Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

829 messages starting May 03 11 and ending Jun 21 11
Date index | Thread index | Author index

김무성

IPv6 rule options syntax 김무성 (May 03)
Re: IPv6 rule options syntax 김무성 (May 05)

Addetiloye Taiwo

snort Addetiloye Taiwo (May 20)

Agus

Re: threshold.conf limit not working for me Agus (Apr 26)
Snort Rules against Snort Version... Updates... Agus (Apr 08)
Re: snort in centos not HUPing Agus (Apr 13)
sudden sensitive_data threshold exceeded alerts Agus (Apr 12)
Re: threshold.conf limit not working for me Agus (Apr 26)
PP not ignoring ICMP Agus (Apr 08)
barnyard2 error with waldo file Agus (Apr 14)
Re: snort in centos not HUPing Agus (Apr 13)
threshold.conf limit not working for me Agus (Apr 26)
Re: sudden sensitive_data threshold exceeded alerts Agus (Apr 12)
Re: PP not ignoring ICMP Agus (Apr 08)
snort in centos not HUPing Agus (Apr 13)
Re: PP not ignoring ICMP Agus (Apr 08)

Agustin Roca

Re: barnyard patches? http://colin.grady.us/ offline ? Agustin Roca (Apr 02)
Re: snort is logging alerts but not capturing corresponding packets for some rules Agustin Roca (May 01)

Alan Ptak

Re: Rapid7 and Snort....Good Things from this I think Alan Ptak (Apr 11)

Albert R. Campa

Re: Rapid7 and Snort....Good Things from this I think Albert R. Campa (Apr 11)

Alex Kirk

Re: Feasibility of one off rule Alex Kirk (Jun 13)
Re: does snort pick up lthe izamoon attack? Alex Kirk (Apr 01)
Re: Possible FP 19177 Alex Kirk (Jun 10)

Andy Berryman

Difference between rule classification and rule priority? Andy Berryman (Apr 28)

Asim Jamshed

Flow Management in SnortSP Asim Jamshed (Jun 13)
Re: Flow Management in SnortSP Asim Jamshed (Jun 15)

Atkins, Dwane P

Re: Multiple sensors one database Atkins, Dwane P (Apr 12)
Multiple sensors one database Atkins, Dwane P (Apr 12)
Snort, Barnyard and Base FreeBSD Atkins, Dwane P (Apr 04)
Re: Multiple sensors one database Atkins, Dwane P (Apr 13)

bear

Fw: Re: Snort in IPS mode bear (May 20)
How to Snort IPS? bear (May 23)
not work flexresponse bear (May 18)

beenph

Re: Multiple sensors one database beenph (Apr 12)
Re: Barnyard2 beenph (Jun 28)
Re: Output Plugin Delay, Latency, and PPM beenph (May 07)
Re: barnyard2 not populating sig_name properly when using EMT rules beenph (May 09)
Re: http_client_data and logging beenph (May 26)
Re: Flowbits Set and Not Checked Against SRC/DST Networks beenph (Jun 27)
Re: Unified2 Record Order beenph (Jun 04)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! beenph (Jun 13)
Re: Intel X520 and Multi-Queue Snort beenph (May 13)
Re: Unified2 Record Order beenph (Jun 06)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? beenph (May 09)
Re: Intel X520 and Multi-Queue Snort beenph (May 13)
Re: Homebrew Snort Reactive/Unified2 output beenph (Apr 07)
Re: Unified2 Record Order beenph (Jun 04)
Re: Flowbits Set and Not Checked Against SRC/DSTNetworks beenph (Jun 28)
Re: Snort + HTSQL dashboard application beenph (May 07)
Re: Unified2 Record Order beenph (Jun 06)
Re: Output Plugin Delay, Latency, and PPM beenph (May 06)
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading beenph (May 17)
Re: snort inline timing out after about 65KB beenph (May 24)
Re: Pulled Pork and SO_rules beenph (May 18)
Re: Intel X520 and Multi-Queue Snort beenph (May 13)
Re: Multiple sensors one database beenph (Apr 13)

Bhagya Bantwal

Re: zlib and Centos 5.6 Bhagya Bantwal (May 27)
Re: rules are not matched across the packet Bhagya Bantwal (Jun 07)
Re: Snort Decoder Alerts with Multiple Configs Bhagya Bantwal (Apr 18)
Re: False Negatives in Snort Bhagya Bantwal (Jun 27)

Bill Pickens

Pulledpork Item Bill Pickens (Jun 27)

carlopmart

Re: strem5 session hijacked produce a lot of alerts with lb firewalls carlopmart (Apr 06)
Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
More problems with pulledpork 0.6.0 carlopmart (Apr 01)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
Best bonding mode when multiple configs carlopmart (Apr 26)
Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
Re: strem5 session hijacked produce a lot of alerts with lb firewalls carlopmart (Apr 06)
Re: Best bonding mode when multiple configs carlopmart (Apr 26)
Re: preprocessors and thresholding broken with latest rules tarball? carlopmart (May 20)
strem5 session hijacked produce a lot of alerts with lb firewalls carlopmart (Apr 06)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
About using reject in pulledpork carlopmart (Apr 01)
Re: About using reject in pulledpork carlopmart (Apr 04)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)
Re: strem5 session hijacked produce a lot of alerts with lb firewalls carlopmart (Apr 06)
Inputs about polman for managing rules carlopmart (Apr 08)
Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode carlopmart (Apr 05)

Carney, Megan

Problem with snort,oinkmaster, and feed Carney, Megan (Apr 12)

Castle, Shane

snort.org blog: Why not a full feed? Castle, Shane (Jun 28)

Cees

Snort: http_preprocessor issues on HTTP file uploads Cees (Apr 26)

cfp

Ruxcon 2011 Call For Papers cfp (May 16)

Charles Low

Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Charles Low (Apr 20)
segfault while running snort 2.9.0.5 on CentOS 5.6 Charles Low (Apr 19)

childrenofchaos

Snort 2.9.04 not Alert on Inet interface childrenofchaos (Apr 04)

Chong Lee Poh

Re: Voip attack Chong Lee Poh (Apr 04)

Chris Jacob

Re: Rapid7 and Snort....Good Things from this I think Chris Jacob (Apr 11)

Crusty Saint

Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 11)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 09)
NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 05)
Re: Snort VM monitoring other VMs (virtual environment) Crusty Saint (Apr 12)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Crusty Saint (May 09)
coughing up water on FP and notifications Crusty Saint (Apr 01)

d a

Re: using snort for an IDS/IPS appliance d a (Apr 05)
Re: using snort for 10Gbps traffic rate d a (Apr 08)
using snort for an IDS/IPS appliance d a (Apr 05)
using snort for an IDS/IPS appliance d a (Apr 05)
SourceFire Appliance 3D9900 capabilities d a (Apr 14)
Re: using snort for an IDS/IPS appliance d a (Apr 06)

Dale Handy

Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Dale Handy (May 23)

Dan Erxleben

zlib and Centos 5.6 Dan Erxleben (May 27)

Dan Ferris

Re: Snort + HTSQL dashboard application Dan Ferris (May 05)
Re: Snort + HTSQL dashboard application Dan Ferris (May 05)
Snort + HTSQL dashboard application Dan Ferris (May 04)
Re: Snort + HTSQL dashboard application Dan Ferris (May 05)
Re: Snort + HTSQL dashboard application Dan Ferris (May 07)

Daniel Browning-Weber

snort inline timing out after about 65KB Daniel Browning-Weber (May 24)

Daniel Shepherd

Re: Gbps Network Taps Daniel Shepherd (Apr 07)
Re: Help with noisy alerts for known application Daniel Shepherd (Apr 10)
Re: Help with noisy alerts for known application Daniel Shepherd (Apr 08)

David Bramer

Custom Input of packets into Snort David Bramer (May 21)

Dheeraj Gupta

Re: Pulled Pork and SO_rules Dheeraj Gupta (May 18)
False Negatives in Snort Dheeraj Gupta (Jun 24)
Re: doc/signature files in Snort-2.9.0.5 Dheeraj Gupta (Apr 27)
Pulled Pork and SO_rules Dheeraj Gupta (May 18)
Re: Alert Information Missing for alerts using barnyard2 Dheeraj Gupta (May 19)
Alert Information Missing for alerts using barnyard2 Dheeraj Gupta (May 19)
Regarding dynamic (so_rules) rules Dheeraj Gupta (May 12)
doc/signature files in Snort-2.9.0.5 Dheeraj Gupta (Apr 27)
PulledPork and modifying So_rule stubs Dheeraj Gupta (Jun 22)
Re: Regarding dynamic (so_rules) rules Dheeraj Gupta (May 12)

Document Retention

Removed SIDs Document Retention (Jun 29)

Don Florence

sensitive data preprocessor - emails Don Florence (May 12)
logto keyword Don Florence (May 12)

dterry

AUTO: Darren Terry is out of office. dterry (Apr 27)

Dustin Webber

Re: Snorby opinions Dustin Webber (Jun 06)
Re: Snorby opinions Dustin Webber (Jun 06)
Re: Snorby opinions Dustin Webber (Jun 06)

Edward Fjellskål

Re: Inputs about polman for managing rules Edward Fjellskål (Apr 08)
Re: http_client_data and logging Edward Fjellskål (May 26)
Re: disabling rule groups based on host groups/subnets Edward Fjellskål (Apr 05)

Eoin Miller

Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Eoin Miller (May 11)
Re: When Upgrading Breaks Auto Rule Management Eoin Miller (Apr 28)
Re: Multiple Snort Instances With Identical Interfaces In Daemon Eoin Miller (May 07)
Re: VRT stream5 Preprocessor Config vs Default Settings Eoin Miller (May 17)
PullePork SO Rules Management? Eoin Miller (May 04)
Flowbits Set and Not Checked Against SRC/DST Networks Eoin Miller (Jun 24)
Re: PullePork SO Rules Management? Eoin Miller (May 04)
Re: preprocessors and thresholding broken with latest rules tarball? Eoin Miller (May 20)
PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 04)
Re: PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 05)
Snort Reloading Conf/Rules with SIGHUP Causes Snort To Exit Eoin Miller (May 07)
Re: Pulled Pork Not Enableing ET Rules Eoin Miller (May 20)
Re: snort not alerting on rule if IE is used Eoin Miller (May 09)
Re: Pulled Pork Not Enableing ET Rules Eoin Miller (May 20)
Re: http_client_data and logging Eoin Miller (May 26)
smtp preprocessor buffers and content modifiers Eoin Miller (Jun 08)
When Upgrading Breaks Auto Rule Management Eoin Miller (Apr 28)
Re: snort not alerting on rule if IE is used Eoin Miller (May 09)
flowbits - checking multiple bits being set to create alerting Eoin Miller (Jun 13)
FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Eoin Miller (May 11)
Re: zlib and Centos 5.6 Eoin Miller (May 27)
Re: PullePork SO Rules Management? Eoin Miller (May 04)
preprocessors and thresholding broken with latest rules tarball? Eoin Miller (May 19)
Re: When Upgrading Breaks Auto Rule Management Eoin Miller (Apr 28)
Re: barnyard2 not populating sig_name properly when using EMT rules Eoin Miller (May 09)
VRT stream5 Preprocessor Config vs Default Settings Eoin Miller (Apr 28)
http_client_data and logging Eoin Miller (May 25)
http_inspects post_depth Eoin Miller (Jun 03)
Multiple Snort Instances With Identical Interfaces In Daemon Eoin Miller (May 05)
Lots of FP's on sid:16214 Eoin Miller (May 14)
Re: http_client_data and logging Eoin Miller (May 26)
Re: flowbits - checking multiple bits being set to create alerting Eoin Miller (Jun 15)
Re: http_client_data and logging Eoin Miller (May 26)
PulledPork and disabling a preproc rule file Eoin Miller (May 19)
Snort Manual Fix Eoin Miller (Jun 22)
Re: PullePork SO Rules Management? Eoin Miller (May 04)
Re: Multiple Snort Instances With Identical Interfaces In Daemon Eoin Miller (May 05)

evilghost () packetmail net

Re: [Emerging-Sigs] performance criteria evilghost () packetmail net (May 15)
Re: performance criteria evilghost () packetmail net (May 15)
Re: performance criteria evilghost () packetmail net (May 16)
Current Snort 2.9.0 manual omission - PCRE modifiers evilghost () packetmail net (Apr 28)

Fábio Ferrão

Invitation to connect on LinkedIn Fábio Ferrão (Jun 30)

firewalZ

Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? firewalZ (May 09)

firnsy

Re: Snort.org Blog: Snort 2.9.1 beta coming soon! firnsy (Jun 14)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! firnsy (Jun 15)
Unified2 Record Order firnsy (Jun 03)

Florian Westphal

[PATCH 2/2] daq_nfq: avoid uneeded -ENOBUFS on queue overrun Florian Westphal (Apr 29)
[PATCH 1/2] daq_nfq: snort defines its timeout in milliseconds, not seconds Florian Westphal (Apr 29)

Gaurav Suryagandh

Query about the performance Gaurav Suryagandh (Jun 08)
Re: Query about the performance Gaurav Suryagandh (Jun 09)

Geoff Sweet

Help with noisy alerts for known application Geoff Sweet (Apr 08)
Re: Help with noisy alerts for known application Geoff Sweet (Apr 10)

Gibson, Nathan J. (HSC)

Help a Noob out Gibson, Nathan J. (HSC) (May 10)
Re: Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
Re: Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
Rapid7 and Snort....Good Things from this I think Gibson, Nathan J. (HSC) (Apr 11)
Re: Paid support Gibson, Nathan J. (HSC) (Jun 01)
Re: Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)
Pulled Pork Not Enableing ET Rules Gibson, Nathan J. (HSC) (May 20)

Gilad Benjamini

Verify configuration as non root Gilad Benjamini (Jun 16)
Verify configuration as non root Gilad Benjamini (Jun 18)

go95

Unsubscribe go95 (May 18)

Gregory W. MacPherson

Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Gregory W. MacPherson (May 17)

Hafez Kamal

[HITB-Announce] HITBSecConf2011 - Malaysia Call for Papers Now Open Hafez Kamal (Apr 04)
[HITB-Announce] HITB eZine Issue #006 Released! Hafez Kamal (Jun 13)
[HITB-Announce] HITBSecConf2011 - Malaysia Call for Papers Now Open Hafez Kamal (Apr 04)
[HITB-Announce] HITB2011AMS Conference Materials & Photos Hafez Kamal (Jun 07)
[HITB-Announce] HITB2011AMS Conference Materials & Photos Hafez Kamal (Jun 07)

Hatim Alghamdi

Re: daq_static with 2.9.1 Hatim Alghamdi (Jun 29)
2.9.1 compilation issue with dnet Hatim Alghamdi (Jun 23)
Re: 2.9.1 compilation issue with dnet Hatim Alghamdi (Jun 23)
Re: daq_static with 2.9.1 Hatim Alghamdi (Jun 28)
Re: 2.9.1 compilation issue with dnet Hatim Alghamdi (Jun 24)
Re: daq_static with 2.9.1 Hatim Alghamdi (Jun 28)
2.9.0.5, react works only for the first rule Hatim Alghamdi (Jun 23)
daq_static with 2.9.1 Hatim Alghamdi (Jun 28)

Hui Cao

Re: Dynamic Preprocessor Example doesn't log in Database Hui Cao (Apr 12)
Re: Dynamic Preprocessor Example doesn't log in Database Hui Cao (Apr 12)

Hussein Bahaidarah

Re: Snort rules maximum rules per file Hussein Bahaidarah (Jun 26)
Snort rules maximum rules per file Hussein Bahaidarah (Jun 25)

Ishan Suryavanshi

(no subject) Ishan Suryavanshi (Apr 16)

Ivani A. Nascimento

Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Apr 05)
Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Apr 01)
Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Apr 01)

jack mort

Akamai X Forwarding Proxy as Attack Vector jack mort (Apr 28)
Re: Akamai X Forwarding Proxy as Attack Vector jack mort (Apr 28)

James Lay

Re: iFrame's in gifs James Lay (Jun 24)
Re: Rapid7 and Snort....Good Things from this I think James Lay (Apr 11)
Re: http_client_data and logging James Lay (May 25)
Re: iFrame's in gifs James Lay (Jun 24)
Re: snort is logging alerts but not capturing corresponding packets for some rules James Lay (Apr 25)

Jamie Riden

Re: Fwd: Paul Skelton is out of the office. Jamie Riden (Jun 08)
Re: Unsubscribe Jamie Riden (Jun 08)
Re: performance criteria Jamie Riden (May 16)
Re: performance criteria Jamie Riden (May 16)

Jason Brvenik

Re: Rapid7 and Snort....Good Things from this I think Jason Brvenik (Apr 11)
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Jason Brvenik (May 17)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Jason Brvenik (May 09)
Re: snort is logging alerts but not capturing corresponding packets for some rules Jason Brvenik (May 01)
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Jason Brvenik (May 17)
Re: Snort in IPS mode Jason Brvenik (May 18)

Jason D. McCormick

Re: Sourcefire VRT Rules and Snort Active Response Jason D. McCormick (Jun 20)
Sourcefire VRT Rules and Snort Active Response Jason D. McCormick (Jun 20)

Jason Haar

Re: Snort 2.9.1 Beta Now Available Jason Haar (Jun 13)
FP shows snort-2.9.0.3 confused over packets and sessions Jason Haar (May 09)
Re: flow:established still broken in 2.9.0.5? Jason Haar (Jun 29)
Re: flow:established still broken in 2.9.0.5? Jason Haar (Jun 29)
buglet in daq afpacket Jason Haar (Apr 14)
Re: flow:established still broken in 2.9.0.5? Jason Haar (Jun 29)
flow:established still broken in 2.9.0.5? (was:FP shows snort-2.9.0.3 confused over packets and sessions) Jason Haar (Jun 29)
Re: FP shows snort-2.9.0.3 confused over packets and sessions Jason Haar (May 11)

jason lytle

Re: threshold.conf and suppress 119 19 jason lytle (Apr 15)

Jason Wallace

Re: Help with noisy alerts for known application Jason Wallace (Apr 11)
Gentoo Users: pulledpork-0.6.1 is in Sunrise Jason Wallace (Apr 12)
Re: Snort VM monitoring other VMs (virtual environment) Jason Wallace (Apr 11)
Re: flow:established still broken in 2.9.0.5? Jason Wallace (Jun 29)
Re: When Upgrading Breaks Auto Rule Management Jason Wallace (Apr 28)
Re: sudden sensitive_data threshold exceeded alerts Jason Wallace (Apr 12)
Re: Rapid7 and Snort....Good Things from this I think Jason Wallace (Apr 11)
Gentoo Users: snort-2.9.0.5 is available in Portage Jason Wallace (Apr 13)
Re: snort in centos not HUPing Jason Wallace (Apr 13)
Re: SourceFire Appliance 3D9900 capabilities Jason Wallace (Apr 14)
Re: Snort multithread Jason Wallace (Jun 22)
Ebuild for PF_RING dynamically loadable kernel module Jason Wallace (Apr 14)
Re: flow:established still broken in 2.9.0.5? Jason Wallace (Jun 30)
Gentoo Users: daq-0.5-r1 with support for NFQ and IPQ Jason Wallace (May 23)

Jefferson, Shawn

so_rules clarification Jefferson, Shawn (May 04)
False positive? Jefferson, Shawn (Apr 11)
SID 19253, WEB-CLIENT Adobe Reader malicious language.engtesselate.ln file download attempt Jefferson, Shawn (Jun 16)
Re: Rapid7 and Snort....Good Things from this I think Jefferson, Shawn (Apr 11)
Re: Snort 2.9.0.5 Now Available Jefferson, Shawn (Apr 06)
ssp_ssl: Invalid Client HELLO after Server HELLO Detected Jefferson, Shawn (May 04)
Re: Snorby opinions Jefferson, Shawn (Jun 06)

Jeff Murphy

Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
Re: Query about the performance Jeff Murphy (Jun 09)
Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
Re: Query about the performance Jeff Murphy (Jun 08)
Re: barnyard2 not populating sig_name properly when using EMT rules Jeff Murphy (May 09)
Re: SourceFire Appliance 3D9900 capabilities Jeff Murphy (Apr 14)
Re: Query about the performance Jeff Murphy (Jun 09)
PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
Re: Difference between rule classification and rule priority? Jeff Murphy (Apr 29)

Jeff Nathan

Re: Richard Tyrrell/Telford/Syan Ltd is out of the office. Jeff Nathan (Jun 07)

Jeffrey Carver

Participation Requested: Survey about Open-Source Software Development Jeffrey Carver (Jun 23)

Jim Hranicky

Re: Snort + HTSQL dashboard application Jim Hranicky (May 05)

JJC

Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
Re: PP not ignoring ICMP JJC (Apr 08)
Re: PP not ignoring ICMP JJC (Apr 08)
Re: PulledPork and modifying So_rule stubs JJC (Jun 23)
Re: PullePork SO Rules Management? JJC (May 04)
Re: Pulled Pork Not Enableing ET Rules JJC (May 20)
Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
Re: About using reject in pulledpork JJC (Apr 04)
Re: PullePork SO Rules Management? JJC (May 04)
Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
Re: Gentoo Users: pulledpork-0.6.1 is in Sunrise JJC (Apr 12)
Re: PullePork SO Rules Management? JJC (May 04)
Re: Removed SIDs JJC (Jun 29)
Re: PullePork SO Rules Management? JJC (May 04)
Re: preprocessors and thresholding broken with latest rules tarball? JJC (May 20)
Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
Re: Pulledpork Item JJC (Jun 27)
Re: Homebrew Snort Reactive/Unified2 output JJC (Apr 07)
Re: PulledPork - disablesid.conf categories and SO rule stubs JJC (May 04)
Re: PP not ignoring ICMP JJC (Apr 08)
Re: More problems with pulledpork 0.6.0 JJC (Apr 01)

JJ Cummings

Re: barnyard2 not populating sig_name properly when using EMT rules JJ Cummings (May 09)

Joe Brown

Snort Command Line Options Joe Brown (May 18)
Re: Snort Command Line Options Joe Brown (May 18)

Joel Esler

Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 05)
Re: VRT stream5 Preprocessor Config vs Default Settings Joel Esler (May 20)
Re: Flags keyword still doesn't treat rserved bits as ECE and CWR Joel Esler (Apr 11)
Re: strem5 session hijacked produce a lot of alerts with lb firewalls Joel Esler (Apr 06)
Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 11)
Re: False positive? Joel Esler (Apr 11)
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Joel Esler (May 17)
Re: Flowbits Set and Not Checked Against SRC/DST Networks Joel Esler (Jun 27)
Re: base64_data and base64_decode -- how to use properly? Joel Esler (May 25)
Re: New Rules for Snort 2.6.1.5!! Joel Esler (Jun 11)
Re: iFrame's in gifs Joel Esler (Jun 24)
Re: snort.org blog: Why not a full feed? Joel Esler (Jun 28)
Re: Rapid7 and Snort....Good Things from this I think Joel Esler (Apr 11)
Re: snort 2.9.0.4 won't daemonize, OpenBSD 4.7 Joel Esler (Apr 08)
Re: http_client_data and logging Joel Esler (May 26)
Re: Rule 19253 Joel Esler (Jun 15)
Re: http_client_data and logging Joel Esler (May 26)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
Re: Snort Rules against Snort Version... Updates... Joel Esler (Apr 09)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 14)
Re: Richard Tyrrell/Telford/Syan Ltd is out of the office. Joel Esler (Jun 08)
Re: PATCH 1/1]: DAQ pcaprr module Joel Esler (Apr 29)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
Re: SourceFire Appliance 3D9900 capabilities Joel Esler (Apr 14)
Re: likely FPs Web-Client .... dll-load exploit attempt Joel Esler (Apr 17)
Re: SID 19253, WEB-CLIENT Adobe Reader malicious language.engtesselate.ln file download attempt Joel Esler (Jun 16)
Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 05)
Re: Snorby opinions Joel Esler (Jun 06)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 25)
Re: flow:established still broken in 2.9.0.5? (was:FP shows snort-2.9.0.3 confused over packets and sessions) Joel Esler (Jun 29)
Re: Snort-users Digest, Vol 60, Issue 24 Joel Esler (May 14)
Re: Multiple Snort Instances With Identical Interfaces In Daemon Joel Esler (May 07)
Re: how to acquire best setting of snort rules? Joel Esler (Apr 17)
2.9.0.5 is available for download! Joel Esler (Apr 06)
Re: RPC Portmap Request Joel Esler (Apr 08)
Re: so_rules clarification Joel Esler (May 04)
Re: Gentoo Users: snort-2.9.0.5 is available in Portage Joel Esler (Apr 13)
Re: zlib and Centos 5.6 Joel Esler (May 27)
Re: Current Snort 2.9.0 manual omission - PCRE modifiers Joel Esler (Apr 28)
Re: VRT stream5 Preprocessor Config vs Default Settings Joel Esler (May 20)
Re: Son Benjamin invites you to use Boxbe Joel Esler (May 24)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
Re: What the heck is this... Joel Esler (May 12)
Re: Regarding dynamic (so_rules) rules Joel Esler (May 12)
Re: fast patter errors Joel Esler (Apr 15)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 27)
Re: Confirmation: "Snort Webinar -- Proper implementation of Multiconfig -- John Gay" Joel Esler (May 24)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 15)
Re: New Rules for Snort 2.6.1.5!! Joel Esler (Jun 11)
Re: Unified2 questions Joel Esler (Apr 27)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
Re: When Upgrading Breaks Auto Rule Management Joel Esler (Apr 28)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 15)
Re: snort-NIDS inline mode configuration questions Joel Esler (May 20)
Re: Regarding dynamic (so_rules) rules Joel Esler (May 13)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
Fwd: [Snort-Users] snort signature code Joel Esler (Jun 10)
Re: Unsubscribe Joel Esler (Jun 08)
Re: Richard Tyrrell/Telford/Syan Ltd is out of the office. Joel Esler (Jun 08)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Joel Esler (May 05)
Re: [patch] snort with mysql+SSL support Joel Esler (Jun 25)
Re: False positive? Joel Esler (Apr 12)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
Re: Lots of FP's on sid:16214 Joel Esler (May 14)
Re: Paid support Joel Esler (Jun 01)
Re: Unsubscribe Joel Esler (May 24)
Re: [patch] snort with mysql+SSL support Joel Esler (Jun 25)
Re: fast patter errors Joel Esler (Apr 14)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 26)
Your Webinar Invitation: Join us for "Snort Webinar -- Proper implementation of Multiconfig -- John Gay" Joel Esler (May 18)
Re: iFrame's in gifs Joel Esler (Jun 25)
Re: Flowbits Set and Not Checked Against SRC/DST Networks Joel Esler (Jun 27)
Re: Skype Mac exploit sigs? Joel Esler (May 12)
Re: Portscan Logs Joel Esler (May 01)
Re: http_client_data and logging Joel Esler (May 26)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 14)
First 2011 Snort Webcast Registration is Open! Joel Esler (Apr 06)
Re: [Snort-sigs] Snort.org Blog: Snort's output methods Joel Esler (Jun 27)
Re: Changes to Rule Changelogs Joel Esler (Apr 19)
Re: Snort.org Blog: Snort's output methods Joel Esler (Jun 27)
Re: flow:established still broken in 2.9.0.5? (was:FP shows snort-2.9.0.3 confused over packets and sessions) Joel Esler (Jun 29)
Re: Possible bug in event queue processing - Would really appreciate some insight Joel Esler (May 15)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
Re: Subscription rules vs Registered rules Joel Esler (Apr 17)
Re: snort is logging alerts but not capturing corresponding packets for some rules Joel Esler (Apr 25)
Re: strem5 session hijacked produce a lot of alerts with lb firewalls Joel Esler (Apr 06)
Re: Regarding dynamic (so_rules) rules Joel Esler (May 12)
Re: Fwd: Paul Skelton is out of the office. Joel Esler (Jun 08)
Snort.org Blog: Snort's output methods Joel Esler (Jun 27)
Re: Question on SID 18358 Joel Esler (Apr 08)
Re: buglet in daq afpacket Joel Esler (Apr 14)
Re: stream5 reassembly and split-tcp handshaking Joel Esler (Apr 27)
Re: Snort + HTSQL dashboard application Joel Esler (May 07)
Re: Help with noisy alerts for known application Joel Esler (Apr 08)
Re: VRT stream5 Preprocessor Config vs Default Settings Joel Esler (Apr 28)
Re: http_inspects post_depth Joel Esler (Jun 03)
Re: First 2011 Snort Webcast Registration is Open! Joel Esler (Apr 06)
Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 05)
Re: RPC Portmap Request Joel Esler (Apr 11)
Re: how to acquire best setting of snort rules? Joel Esler (Apr 18)
Re: disabling rule groups based on host groups/subnets Joel Esler (Apr 05)
Re: preprocessors and thresholding broken with latest rules tarball? Joel Esler (May 20)
Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 04)
Re: Rapid7 and Snort....Good Things from this I think Joel Esler (Apr 11)

Joe Pampel

Re: Gbps Network Taps Joe Pampel (Apr 07)

John York

Re: Regarding dynamic (so_rules) rules John York (May 12)

Joshua.Kinard

[PATCH]: Minor fix in sp_tcp_flag_check.c for the C and E bits Joshua.Kinard (Jun 13)
[PATCH 3/5]: byte_jump: Add bitmasking support for calculated bytes Joshua.Kinard (Apr 28)
[PATCH 1/5]: byte_test: support bitwise OR Joshua.Kinard (Apr 28)
[PATCH]: Remove smart quotes and other Unicode bits in README.sip Joshua.Kinard (Jun 13)
Flags keyword still doesn't treat rserved bits as ECE and CWR Joshua.Kinard (Apr 11)
Re: base64_data and base64_decode -- how to use properly? Joshua.Kinard (May 25)
Re: Flags keyword still doesn't treat rserved bits as ECE and CWR Joshua.Kinard (Apr 12)
[PATCH 5/5]: manual: Add documentation for bitmasking (byte_extract, byte_jump), and bitwise OR (byte_test) Joshua.Kinard (Apr 28)
base64_data and base64_decode -- how to use properly? Joshua.Kinard (May 18)
[PATCH]: snort_manual.tex: Remove 'Variable Modifiers' section as it doesn't work Joshua.Kinard (May 25)
[PATCH 4/5]: dcerpc2: Add bitmasking support for calculated bytes (byte_extract, byte_jump), and bitwise OR (byte_test) Joshua.Kinard (Apr 28)
Re: Flowbits Set and Not Checked Against SRC/DSTNetworks Joshua.Kinard (Jun 27)
Re: [PATCH 1/5]: byte_test: support bitwise OR Joshua.Kinard (May 04)
[PATCH]: Snort manual fixes for 2.9.1-beta Joshua.Kinard (Jun 14)
[PATCH 2/5]: byte_extract: Add bitmasking support for calculated bytes Joshua.Kinard (Apr 28)

Joshua Polsky

Portscan Logs Joshua Polsky (May 01)
Portscan log file format Joshua Polsky (Apr 22)

Jules Pagna Disso

Re: [Emerging-Sigs] performance criteria Jules Pagna Disso (May 16)
performance criteria Jules Pagna Disso (May 15)

Ken R

Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Ken R (May 17)

Kevin Ross

Re: Possible FP 10505 Kevin Ross (May 20)
Re: snort-NIDS inline mode configuration questions Kevin Ross (May 20)
Re: how to acquire best setting of snort rules? Kevin Ross (Apr 18)
Re: Subscription rules vs Registered rules Kevin Ross (Apr 18)

Korodev

Unsock Output Issues Korodev (May 24)
Re: Unsock Output Issues Korodev (May 24)
Output Plugin Delay, Latency, and PPM Korodev (May 07)
Re: Homebrew Snort Reactive/Unified2 output Korodev (Apr 07)
Re: Output Plugin Delay, Latency, and PPM Korodev (May 06)
Re: Homebrew Snort Reactive/Unified2 output Korodev (Apr 07)
Re: Output Plugin Delay, Latency, and PPM Korodev (May 07)

Kumar, Mahendra

Re: snort is logging alerts but not capturing corresponding packets for some rules Kumar, Mahendra (Apr 26)
snort is logging alerts but not capturing corresponding packets for some rules Kumar, Mahendra (Apr 25)

Kungu Panda

Fwd: stream5 reassembly and split-tcp handshaking Kungu Panda (Apr 27)
Skype Mac exploit sigs? Kungu Panda (May 12)
Re: stream5 reassembly and split-tcp handshaking Kungu Panda (Apr 27)
stream5 reassembly and split-tcp handshaking Kungu Panda (Apr 25)

L0rd Ch0de1m0rt

Re: Snort.org Blog: Snort's output methods L0rd Ch0de1m0rt (Jun 27)

Lawrence R. Hughes, Sr.

Pkts_filtered_udp Lawrence R. Hughes, Sr. (May 18)

Lay, James

Re: What the heck is this... Lay, James (May 12)
New phishing/Malware campaign Lay, James (Jun 20)
Rule 19253 Lay, James (Jun 15)
Re: Snort in IPS mode Lay, James (May 17)
Re: Paid support Lay, James (Jun 01)
Re: 2.9.1 compilation issue with dnet Lay, James (Jun 23)
Re: threshold.conf limit not working for me Lay, James (Apr 26)
Thresholding issue Lay, James (Jun 13)
Re: Unified2 questions Lay, James (Apr 27)
Question on SID 18358 Lay, James (Apr 07)
Yeesh...19174 is all over the place Lay, James (Jun 08)
What the heck is this... Lay, James (May 12)
Re: Snort + HTSQL dashboard application Lay, James (May 05)
Re: Feasibility of one off rule Lay, James (Jun 13)
Re: http_client_data and logging Lay, James (May 26)
Re: snort is logging alerts but not capturing corresponding packets for some rules Lay, James (Apr 26)
Re: Alert Information Missing for alerts using barnyard2 Lay, James (May 19)
iFrame's in gifs Lay, James (Jun 24)
Feasibility of one off rule Lay, James (Jun 13)
Snorby opinions Lay, James (Jun 03)
Re: What the heck is this... Lay, James (May 12)
Re: Snorby opinions Lay, James (Jun 06)
Re: snort is logging alerts but not capturing corresponding packets for some rules Lay, James (Apr 26)
Unified2 questions Lay, James (Apr 27)
Re: Rule 19253 Lay, James (Jun 15)
Re: 2.9.1 compilation issue with dnet Lay, James (Jun 24)
FP on 18604 Lay, James (Apr 08)
Re: Snort + HTSQL dashboard application Lay, James (May 05)
Re: Question on SID 18358 Lay, James (Apr 08)
Paid support Lay, James (Jun 01)
Possible FP 10505 Lay, James (May 20)
Possible FP 19177 Lay, James (Jun 10)
Re: snort is logging alerts but not capturing corresponding packets for some rules Lay, James (Apr 25)

lay rando

Re: snort-NIDS inline mode configuration questions lay rando (May 20)
snort-NIDS inline mode configuration questions lay rando (May 20)

Lee Fisher

Re: First 2011 Snort Webcast Registration is Open! Lee Fisher (Apr 06)

Lutfi ODUNCUOGLU

libpcap error when compiling daq0.5 Lutfi ODUNCUOGLU (Jun 07)

mahendra kumawat

rules are not matched across the packet mahendra kumawat (Jun 07)
rules are not matched across the packet mahendra kumawat (Jun 07)

Marc Manthey

Re: Confirmation: "Snort Webinar -- Proper implementation of Multiconfig -- John Gay" Marc Manthey (May 24)

Mark W. Jeanmougin

Re: Gbps Network Taps Mark W. Jeanmougin (Apr 07)

Martin Holste

Re: Purchasing New Equipment for Snort Martin Holste (Apr 20)
Re: Snort + HTSQL dashboard application Martin Holste (May 05)
Re: Akamai X Forwarding Proxy as Attack Vector Martin Holste (Apr 28)
Re: Snort + HTSQL dashboard application Martin Holste (May 07)
Re: Intel X520 and Multi-Queue Snort Martin Holste (May 13)
Re: Issues compiling chroot snort with daq Martin Holste (Jun 27)
Re: Intel X520 and Multi-Queue Snort Martin Holste (May 13)
Re: Purchasing New Equipment for Snort Martin Holste (Apr 18)
Re: Snort + HTSQL dashboard application Martin Holste (May 07)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Martin Holste (Jun 13)
FP on 1:16442:3 Martin Holste (May 11)
Re: Snorby opinions Martin Holste (Jun 05)
Re: Intel X520 and Multi-Queue Snort Martin Holste (May 12)
Re: rules management tools Martin Holste (Apr 01)
NIDS capacity planning formula and feedback Martin Holste (Apr 12)
Re: Snort + HTSQL dashboard application Martin Holste (May 05)
Re: Local alert for website traffic not working Martin Holste (Jun 20)
Re: Multiple Snort Instances With Identical Interfaces In Daemon Martin Holste (May 05)
Re: Flowbits Set and Not Checked Against SRC/DST Networks Martin Holste (Jun 27)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Martin Holste (May 10)
Re: Inputs about polman for managing rules Martin Holste (Apr 08)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Martin Holste (Jun 13)
Re: using snort for 10Gbps traffic rate Martin Holste (Apr 08)
Re: Issues compiling chroot snort with daq Martin Holste (Jun 24)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Martin Holste (May 09)
Re: Snorby opinions Martin Holste (Jun 06)
Re: Multiple Snort Instances With Identical Interfaces In Daemon Martin Holste (May 05)
Re: Snort multithread Martin Holste (Jun 23)
Re: daq_static with 2.9.1 Martin Holste (Jun 28)
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Martin Holste (May 17)
Re: [SNORT-devel] Snort with anomaly detection Martin Holste (Apr 11)
Re: Intel X520 and Multi-Queue Snort Martin Holste (May 13)
Re: Flowbits Set and Not Checked Against SRC/DST Networks Martin Holste (Jun 27)
Re: Query about the performance Martin Holste (Jun 09)
Re: daq_static with 2.9.1 Martin Holste (Jun 28)
Re: daq_static with 2.9.1 Martin Holste (Jun 28)
Re: SourceFire Appliance 3D9900 capabilities Martin Holste (Apr 14)
Re: Snort Command Line Options Martin Holste (May 18)
Re: Flowbits Set and Not Checked Against SRC/DST Networks Martin Holste (Jun 27)
Re: Feasibility of one off rule Martin Holste (Jun 13)
Re: Snort Command Line Options Martin Holste (May 18)
Re: Difference between rule classification and rule priority? Martin Holste (Apr 28)
Re: Rapid7 and Snort....Good Things from this I think Martin Holste (Apr 11)
Re: Snort-users Digest, Vol 58, Issue 73 Martin Holste (Apr 02)

Martin Månsson

how the blocking works? Martin Månsson (May 27)

Martin Roesch

Re: Snort.org Blog: Snort's output methods Martin Roesch (Jun 28)
Re: Flow Management in SnortSP Martin Roesch (Jun 15)
Re: SnortSP: Writing an analyzer in Lua Martin Roesch (Jun 28)
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Martin Roesch (May 17)

Martin Schütte

Re: IPv6 rule options syntax Martin Schütte (May 04)

matan monitz

Re: using snort for an IDS/IPS appliance matan monitz (Apr 05)

Matthew Jonkman

Re: [Emerging-Sigs] 2012708 Matthew Jonkman (Apr 26)
Re: [Emerging-Sigs] 2012708 Matthew Jonkman (Apr 26)
Re: [Emerging-Sigs] 2012708 Matthew Jonkman (Apr 26)
Re: flow:established still broken in 2.9.0.5? (was:FP shows snort-2.9.0.3 confused over packets and sessions) Matthew Jonkman (Jun 29)
Re: [Emerging-Sigs] 2012708 Matthew Jonkman (Apr 26)

Matt Olney

Re: snort inline timing out after about 65KB Matt Olney (May 24)
Re: New Question for SID 17294 and SID 17407 Matt Olney (Apr 12)
Re: [Emerging-Sigs] 2012708 Matt Olney (Apr 26)
Re: Question on SID 18358 Matt Olney (Apr 08)

Matt Watchinski

Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Matt Watchinski (May 12)
Re: What the heck is this... Matt Watchinski (May 12)
Re: VRT stream5 Preprocessor Config vs Default Settings Matt Watchinski (Apr 29)
Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Matt Watchinski (May 11)

Maverick

BotHunter Question Maverick (Apr 25)
Re: BotHunter Question Maverick (Apr 25)

Merida, Dylan

Purchasing New Equipment for Snort Merida, Dylan (Apr 18)
Re: When Upgrading Breaks Auto Rule Management Merida, Dylan (Apr 28)
Re: Purchasing New Equipment for Snort Merida, Dylan (Apr 20)

Michael Altizer

Re: PATCH 1/1]: DAQ pcaprr module Michael Altizer (Apr 29)
Re: Snort in IPS mode Michael Altizer (May 15)
Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Michael Altizer (Apr 19)
Re: Snort in IPS mode Michael Altizer (May 16)

Michael Lubinski

Re: logto keyword Michael Lubinski (May 13)
Gbps Network Taps Michael Lubinski (Apr 06)
Re: logto keyword Michael Lubinski (May 16)
Re: PulledPork and modifying So_rule stubs Michael Lubinski (Jun 23)
Barnyard2 Michael Lubinski (Jun 28)
Re: Rapid7 and Snort....Good Things from this I think Michael Lubinski (Apr 11)

Michael Steele

Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (Apr 24)
Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (May 08)
Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (May 09)
Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (Apr 24)

Mike Lococo

Re: Intel X520 and Multi-Queue Snort Mike Lococo (May 13)
Re: Snort VM monitoring other VMs (virtual environment) Mike Lococo (Apr 11)
Re: Intel X520 and Multi-Queue Snort Mike Lococo (May 12)
Re: Intel X520 and Multi-Queue Snort Mike Lococo (May 13)
Intel X520 and Multi-Queue Snort Mike Lococo (May 12)
Re: Intel X520 and Multi-Queue Snort Mike Lococo (May 13)
Re: Intel X520 and Multi-Queue Snort Mike Lococo (May 13)
Re: Intel X520 and Multi-Queue Snort Mike Lococo (May 12)
Intel X520 and Multi-Queue Snort Mike Lococo (May 12)

Mohd Mukrim Che Mohamad Zulkifly

New Question for SID 17294 and SID 17407 Mohd Mukrim Che Mohamad Zulkifly (Apr 11)
SMTP SSLv2 openssl get shared ciphers overflow attempt Mohd Mukrim Che Mohamad Zulkifly (Apr 28)
RPC Portmap Request Mohd Mukrim Che Mohamad Zulkifly (Apr 08)
Re: RPC Portmap Request Mohd Mukrim Che Mohamad Zulkifly (Apr 10)

Moses Hernandez

Re: Issues compiling chroot snort with daq Moses Hernandez (Jun 27)
Issues compiling chroot snort with daq Moses Hernandez (Jun 24)

M.Turner Turner

problem with snortsam-2.9.0.3.diff.gz M.Turner Turner (May 04)
problem with "-Q --daq ipq" in run snort-2.9.0.5 M.Turner Turner (Apr 22)
Subscription rules vs Registered rules M.Turner Turner (Apr 17)
how to acquire best setting of snort rules? M.Turner Turner (Apr 17)

Nguyen Kien

[SNORT-devel] Snort with anomaly detection Nguyen Kien (Apr 11)

Nick Moore

Re: Dynamic Preprocessor Example doesn't log in Database Nick Moore (Apr 06)
Re: Snort + Barnyard2 + Base Issue Nick Moore (May 19)
Re: New Rules for Snort 2.6.1.5!! Nick Moore (Jun 11)
Re: snort Nick Moore (May 21)

Nigel Houghton

Re: Help a Noob out Nigel Houghton (May 10)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)
Re: doc/signature files in Snort-2.9.0.5 Nigel Houghton (Apr 27)
Re: pulledpork and certificate errors Nigel Houghton (Jun 06)
Re: coughing up water on FP and notifications Nigel Houghton (Apr 01)
Changes to Rule Changelogs Nigel Houghton (Apr 19)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Nigel Houghton (Apr 05)
Re: First 2011 Snort Webcast Registration is Open! Nigel Houghton (Apr 08)
Re: doc/signature files in Snort-2.9.0.5 Nigel Houghton (Apr 27)
Re: First 2011 Snort Webcast Registration is Open! Nigel Houghton (Apr 06)
Re: doc/signature files in Snort-2.9.0.5 Nigel Houghton (Apr 27)
Re: using snort for an IDS/IPS appliance Nigel Houghton (Apr 05)
Re: http_inspects post_depth Nigel Houghton (Jun 03)
Re: iFrame's in gifs Nigel Houghton (Jun 25)
Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Nigel Houghton (May 09)

nima chavooshi

New Rules for Snort 2.6.1.5!! nima chavooshi (Jun 11)
Re: New Rules for Snort 2.6.1.5!! nima chavooshi (Jun 11)

Olaf Schreck

Re: snort 2.9.0.4 won't daemonize, OpenBSD 4.7 Olaf Schreck (Apr 08)

Patrick Mullen

Re: likely FPs Web-Client .... dll-load exploit attempt Patrick Mullen (Apr 18)
Re: FP on 3:15450:5 - BAD-TRAFFIC Conficker C/D DNS traffic detected Patrick Mullen (Apr 28)
Re: byte_extract included on last snort v2.9.0.x! Patrick Mullen (Apr 25)
Re: flowbits - checking multiple bits being set to create alerting Patrick Mullen (Jun 14)

Paul Halliday

Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Paul Halliday (May 10)
Re: Snorby opinions Paul Halliday (Jun 06)

Paul Schmehl

Re: Snort, Barnyard and Base FreeBSD Paul Schmehl (Apr 04)

PAURON, GUILLAUME (GUILLAUME)

fast patter errors PAURON, GUILLAUME (GUILLAUME) (Apr 14)
Re: fast patter errors PAURON, GUILLAUME (GUILLAUME) (Apr 15)

Peter Politopoulos

Possible bug in event queue processing - Would really appreciate some insight Peter Politopoulos (May 15)

Phillip Deneault

Re: Snort.org Blog: Snort's output methods Phillip Deneault (Jun 27)

Prashant cd c.d

Re: snort not alerting on rule if IE is used Prashant cd c.d (May 12)
Re: snort not alerting on rule if IE is used Prashant cd c.d (May 12)
snort not alerting on rule if IE is used Prashant cd c.d (May 09)

Randal T. Rioux

Re: performance criteria Randal T. Rioux (May 24)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Randal T. Rioux (Jun 15)
Re: Purchasing New Equipment for Snort Randal T. Rioux (Apr 22)
Re: Snorby opinions Randal T. Rioux (Jun 06)
Re: iFrame's in gifs Randal T. Rioux (Jun 26)
libpcap and RHEL 6.1 Randal T. Rioux (May 25)
Re: Snort-users Digest, Vol 58, Issue 73 Randal T. Rioux (Apr 02)
Re: Richard Tyrrell/Telford/Syan Ltd is out of the office. Randal T. Rioux (Jun 08)
Re: Unsubscribe Randal T. Rioux (May 24)
Re: AUTO: Darren Terry is out of office. Randal T. Rioux (May 01)
Re: Snorby opinions Randal T. Rioux (Jun 06)
Re: Son Benjamin invites you to use Boxbe Randal T. Rioux (May 24)
Fwd: Paul Skelton is out of the office. Randal T. Rioux (Jun 08)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Randal T. Rioux (Jun 14)
Re: First 2011 Snort Webcast Registration is Open! Randal T. Rioux (Apr 07)

Ray Caparros

Re: Rapid7 and Snort....Good Things from this I think Ray Caparros (Apr 11)
Re: Gbps Network Taps Ray Caparros (Apr 06)

Research

Sourcefire VRT Certified Snort Rules Update 2011-06-23 Research (Jun 23)
Sourcefire VRT Certified Snort Rules Update 2011-05-26 Research (May 26)
Sourcefire VRT Certified Snort Rules Update 2011-05-24 Research (May 24)
Sourcefire VRT Certified Snort Rules Update 2011-05-18 Research (May 18)
Sourcefire VRT Certified Snort Rules Update 2011-06-07 Research (Jun 07)
Sourcefire VRT Certified Snort Rules Update 2011-05-12 Research (May 12)
Sourcefire VRT Certified Snort Rules Update 2011-04-26 Research (Apr 26)
Sourcefire VRT Certified Snort Rules Update 2011-06-14 Research (Jun 14)
Sourcefire VRT Certified Snort Rules Update 2011-06-09 Research (Jun 09)
Sourcefire VRT Certified Snort Rules Update 2011-06-02 Research (Jun 02)
Sourcefire VRT Certified Snort Rules Update 2011-05-10 Research (May 10)
Sourcefire VRT Certified Snort Rules Update 2011-06-28 Research (Jun 28)
Sourcefire VRT Certified Snort Rules Update 2011-04-19 Research (Apr 19)
Sourcefire VRT Certified Snort Rules Update 2011-05-03 Research (May 03)
Sourcefire VRT Certified Snort Rules Update 2011-05-05 Research (May 05)
Sourcefire VRT Certified Snort Rules Update 2011-04-27 Research (Apr 27)
Sourcefire VRT Certified Snort Rules Update 2011-06-16 Research (Jun 16)
Sourcefire VRT Certified Snort Rules Update 2011-04-06 Research (Apr 06)
Sourcefire VRT Certified Snort Rules Update 2011-06-21 Research (Jun 21)
Sourcefire VRT Certified Snort Rules Update 2011-04-12 Research (Apr 12)
Sourcefire VRT Certified Snort Rules Update 2011-04-21 Research (Apr 21)
Sourcefire VRT Certified Snort Rules Update 2011-05-31 Research (May 31)
Sourcefire VRT Certified Snort Rules Update 2011-06-20 Research (Jun 20)

Richard Tyrrell

Unsubscribe Richard Tyrrell (Jun 08)
Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Jun 07)

Rich Graves

Re: libpcap and RHEL 6.1 Rich Graves (May 27)

Rick Moy

Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Rick Moy (May 10)

rmkml

Re: Lots of FP's on sid:16214 rmkml (May 14)
Re: Rule 19253 rmkml (Jun 15)
Re: [Emerging-Sigs] 2012708 rmkml (Apr 26)
Re: Yeesh...19174 is all over the place rmkml (Jun 08)
Re: Detecting cross reference at DNS decompression by a snort rule rmkml (May 27)
Re: FP shows snort-2.9.0.3 confused over packets and sessions rmkml (May 10)
Re: rules are not matched across the packet rmkml (Jun 07)
Re: New Question for SID 17294 and SID 17407 rmkml (Apr 12)
Re: [Snort-users] Detecting cross reference at DNS decompression by a snort rule (fwd) rmkml (May 27)
Re: iFrame's in gifs rmkml (Jun 24)
Re: Possible FP 19177 rmkml (Jun 10)
byte_extract included on last snort v2.9.0.x! rmkml (Apr 24)

Ron Jenkins

Active Response System (ARS) Ron Jenkins (Jun 27)

rrobinson

Snort-users Digest, Vol 60, Issue 24 rrobinson (May 14)

Russ Combs

Re: VRT stream5 Preprocessor Config vs Default Settings Russ Combs (Apr 29)
Re: How to compile a Dynamic Preprocessor alone? Russ Combs (Apr 20)
Re: Custom Input of packets into Snort Russ Combs (May 21)
Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
Re: Fw: Re: Snort in IPS mode Russ Combs (May 19)
Re: Snort in IPS mode Russ Combs (May 17)
Re: Snort in IPS mode Russ Combs (May 17)
Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Russ Combs (Apr 20)
Re: Unified2 Record Order Russ Combs (Jun 06)
Re: Problems running 32 bit snort on a 64 bit linux kernel Russ Combs (Apr 07)
Re: Snort Manual Fix Russ Combs (Jun 22)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Russ Combs (Jun 13)
Re: Snort in IPS mode Russ Combs (May 17)
Re: flow:established still broken in 2.9.0.5? Russ Combs (Jun 29)
Re: Sourcefire VRT Rules and Snort Active Response Russ Combs (Jun 20)
Re: Problems running 32 bit snort on a 64 bit linux kernel Russ Combs (Apr 07)
Re: [PATCH]: Snort manual fixes for 2.9.1-beta Russ Combs (Jun 15)
Re: threshold.conf limit not working for me Russ Combs (Apr 26)
Re: buglet in daq afpacket Russ Combs (Apr 28)
Re: Sourcefire VRT Rules and Snort Active Response Russ Combs (Jun 21)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Apr 11)
Re: Snort in IPS mode Russ Combs (May 17)
Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)
Re: How to compile a Dynamic Preprocssor alone? Russ Combs (Apr 14)
Re: [PATCH 2/2] daq_nfq: avoid uneeded -ENOBUFS on queue overrun Russ Combs (Apr 29)
Re: snort-NIDS inline mode configuration questions Russ Combs (May 20)
Re: Flowbits Set and Not Checked Against SRC/DST Networks Russ Combs (Jun 27)
Re: Verify configuration as non root Russ Combs (Jun 17)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Russ Combs (Jun 13)
Re: Snort in IPS mode Russ Combs (May 17)
Re: buglet in daq afpacket Russ Combs (Apr 14)
Re: Unified2 Record Order Russ Combs (Jun 06)
Re: 2.9.0.5, react works only for the first rule Russ Combs (Jun 23)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
Re: Poor bandwidth using snort 2.9.0.4 in afpacket mode Russ Combs (Apr 05)
Re: [snort-devel] sfportscan and SYN scan with data Russ Combs (Apr 25)
Re: [PATCH 1/2] daq_nfq: snort defines its timeout in milliseconds, not seconds Russ Combs (Apr 29)

Russell Fulton

likely FPs Web-Client .... dll-load exploit attempt Russell Fulton (Apr 17)

Ryan Jordan

Re: [PATCH]: Minor fix in sp_tcp_flag_check.c for the C and E bits Ryan Jordan (Jun 20)
Re: [PATCH 1/5]: byte_test: support bitwise OR Ryan Jordan (May 03)
Re: ssp_ssl: Invalid Client HELLO after Server HELLO Detected Ryan Jordan (May 04)
Re: sudden sensitive_data threshold exceeded alerts Ryan Jordan (Apr 12)

Ryan Pettigrew

Local alert for website traffic not working Ryan Pettigrew (Jun 20)
Local alert for website traffic not working Ryan Pettigrew (Jun 20)
Snort + Barnyard2 + Base Issue Ryan Pettigrew (May 19)
Re: Snort + Barnyard2 + Base Issue Ryan Pettigrew (May 23)

Ryan Steinmetz

Re: [patch] snort with mysql+SSL support Ryan Steinmetz (Jun 25)
[patch] snort with mysql+SSL support Ryan Steinmetz (Jun 24)

Seth Hall

Re: NSS Labs : CheckPoint 97.3% recommended profile hoax ? Seth Hall (May 10)

Shirk Dog

Re: False positive? Shirk Dog (Apr 11)

Singapore Citizen Mr. Teo En Ming (Zhang Enming)

An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading Singapore Citizen Mr. Teo En Ming (Zhang Enming) (May 17)

Snort Releases

Snort 2.9.1 Beta Now Available Snort Releases (Jun 13)
Snort 2.9.0.5 Now Available Snort Releases (Apr 06)
Snort 2.9.0.5 Now Available Snort Releases (Apr 06)
Snort 2.9.1 Beta Now Available Snort Releases (Jun 13)

Son Benjamin

Son Benjamin invites you to use Boxbe Son Benjamin (May 09)

Srinivasa . Balaji

Snort for Amazon Infrastructure Srinivasa . Balaji (Apr 12)

Steven Sturges

Re: IPv6 rule options syntax Steven Sturges (May 04)
Re: [Emerging-Sigs] 2012708 Steven Sturges (Apr 26)
Re: Query about the performance Steven Sturges (Jun 08)
Re: Unified2 Record Order Steven Sturges (Jun 06)
Re: Unified2 Record Order Steven Sturges (Jun 06)
Re: VRT stream5 Preprocessor Config vs Default Settings Steven Sturges (May 01)
Re: [Snort-sigs] Snort.org Blog: Snort's output methods Steven Sturges (Jun 27)
Re: [Emerging-Sigs] 2012708 Steven Sturges (Apr 26)
Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Steven Sturges (May 08)
Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Steven Sturges (Jun 15)
Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Steven Sturges (Apr 24)
Re: Fwd: [Snort-Users] snort signature code Steven Sturges (Jun 10)
Re: Unified2 Record Order Steven Sturges (Jun 04)
Re: Unified2 Record Order Steven Sturges (Jun 04)

Sudarshan Raghavan

Re: Problems running 32 bit snort on a 64 bit linux kernel Sudarshan Raghavan (Apr 07)
Problems running 32 bit snort on a 64 bit linux kernel Sudarshan Raghavan (Apr 07)

Tako Chanz

SnortSP: adding analyzer Tako Chanz (Jun 23)
SnortSP: Writing an analyzer in Lua Tako Chanz (Jun 27)

Thomas LESTRIEZ

Re: Dynamic Preprocessor Example doesn't log in Database Thomas LESTRIEZ (Apr 04)
Dynamic Preprocessor Example doesn't log in Database Thomas LESTRIEZ (Apr 07)
Re: Dynamic Preprocessor Example doesn't log in Database Thomas LESTRIEZ (Apr 08)
Re: How to compile a Dynamic Preprocessor alone? Thomas LESTRIEZ (Apr 15)
Re: Dynamic Preprocessor Example doesn't log in Database Thomas LESTRIEZ (Apr 05)
Dynamic Preprocessor Example doesn't log in Database Thomas LESTRIEZ (Apr 04)
How to compile a Dynamic Preprocssor alone? Thomas LESTRIEZ (Apr 14)

turki

Re: Snorby opinions turki (Jun 04)
Re: Testing IPTABLES (Snort Inline Mode, NFQUEUE, Local Rules) No alerts! turki (May 24)
Re: Snort VM monitoring other VMs (virtual environment) turki (Apr 12)
Re: Snort in IPS mode turki (May 16)
Snort VM monitoring other VMs (virtual environment) turki (Apr 11)
Re: Snort in IPS mode turki (May 17)
Re: Snort in IPS mode turki (May 17)
Snort in IPS mode turki (May 15)
Re: Snort in IPS mode turki (May 17)
Fw: Re: Snort in IPS mode turki (May 19)
Re: Fw: Re: Snort in IPS mode turki (May 19)
Re: Snort VM monitoring other VMs (virtual environment) turki (Apr 11)
Testing IPTABLES (Snort Inline Mode, NFQUEUE, Local Rules) No alerts! turki (May 20)
Snort Inline Mode (with NFQ) drop rule is not working turki (May 31)
Re: Snort in IPS mode turki (May 17)
Re: Snort in IPS mode turki (May 17)
Re: Snort in IPS mode turki (May 16)
Re: Snort in IPS mode turki (May 17)
Re: Snort in IPS mode turki (May 16)
Re: Snort VM monitoring other VMs (virtual environment) turki (Apr 13)

vincent

Re: libpcap and RHEL 6.1 vincent (May 26)
updated RHEL5/6 packages for Snort 2.9.0.5 Now Available vincent (Apr 08)

Virgil Hemery

[snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 24)
Re: [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 26)
Re: [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 29)

waldo kitty

Re: Multiple Snort Instances With Identical Interfaces In Daemon waldo kitty (May 06)
Re: Multiple Snort Instances With Identical Interfaces In Daemon waldo kitty (May 07)
Re: Snort + HTSQL dashboard application waldo kitty (May 05)
Re: Unified2 questions waldo kitty (Apr 27)
Re: logto keyword waldo kitty (May 15)
Re: threshold.conf limit not working for me waldo kitty (Apr 27)
Re: iFrame's in gifs waldo kitty (Jun 24)
Re: snort is logging alerts but not capturing corresponding packets for some rules waldo kitty (Apr 27)
Re: threshold.conf limit not working for me waldo kitty (Apr 26)
Re: When Upgrading Breaks Auto Rule Management waldo kitty (Apr 28)

Weir, Jason

Re: barnyard2 error with waldo file Weir, Jason (Apr 14)
Re: libpcap error when compiling daq0.5 Weir, Jason (Jun 07)
Re: libpcap error when compiling daq0.5 Weir, Jason (Jun 07)

Will Metcalf

Re: Snort in IPS mode Will Metcalf (May 17)
Re: Snort in IPS mode Will Metcalf (May 17)
Re: Intel X520 and Multi-Queue Snort Will Metcalf (May 12)
2012708 Will Metcalf (Apr 26)
Re: [Emerging-Sigs] 2012708 Will Metcalf (Apr 26)
Re: Snort in IPS mode Will Metcalf (May 16)
Re: [Emerging-Sigs] Current Snort 2.9.0 manual omission - PCRE modifiers Will Metcalf (Apr 28)
Re: [Emerging-Sigs] 2012708 Will Metcalf (Apr 26)

Wm. Josiah Erikson

barnyard2 not populating sig_name properly when using EMT rules Wm. Josiah Erikson (May 09)
Re: barnyard2 not populating sig_name properly when using EMT rules Wm. Josiah Erikson (May 09)

Youngquist, Jason R.

pulledpork and certificate errors Youngquist, Jason R. (Jun 06)
disabling rule groups based on host groups/subnets Youngquist, Jason R. (Apr 05)

Zultan

Re: doc/signature files in Snort-2.9.0.5 Zultan (Apr 27)
Re: doc/signature files in Snort-2.9.0.5 Zultan (Apr 27)
Re: doc/signature files in Snort-2.9.0.5 Zultan (Apr 27)

سعید انواری

Detecting cross reference at DNS decompression by a snort rule سعید انواری (May 27)

Барулин Николай

Snort multithread Барулин Николай (Jun 21)

Previous period

Next period