Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 20)
Performance Monitor and "Dropped Rate" Statistic Mike Lococo (Aug 12)
Re: A few questions regarding Solaris Mike Lococo (Aug 30)
Re: A few questions regarding Solaris Mike Lococo (Aug 31)
Re: A few questions regarding Solaris Mike Lococo (Aug 31)
Re: Sizing of a box requiring 2x10Gbps Mike Lococo (Jul 12)
Mmapped Capture on Linux Mike Lococo (Aug 11)
Re: Mmapped Capture on Linux Mike Lococo (Aug 12)

Nerijus Krukauskas

Re: Disable a rule when another trigger Nerijus Krukauskas (Jul 15)
Re: Performance Monitor Graphing Tool Nerijus Krukauskas (Sep 02)

netchild ccie

Re: snort inline mode is not working with iptables netchild ccie (Aug 06)
Re: snort inline mode is not working with iptables netchild ccie (Aug 06)
snort inline mode is not working with iptables netchild ccie (Aug 06)
Re: snort inline mode is not working with iptables netchild ccie (Aug 06)

Nick Moore

Re: unified2 logs are empty Nick Moore (Jul 09)
Re: snort installation error Nick Moore (Aug 10)
Re: Looking for a DB. Nick Moore (Aug 28)
Re: ignore traffic from specific IP Nick Moore (Jul 09)
Re: Cant detect Nessus and MS Baseline scanner in Snort v2.8.6 Nick Moore (Jul 20)
Re: Snort 2.8.6.1 Now Available Nick Moore (Jul 23)
Re: Snort error Nick Moore (Jul 13)

Nigel Houghton

Re: RESOLVED Re: Oinkmaster can't get rules Nigel Houghton (Jul 15)
Re: Linking rules in BASE Nigel Houghton (Aug 24)
Re: Snort 2.8.6.1 Now Available Nigel Houghton (Jul 22)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 Nigel Houghton (Sep 15)
Re: FW: Oinkmaster can't get rules Nigel Houghton (Jul 26)
Shared object rule platform changes for FreeBSD Nigel Houghton (Aug 10)
Re: Snort report has "No Data" Nigel Houghton (Aug 04)
Re: utoh... 2.8.6.1 is out but what about the rules files?? Nigel Houghton (Jul 25)
Re: Snort 2.8.6.1 Now Available Nigel Houghton (Jul 23)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 Nigel Houghton (Sep 28)
Re: Linking rules in BASE Nigel Houghton (Aug 25)
Snort 2.8.5.3 Rules EOL Nigel Houghton (Jul 27)
Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Nigel Houghton (Aug 27)
Re: Persistant URL for rules md5sum Nigel Houghton (Jul 14)
Snort 2.9 Beta rules Nigel Houghton (Aug 25)
Re: Persistant URL for rules md5sum Nigel Houghton (Jul 14)
Re: Problems with so_rules+base+barnyard2. Nigel Houghton (Aug 06)
Upcoming platform changes Nigel Houghton (Aug 23)
Re: Snort 2.8.6.1 Now Available Nigel Houghton (Jul 23)

Ninad Purohit

Invitation to connect on LinkedIn Ninad Purohit (Jul 27)

Patrick Mullen

Re: specific-threats file messed up? Patrick Mullen (Sep 15)

Paul Dokas

Re: base64 for http_inspect Paul Dokas (Aug 02)

Paul Halliday

Re: Performance Monitor Graphing Tool Paul Halliday (Sep 03)
Re: Sizing of a box requiring 2x10Gbps Paul Halliday (Jul 07)
SQueRT 0.5 Released. Paul Halliday (Sep 17)
Looking for a DB. Paul Halliday (Aug 27)
SQueRT 0.5b Released. Paul Halliday (Aug 03)

Paul Schmehl

Re: http_client_body, distance and ignoring requirement for content match? Paul Schmehl (Aug 10)
Re: Linking rules in BASE Paul Schmehl (Aug 24)
base64 for http_inspect Paul Schmehl (Jul 30)
Re: Bizarre signature Paul Schmehl (Jul 21)
Re: snort 2.8.6.1/base/ barnyard2 unified2 classification_id Paul Schmehl (Sep 03)
Re: snort 2.8.6.1/base/ barnyard2 unified2 classification_id Paul Schmehl (Sep 02)
Re: Bizarre signature Paul Schmehl (Jul 21)

Pedro Marinho

Re: hardware doubt Pedro Marinho (Jul 23)
Re: ignore traffic from specific IP Pedro Marinho (Jul 09)
ignore traffic from specific IP Pedro Marinho (Jul 09)
Re: ignore traffic from specific IP Pedro Marinho (Jul 09)
hardware doubt Pedro Marinho (Jul 23)

phillip () bailey st

Snorby Spsa 1.5 is out phillip () bailey st (Aug 30)

Pradeep Lamabam

ip address error Pradeep Lamabam (Jul 22)
ip address error Pradeep Lamabam (Jul 31)

Randal T. Rioux

Re: Snort 2.8.6.1 Now Available Randal T. Rioux (Jul 22)
Re: [Secureideas-base-devel] BASE 1.5.x and moving forward Randal T. Rioux (Aug 10)
Re: FW: BASE1.4.5 is not working properly Randal T. Rioux (Aug 13)
Re: Native iPhone App for live Snort and Syslog events Randal T. Rioux (Jul 15)
Re: unsubscribe Randal T. Rioux (Aug 10)
Re: Snort 2.8.6.1 Now Available Randal T. Rioux (Jul 23)

RA Operations

Aanval 5.6 (Snort & Syslog Console) is now available RA Operations (Jul 29)
Native iPhone App for live Snort and Syslog events RA Operations (Jul 15)

Rayne

Intel QuickAssist Technology Pattern Matching mechanism Rayne (Sep 06)

Research

Sourcefire VRT Certified Snort Rules Update 2010-07-13 Research (Jul 13)
Sourcefire VRT Certified Snort Rules Update 2010-07-22 Research (Jul 22)
Sourcefire VRT Certified Snort Rules Update 2010-09-07 Research (Sep 07)
Sourcefire VRT Certified Snort Rules Update 2010-08-10 Research (Aug 10)
Sourcefire VRT Certified Snort Rules Update 2010-09-14 Research (Sep 15)
Sourcefire VRT Certified Snort Rules Update 2010-08-12 Research (Aug 12)
Sourcefire VRT Certified Snort Rules Update 2010-08-18 Research (Aug 18)
Sourcefire VRT Certified Snort Rules Update 2010-09-27 Research (Sep 27)
Sourcefire VRT Certified Snort Rules Update 2010-07-01 Research (Jul 01)
Sourcefire VRT Certified Snort Rules Update 2010-09-10 Research (Sep 10)
Sourcefire VRT Certified Snort Rules Update 2010-09-23 Research (Sep 23)
Sourcefire VRT Certified Snort Rules Update 2010-08-25 Research (Aug 25)
Sourcefire VRT Certified Snort Rules Update 2010-09-15 Research (Sep 15)
Sourcefire VRT Certified Snort Rules Update 2010-09-09 Research (Sep 09)
Sourcefire VRT Certified Snort Rules Update 2010-09-21 Research (Sep 21)

Ricardo Barbosa

question about default behavior and reading order snort rules Ricardo Barbosa (Aug 22)

Richard Martin

ERROR: Preprocessor already registered with ID 21 Richard Martin (Aug 26)

Richard Tyrrell

Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Jul 22)

Robert Riskin

Re: A few questions regarding Solaris Robert Riskin (Aug 31)
A few questions regarding Solaris Robert Riskin (Aug 30)
Re: A few questions regarding Solaris Robert Riskin (Aug 31)

Rob MacGregor

Re: how to create testing data files?? Rob MacGregor (Aug 14)
Re: Getting Snort version as bash variable Rob MacGregor (Aug 04)

Russ Combs

Re: difficulity configureing libnet Russ Combs (Jul 30)
Re: [DAQ][PATCH 1/3] fix --enable-xyz-module options Russ Combs (Aug 09)
Re: how to create testing data files?? Russ Combs (Aug 20)
Re: 100% Outstanding - what does that mean? Russ Combs (Aug 09)
Re: Vlan Tagging Issue with Snort Russ Combs (Sep 13)
Re: compilation problem 2.8.6 Russ Combs (Jul 09)
Re: command line options... Russ Combs (Sep 23)
Re: problem when starting snort Russ Combs (Sep 03)
Re: 100% Outstanding - what does that mean? Russ Combs (Aug 09)
Re: PPPoE problem with Snort on OpenBSD 4.7. Russ Combs (Aug 09)
Re: [DAQ][PATCH 1/3] fix --enable-xyz-module options Russ Combs (Aug 03)
Re: Does 'ttl' allow less-than-or-equal and greater-than-or-equal? Russ Combs (Aug 31)
Re: Mmapped Capture on Linux Russ Combs (Aug 13)
Re: Unknown rule option: 'sd_pattern' Russ Combs (Jul 15)
Re: Snort error Russ Combs (Jul 14)
Re: Snort 2.9 & DAQ Issues (daq_static) Russ Combs (Aug 18)
Re: [DAQ][PATCH 2/3] nfq: fix _acquire return value on select EINTR error Russ Combs (Aug 09)
Re: preprocessor alert Russ Combs (Aug 04)
Re: PPPoE problem with Snort on OpenBSD 4.7. Russ Combs (Aug 09)
Re: [DAQ][PATCH 1/3] fix --enable-xyz-module options Russ Combs (Aug 03)
Re: ERROR: Preprocessor already registered with ID 21 Russ Combs (Aug 30)
Re: Sizing of a box requiring 2x10Gbps Russ Combs (Jul 08)
Re: Does 'ttl' allow less-than-or-equal and greater-than-or-equal? Russ Combs (Sep 02)
Re: snort inline mode is not working with iptables Russ Combs (Aug 06)
Re: ERROR: Preprocessor already registered with ID 21 Russ Combs (Aug 26)
Re: how to create testing data files?? Russ Combs (Aug 31)
Re: snort inline mode is not working with iptables Russ Combs (Aug 07)
Re: Vlan Tagging Issue with Snort Russ Combs (Sep 14)
Re: [DAQ][PATCH 3/3] nfq: add "queuelen" option to set nfqueue length Russ Combs (Aug 09)
Re: Snort Configurations Russ Combs (Sep 24)
Re: General inline question Russ Combs (Aug 04)
Re: Mmapped Capture on Linux Russ Combs (Aug 12)
Re: Compilation problem with 2.8.6.1 Russ Combs (Aug 11)
Re: where does snort save the data packet it has captured in the source code Russ Combs (Sep 07)
Re: Help Developing Snort "Hello World" Dynamic Preprocessor Russ Combs (Aug 16)
Re: Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module Russ Combs (Jul 28)
Re: 100% Outstanding - what does that mean? Russ Combs (Aug 09)
Re: disabled flowbits? Russ Combs (Aug 26)
Re: report a small bug Russ Combs (Jul 09)
Re: No Logging No Output No Data Russ Combs (Aug 26)
Re: command line options... Russ Combs (Sep 24)

Russell Fulton

FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606 Russell Fulton (Jul 26)
oinkmaster vs pulledpork was (Oinkmaster can't get rules) Russell Fulton (Jul 19)
Re: Sizing of a box requiring 2x10Gbps Russell Fulton (Jul 07)

Ryan Jordan

Re: Linking custom dynamic-preprocessor Ryan Jordan (Jul 22)
Re: Unknown rule option: 'sd_pattern' Ryan Jordan (Jul 15)
Re: snort inline mode is not working with iptables Ryan Jordan (Aug 06)
Re: Help Developing Snort "Hello World" Dynamic Preprocessor Ryan Jordan (Aug 18)
Re: Snort 2.8.6.1 Now Available Ryan Jordan (Jul 23)
Re: Snort performance output strangeness? Ryan Jordan (Jul 20)
Re: snort inline mode is not working with iptables Ryan Jordan (Aug 06)
Re: how to create testing data files?? Ryan Jordan (Aug 16)
Re: snort version 2.8.6.1 with 2.8.6.0 rules Ryan Jordan (Aug 10)

Safwat Fahmy

Re: Build Options Safwat Fahmy (Jul 30)
Re: Snort IDS Not Working Safwat Fahmy (Sep 03)

Sandro guly Zaccarini

Re: Snort Anomaly Detection Sandro guly Zaccarini (Sep 13)
Re: Snort 2.8.6.1 Now Available Sandro guly Zaccarini (Jul 23)

Schrodinger

Re: PPPoE problem with Snort on OpenBSD 4.7. Schrodinger (Aug 09)
PPPoE problem with Snort on OpenBSD 4.7. Schrodinger (Aug 09)

ScottO

truncated portscan alerts with unified2 output ScottO (Sep 10)

Seth Hall

License change for DAQ? Seth Hall (Aug 13)

Shaqe Wan

Re: Snort Inline incompatible libipq??? Shaqe Wan (Sep 22)

Smith, Jeff

Re: Snort 2.8.6.1 Now Available Smith, Jeff (Jul 22)
Re: Snort 2.8.6.1 Now Available Smith, Jeff (Jul 22)
Re: Snort 2.8.6.1 Now Available Smith, Jeff (Jul 22)

Snort Releases

Re: Snort 2.8.6.1 Now Available Snort Releases (Jul 22)
Snort 2.9.0 Beta Now Available Snort Releases (Jul 27)
Snort 2.8.6.1 Now Available Snort Releases (Jul 22)
Snort 2.8.6.1 Now Available Snort Releases (Jul 22)
Re: Snort 2.8.6.1 Now Available Snort Releases (Jul 22)
Snort 2.9.0 Beta Now Available Snort Releases (Jul 27)
Snort 2.9.0 RC Now Available Snort Releases (Sep 03)
Snort 2.9.0 RC Now Available Snort Releases (Sep 03)

snort user

Poll: What is the stream5 configuration you use ? snort user (Aug 26)

spiderslack

Snort Inline incompatible libipq??? spiderslack (Sep 21)
Re: Snort Inline incompatible libipq??? spiderslack (Sep 21)
Re: Snort Inline incompatible libipq??? spiderslack (Sep 21)
Re: Snort Inline incompatible libipq??? spiderslack (Sep 22)
Re: Snort Inline incompatible libipq??? spiderslack (Sep 22)
Re: Snort Inline incompatible libipq??? spiderslack (Sep 22)
Re: Snort Inline incompatible libipq??? spiderslack (Sep 21)

Steven Sturges

Re: [Emerging-Sigs] weirdness Steven Sturges (Aug 16)
Re: Linking custom dynamic-preprocessor Steven Sturges (Jul 22)
Re: difference between pt_mpo_hash and pt_mpxo_hash in PortTable Steven Sturges (Jul 16)
Re: Linking custom dynamic-preprocessor Steven Sturges (Jul 22)
Re: Question regarding config binding configuration option. Steven Sturges (Jul 07)
Re: Intel QuickAssist Technology Pattern Matching mechanism Steven Sturges (Sep 08)
Re: [Emerging-Sigs] weirdness Steven Sturges (Aug 16)
Re: Did snort has any development document ? Steven Sturges (Sep 08)
Re: Linking custom dynamic-preprocessor Steven Sturges (Jul 21)

Sven Juergensen (KielNET)

Sizing of a box requiring 2x10Gbps Sven Juergensen (KielNET) (Jul 07)
Sizing of a box requiring 2x10Gbps Sven Juergensen (KielNET) (Jul 07)

Sylvain Chillaud

Re: snort installation error Sylvain Chillaud (Aug 10)

tgiles

Re: Performance profiling not working snort 2.8.6 tgiles (Sep 13)

Tomas Heredia

Re: Snort Inline incompatible libipq??? Tomas Heredia (Sep 22)
Re: Snort Inline incompatible libipq??? Tomas Heredia (Sep 21)
Re: Snort Inline incompatible libipq??? Tomas Heredia (Sep 21)
Re: Snort Inline incompatible libipq??? Tomas Heredia (Sep 21)
Re: Snort Inline incompatible libipq??? Tomas Heredia (Sep 22)
Re: Snort Inline incompatible libipq??? Tomas Heredia (Sep 22)

Troy S. Jordan

snort unified and unified2 log extraction Troy S. Jordan (Jul 15)

twostep

Re: compilation problem 2.8.6 twostep (Jul 09)
Re: compilation problem 2.8.6 twostep (Jul 09)
compilation problem 2.8.6 twostep (Jul 09)
compilation problem 2.8.6 twostep (Jul 09)
Re: compilation problem 2.8.6 twostep (Jul 12)
Re: compilation problem 2.8.6 twostep (Jul 09)
compilation problem 2.8.6 twostep (Jul 09)

Wael

Re: snort inline mode is not working with iptables Wael (Aug 07)
Re: snort inline mode is not working with iptables Wael (Aug 07)

waldo kitty

Re: ERROR: Preprocessor already registered with ID 21 waldo kitty (Aug 30)
Re: msg update for these, please? waldo kitty (Sep 28)
Re: FPs on 13711-13713 waldo kitty (Aug 26)
Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
Re: Snort Configurations waldo kitty (Sep 23)
Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
Re: Rule performance profiling question waldo kitty (Sep 15)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 waldo kitty (Sep 28)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: how to create testing data files?? waldo kitty (Aug 14)
Re: how to create testing data files?? waldo kitty (Aug 14)
Re: More false positives on rules? waldo kitty (Sep 16)
how to create testing data files?? waldo kitty (Aug 14)
Re: how to create testing data files?? waldo kitty (Aug 14)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: Rule performance profiling question waldo kitty (Sep 15)
Re: Disabling TCP Timestamp is outside of PAWS window? waldo kitty (Jul 23)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: Getting Snort version as bash variable waldo kitty (Aug 04)
Re: msg update for these, please? waldo kitty (Sep 28)
sensitive data pre-processor waldo kitty (Sep 29)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: Snort Configurations waldo kitty (Sep 22)
Re: suppressing alert... waldo kitty (Sep 22)
Re: Snort IDS Not Working waldo kitty (Sep 03)
Re: how to disable compile-time reload option? waldo kitty (Sep 30)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: [Emerging-Sigs] [Snort-users] VRT on Suricata waldo kitty (Jul 21)
Re: [Emerging-Sigs] what s the real difference here? waldo kitty (Jul 14)
Re: msg update for these, please? waldo kitty (Sep 28)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 waldo kitty (Sep 28)
Re: utoh... 2.8.6.1 is out but what about the rules files?? waldo kitty (Jul 25)
Re: Oinkmaster can t get rules waldo kitty (Jul 25)
Re: utoh... 2.8.6.1 is out but what about the rules files?? waldo kitty (Jul 25)
Re: Linking rules in BASE waldo kitty (Aug 24)
Re: utoh... 2.8.6.1 is out but what about the rules files?? waldo kitty (Jul 26)
Re: Rule efficiency waldo kitty (Jul 23)
utoh... 2.8.6.1 is out but what about the rules files?? waldo kitty (Jul 24)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: Snort Configurations waldo kitty (Sep 23)
Re: how to disable compile-time reload option? waldo kitty (Sep 30)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: how to create testing data files?? waldo kitty (Aug 17)
Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
Re: command line options... waldo kitty (Sep 25)
msg update for these, please? waldo kitty (Sep 28)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: suppressing alert... waldo kitty (Sep 23)
Re: ERROR: Preprocessor already registered with ID 21 waldo kitty (Aug 27)
Re: disabled flowbits? waldo kitty (Aug 26)
Re: Rule efficiency waldo kitty (Jul 23)
Re: Segmentation fault waldo kitty (Aug 03)
Re: Rule ID question waldo kitty (Sep 16)
Re: utoh... 2.8.6.1 is out but what about the rules files?? waldo kitty (Jul 25)
Re: What s the difference between the shipped snort.conf's? waldo kitty (Jul 28)
Re: disabled flowbits? waldo kitty (Aug 26)
Re: how to create testing data files?? waldo kitty (Aug 14)
Re: Snort Configurations waldo kitty (Sep 23)
Re: problem when starting snort waldo kitty (Sep 03)
Re: command line options... waldo kitty (Sep 24)
Re: Rule efficiency waldo kitty (Jul 23)
Re: msg update for these, please? waldo kitty (Sep 28)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: suppressing alert... waldo kitty (Sep 23)
specific-threats file messed up? waldo kitty (Sep 15)
Re: Rule efficiency waldo kitty (Jul 23)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 waldo kitty (Sep 15)
Re: Linking rules in BASE waldo kitty (Aug 24)
Re: how to disable compile-time reload option? waldo kitty (Sep 30)
Re: command line options... waldo kitty (Sep 25)
interesting problem... waldo kitty (Sep 24)
Re: how to create testing data files?? waldo kitty (Aug 17)
Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: Rule performance profiling question waldo kitty (Sep 16)
Re: Rule performance profiling question waldo kitty (Sep 16)
disabled flowbits? waldo kitty (Aug 19)
Re: msg update for these, please? waldo kitty (Sep 28)
Re: msg update for these, please? waldo kitty (Sep 28)
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-27 waldo kitty (Sep 28)
Re: Snorby SBSA waldo kitty (Aug 27)
command line options... waldo kitty (Sep 23)
Re: problem when starting snort waldo kitty (Sep 03)
how to disable compile-time reload option? waldo kitty (Sep 30)
suppressing alert... waldo kitty (Sep 17)
Re: command line options... waldo kitty (Sep 23)
Re: A few questions regarding Solaris waldo kitty (Aug 30)
Re: msg update for these, please? waldo kitty (Sep 28)
Re: suppressing alert... waldo kitty (Sep 22)
Re: specific-threats file messed up? waldo kitty (Sep 15)
Re: command line options... waldo kitty (Sep 23)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 23)
Re: Rule performance profiling question waldo kitty (Sep 15)
Re: Snort home net and external net question waldo kitty (Sep 04)
Re: Recommended NFS configuration to store snort logs waldo kitty (Sep 24)
Re: how to create testing data files?? waldo kitty (Aug 14)
Re: Snort 2.8.6.1 Now Available waldo kitty (Jul 22)
Re: Snort home net and external net question waldo kitty (Sep 03)
Re: Rule efficiency waldo kitty (Jul 26)

Will Metcalf

Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 11)
Re: [Emerging-Sigs] weirdness Will Metcalf (Aug 16)
Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
Re: Sizing of a box requiring 2x10Gbps Will Metcalf (Jul 07)
Re: file_data entry in snort manual Will Metcalf (Aug 10)
Re: [Emerging-Sigs] weirdness Will Metcalf (Aug 16)
Re: [DAQ][PATCH 1/3] fix --enable-xyz-module options Will Metcalf (Aug 03)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 10)
Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
Re: Fwd: Re: Fwd: Re: Snort Anomaly Detection Will Metcalf (Sep 17)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 10)
Re: [Emerging-Sigs] weirdness Will Metcalf (Aug 16)
weirdness Will Metcalf (Aug 16)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 11)
file_data entry in snort manual Will Metcalf (Aug 09)
Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
Re: snort inline mode is not working with iptables Will Metcalf (Aug 06)
Re: Sizing of a box requiring 2x10Gbps Will Metcalf (Jul 07)
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 10)

Yaocl

custom output for ruletype{ type alert} Yaocl (Jul 31)

Yolimita Uribe

sigs Yolimita Uribe (Aug 31)

zultan

Re: Persistant URL for rules md5sum zultan (Jul 14)
Persistant URL for rules md5sum zultan (Jul 14)

刘昆

Did snort has any development document ? 刘昆 (Sep 08)
where does snort save the data packet it has captured in the source code 刘昆 (Sep 07)

张峥

report a small bug 张峥 (Jul 08)

邓伟锋

confused about the dynamic preprocessor 邓伟锋 (Jul 18)
difference between pt_mpo_hash and pt_mpxo_hash in PortTable 邓伟锋 (Jul 16)

Previous period

Next period