Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

807 messages starting Feb 26 12 and ending Mar 19 12
Date index | Thread index | Author index

もんきち

start error snort 2.9.2.1. Dynamicplugin Error. もんきち (Feb 26)

김무성

Re: Multiprocessing Snort with PF_RING DAQ (DNA enabled) 김무성 (Feb 07)

Albert Monfà

Deprecated support prelude on snort 2.9.3 Albert Monfà (Mar 03)

Alejandro Cabrera Obed

Re: Snort terminates abnormally Alejandro Cabrera Obed (Mar 12)
Snort terminates abnormally Alejandro Cabrera Obed (Mar 12)
Re: Snort terminates abnormally Alejandro Cabrera Obed (Mar 13)

Alex Kirk

Re: SID 18773 Alex Kirk (Jan 17)
Re: sid:19825 Apache Killer Alex Kirk (Mar 06)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Alex Kirk (Mar 12)
Re: Proposed Signature - COMMUNITY WEB-PHP Remote Execution Backdoor Attempt Against Horde Alex Kirk (Feb 21)
Re: Proposed Signature - COMMUNITY WEB-PHP Remote Execution Backdoor Attempt Against Horde Alex Kirk (Feb 17)

Alex Morris

daq configure script options for libpcap? Alex Morris (Feb 26)
daq configure script options related to libpcap? Alex Morris (Feb 26)

Alojzy Kleks

Re: Empty output (unified) files Alojzy Kleks (Mar 22)
Re: Empty output (unified) files Alojzy Kleks (Mar 26)
Empty output (unified) files Alojzy Kleks (Mar 22)
Re: Empty output (unified) files Alojzy Kleks (Mar 27)
Re: Empty output (unified) files Alojzy Kleks (Mar 27)
Fw: Fwd: Empty output (unified) files Alojzy Kleks (Mar 26)

amit82

Signatures and Rulesets amit82 (Mar 23)

Amit B

Rules Amit B (Mar 26)
Re: Testing Snort Amit B (Mar 04)
Testing Snort Amit B (Mar 04)

Amm Snort

Snort with NFQUEUE allows everything (even unopened ports) Amm Snort (Mar 30)
Re: Snort with NFQUEUE allows everything (even unopened ports) Amm Snort (Mar 31)
Re: Snort with NFQUEUE allows everything (even unopened ports) Amm Snort (Mar 31)
Re: Snort with NFQUEUE allows everything (even unopened ports) Amm Snort (Mar 30)

amN0P

Snort>Unified2>Barnyard2>Syslog amN0P (Jan 12)

Andrew Smith

Re: snort.conf in 2.9.2 and VRT tarball Andrew Smith (Jan 01)

Andrew Torres

Not uricontent Andrew Torres (Feb 23)
Re: Snort Installation Andrew Torres (Mar 07)

Anestis Bechtsoudis

Evolving the TCP window size option Anestis Bechtsoudis (Jan 10)

Anju Jyothish

Doubt in development Anju Jyothish (Feb 02)
Re: Snort Beginner Anju Jyothish (Mar 03)
Snort Beginner Anju Jyothish (Jan 06)

annie george

snort_libdnetnotfound error annie george (Mar 16)

Anonymous forum

can't get http_stat_code to firing Anonymous forum (Mar 23)

ARAI Shun-ichi

Configuration for Snort 2.9.2.1 (Windows) ARAI Shun-ichi (Mar 24)

Aymen AlAwady

Fwd: Snort rule doesn't generate alerts when hosts responding simultaneously Aymen AlAwady (Mar 11)
Snort rule to detect inside hosts! Aymen AlAwady (Mar 31)
Snort rule doesn't generate alerts when hosts responding simultaneously Aymen AlAwady (Mar 07)

Azfar Hashmi

Re: Fwd: Re: disable frag3 Azfar Hashmi (Jan 03)

Bachelor, Stephen A CTR USSOCOM HQ

Excessive alerts on SID 17407 -- Windows help file download Bachelor, Stephen A CTR USSOCOM HQ (Jan 27)

Bad Horse

Re: Proposed Signature for Keystrokes iKeyMonitor iOS Keylogger Bad Horse (Mar 21)

balaji patnala

Re: Multiprocessing Snort with PF_RING DAQ (DNA enabled) balaji patnala (Feb 08)

Balasubramaniam Natarajan

Re: Snort rule doesn't generate alerts when hosts responding simultaneously Balasubramaniam Natarajan (Mar 11)
Re: Snort rule doesn't generate alerts when hosts responding simultaneously Balasubramaniam Natarajan (Mar 11)
FP on WEB-CLIENT Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt Balasubramaniam Natarajan (Mar 05)
Re: Only an empty Alert file :( Balasubramaniam Natarajan (Mar 11)

beenph

Request for Anonymized Unified2 samples beenph (Jan 31)
Re: Barnyard2 - CYGWIN - Windows Compile beenph (Feb 19)
Re: Barnyard2 error beenph (Mar 08)
Re: Barnyard2 and AFPACKET beenph (Feb 06)
Re: Snort/Barnyard2 performance with remote DB beenph (Feb 28)
Re: HELP ON SNORT beenph (Jan 29)
Re: HELP ON SNORT beenph (Jan 30)
Re: Out of topic: Snort rule doesn't generate alerts when hosts responding simultaneously beenph (Mar 10)
Re: HELP ON SNORT beenph (Jan 30)
Re: Snort/Barnyard2 performance with remote DB beenph (Feb 27)
Re: [Snort-users] threshold -- is it really deprecated? beenph (Jan 23)
Re: Snort/Barnyard2 performance with remote DB beenph (Feb 29)
Re: Snort/Barnyard2 performance with remote DB beenph (Mar 01)
Re: Snort/Barnyard2 performance with remote DB beenph (Feb 29)
Announce Unified2 Anonymiser v0.9.0b u2_anon beenph (Jan 23)
Re: HELP ON SNORT beenph (Jan 30)
Re: Snort/Barnyard2 performance with remote DB beenph (Feb 29)

Ben Sansnom

Rules updates and compile-time options Ben Sansnom (Jan 15)

Bhagya Bantwal

Re: Sensitive Data Preprocessor Bhagya Bantwal (Mar 12)

Bijoy Lobo

Snort 2.9.2.0 Crashes on a Drop rule Bijoy Lobo (Jan 13)

Billy Marshall

Re: cannot authenticate to MSSQL database from BASE Billy Marshall (Feb 06)
Re: cannot authenticate to MSSQL database from BASE Billy Marshall (Jan 30)

Carney, Megan

Re: HELP ON SNORT Carney, Megan (Jan 30)

Castle, Shane

Re: BASE and Snorby running together Castle, Shane (Feb 22)
Re: Very high amount of "TCP Small Segment Threshold Exceeded" Castle, Shane (Feb 28)
Re: HELP ON SNORT Castle, Shane (Jan 27)
Re: request for changes to compile snort in Solaris Castle, Shane (Jan 31)
BASE and Snorby running together Castle, Shane (Feb 22)
Re: BASE and Snorby running together Castle, Shane (Feb 22)

Chris Eidem

Re: Cannot build 2.9.2.2 on OpenBSD 5.0 Chris Eidem (Mar 30)
Cannot build 2.9.2.2 on OpenBSD 5.0 Chris Eidem (Mar 29)
Building snort on OpenBSD Chris Eidem (Mar 15)

Chris Granger

Re: Unified Logging (PKT_STREAM_TWH & PKT_FROM_CLIENT) Chris Granger (Feb 21)

Chris Standring

Re: Cannot Find -lipq error Chris Standring (Mar 13)
Cannot Find -lipq error Chris Standring (Mar 13)
DAQ Mod issue Chris Standring (Mar 21)

Christian T

Stream 5 max_queued_bytes explanation Christian T (Jan 06)

Christopher Granger

Unified Logging (PKT_STREAM_TWH & PKT_FROM_CLIENT) Christopher Granger (Feb 21)

CleBeer

Re: Segfault using react CleBeer (Jan 04)
Re: Segfault using react CleBeer (Jan 03)
Re: Notification limitation CleBeer (Jan 13)
Segfault using react CleBeer (Jan 03)

cnuddep

arpspoof preprocessor and barnyard2 \ BASE issue cnuddep (Jan 17)

Code Six

Re: Decoder Alerts (config options ignored?) Code Six (Jan 20)
Decoder Alerts (config options ignored?) Code Six (Jan 19)

Community Proposed

Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Community Proposed (Mar 05)
Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Community Proposed (Mar 05)
Proposed Signature - COMMUNITY SPECIFIC-THREATS Blackhole Exploit Kit JavaScript carat string splitting with hostile applet Community Proposed (Feb 21)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS - Bredolab infected asset POSTing check-in" Community Proposed (Mar 12)
Proposed Signature - COMMUNITY WEB-PHP Remote Execution Backdoor Attempt Against Horde Community Proposed (Feb 17)
Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch qq" Community Proposed (Mar 07)
Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole Terse JavaScript hex 16 byte document.location JavaScript redirect to showthread.php" Community Proposed (Mar 13)
Proposed Signature - "COMMUNITY SPECIFIC-THREATS - Bredolab infected asset POSTing check-in" Community Proposed (Mar 12)
Proposed Siganture for Laik Exploit Kit hostile PDF Community Proposed (Feb 21)
Proposed Signatures - Blackhole Exploit Kit Community Proposed (Mar 13)
Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Community Proposed (Feb 29)

Community Signatures

Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole Terse JavaScript hex 16 byte document.location JavaScript redirect to showthread.php" Community Signatures (Mar 13)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole Terse JavaScript hex 16 byte document.location JavaScript redirect to showthread.php" Community Signatures (Mar 13)
Re: Proposed Signatures - Blackhole Exploit Kit Community Signatures (Mar 13)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Community Signatures (Mar 12)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS - Bredolab infected asset POSTing check-in" Community Signatures (Mar 12)
Re: Proposed Signature for Keystrokes iKeyMonitor iOS Keylogger Community Signatures (Mar 21)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Community Signatures (Feb 29)
Re: UNSUBSCRIBE Community Signatures (Mar 07)
Proposed Signature for Keystrokes iKeyMonitor iOS Keylogger Community Signatures (Mar 20)
Re: Only an empty Alert file :( Community Signatures (Mar 13)

Curt Shaffer

Advanced DNS rules Curt Shaffer (Feb 19)
Re: Advanced DNS rules Curt Shaffer (Feb 19)
Re: Advanced DNS rules Curt Shaffer (Feb 20)
Re: Advanced DNS rules Curt Shaffer (Feb 19)

Dave Kelly

Re: Basics of setting up an inline snort installation Dave Kelly (Feb 09)
Basics of setting up an inline snort installation Dave Kelly (Feb 09)
Re: Basics of setting up an inline snort installation Dave Kelly (Feb 09)

Dave Venman

Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Dave Venman (Mar 31)

Davor Šerfez

react when running daq nfq inline Davor Šerfez (Mar 06)

Dean Farwood

Re: Only an empty Alert file :( Dean Farwood (Mar 12)
Only an empty Alert file :( Dean Farwood (Mar 11)
Re: Only an empty Alert file :( Dean Farwood (Mar 13)

Dean Freeman

Re: Querstion about Chinese IP addresses Dean Freeman (Mar 13)

Dewhirst, Rob

Snort->OSSIM Sensor only, unified2? Dewhirst, Rob (Jan 11)
Re: Snort->OSSIM Sensor only, unified2? Dewhirst, Rob (Jan 11)

Doug Burks

Re: SSL and Snort Doug Burks (Feb 06)
Re: segfault - how to troubleshoot Doug Burks (Feb 01)

Dustin Webber

Re: HELP ON SNORT Dustin Webber (Jan 28)
Re: HELP ON SNORT Dustin Webber (Jan 30)
Re: HELP ON SNORT Dustin Webber (Jan 30)
Re: HELP ON SNORT Dustin Webber (Jan 29)
Re: HELP ON SNORT Dustin Webber (Jan 30)
Re: BASE and Snorby running together Dustin Webber (Feb 22)
Re: BASE and Snorby running together Dustin Webber (Feb 22)
Re: HELP ON SNORT Dustin Webber (Jan 30)
Re: BASE and Snorby running together Dustin Webber (Feb 22)

Edward Fjellskål

Re: SSL and Snort Edward Fjellskål (Feb 06)

elof

Re: [Snort-users] threshold -- is it really deprecated? elof (Jan 23)
Almost 4000 rules cleaned? elof (Mar 14)
Re: [Emerging-Sigs] No real performance penalty? elof (Jan 18)

eltra1n

BPF Question eltra1n (Mar 07)

Eoin Miller

Re: threshold -- is it really deprecated? Eoin Miller (Jan 20)
Re: Snort>Unified2>Barnyard2>Syslog Eoin Miller (Jan 12)
Re: Snort 2.9.2.1 Now Available Eoin Miller (Jan 30)
Re: threshold deprecation and event_filter Eoin Miller (Jan 11)
Re: [Snort-users] threshold -- is it really deprecated? Eoin Miller (Jan 22)
Re: can't get http_stat_code to firing Eoin Miller (Mar 23)
threshold deprecation and event_filter Eoin Miller (Jan 10)

Eric G

Re: HELP ON SNORT Eric G (Jan 31)

Fabio Almeida

Re: Configuring snort as IPS Fabio Almeida (Jan 24)
Re: Configuring snort as IPS Fabio Almeida (Jan 24)

Geoffrey Sanders

Re: Advanced DNS rules Geoffrey Sanders (Feb 19)

Giacomo

Re: Very high amount of "TCP Small Segment Threshold Exceeded" Giacomo (Mar 03)
Very high amount of "TCP Small Segment Threshold Exceeded" Giacomo (Feb 28)
Re: Very high amount of "TCP Small Segment Threshold Exceeded" Giacomo (Feb 29)

Gifty Jeya

Snort and SPADE integration : Segmentation Fault. Gifty Jeya (Jan 30)

Giles Coochey

Re: Querstion about Chinese IP addresses Giles Coochey (Mar 12)
Re: Snort on WIN XP Giles Coochey (Feb 07)

Guillaume Daleux

Re: var PKT_TIMEOUT in sfdaq.c Guillaume Daleux (Feb 29)
var PKT_TIMEOUT in sfdaq.c Guillaume Daleux (Feb 29)

Hafez Kamal

[HITB-Announce] HITB2012AMS SIGINT - Call for Submissions Hafez Kamal (Mar 08)
[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon Hafez Kamal (Jan 26)

Han Boetes

log_tcpdump does not log Han Boetes (Mar 19)
Re: log_tcpdump does not log Han Boetes (Mar 19)

Harvey Chickers

Re: Sensor placement with presence of web proxies Harvey Chickers (Jan 29)

Heine Lysemose

Re: Snort Installation Heine Lysemose (Mar 07)
Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)
Re: HELP ON SNORT Heine Lysemose (Jan 29)
Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)
Re: Ethernet options Heine Lysemose (Mar 07)
Re: Basics of setting up an inline snort installation Heine Lysemose (Feb 09)
Re: Testing Snort Heine Lysemose (Mar 04)
Re: Post Snort 2.9.2.1 (Ubuntu 10.04 LTS) installation issues Heine Lysemose (Mar 08)
Re: HELP ON SNORT Heine Lysemose (Jan 28)
Re: help Heine Lysemose (Jan 26)
Re: HOMENET IP exclusions Heine Lysemose (Mar 13)

huruiala cosmin

snort ids for wireless huruiala cosmin (Feb 23)

Ibrahim Almahi

Fw: can not start snort in inline mode Ibrahim Almahi (Mar 29)

Jagan Mohan Reddy D

on snort Jagan Mohan Reddy D (Feb 10)
HELP ON SNORT Jagan Mohan Reddy D (Jan 24)
snort with mysql Jagan Mohan Reddy D (Feb 08)
help on snort Jagan Mohan Reddy D (Feb 03)
on snort Jagan Mohan Reddy D (Jan 26)
Re: Snort on WIN XP Jagan Mohan Reddy D (Feb 08)
snort_Base_Barnyard2 Jagan Mohan Reddy D (Mar 10)
snort help Jagan Mohan Reddy D (Feb 22)
abt snort log file Jagan Mohan Reddy D (Jan 27)
help Jagan Mohan Reddy D (Jan 26)
help on snort Jagan Mohan Reddy D (Mar 03)
regarding SNORT Jagan Mohan Reddy D (Jan 06)
snort Jagan Mohan Reddy D (Feb 14)
running snort on Ubuntu Jagan Mohan Reddy D (Feb 22)
Snort on WIN XP Jagan Mohan Reddy D (Feb 07)

Jahchan, George

Issues with snort 2.9.2.1 on FC13 x64 Jahchan, George (Mar 08)

Jaime Nebrera

Ethernet options Jaime Nebrera (Mar 07)
Re: Notification limitation Jaime Nebrera (Jan 13)
Re: Notification limitation Jaime Nebrera (Jan 16)
Re: Snort with NFQUEUE allows everything (even unopened ports) Jaime Nebrera (Mar 31)
Unified2 format Jaime Nebrera (Feb 22)
Re: Snort with NFQUEUE allows everything (even unopened ports) Jaime Nebrera (Mar 31)
Re: Ethernet options Jaime Nebrera (Mar 08)
Re: Notification limitation Jaime Nebrera (Jan 13)
Notification limitation Jaime Nebrera (Jan 13)
Re: OpenDPI Jaime Nebrera (Mar 25)

James Lay

Unable to set max_mime_mem James Lay (Mar 10)

Jan Seidl

Re: Snort/Barnyard2 performance with remote DB Jan Seidl (Feb 27)
Re: BASE and Snorby running together Jan Seidl (Feb 22)
Re: Snort/Barnyard2 performance with remote DB Jan Seidl (Feb 27)

Jari Fredriksson

Re: running snort on Ubuntu Jari Fredriksson (Feb 23)

Jason Brvenik

Re: [Snort-users] threshold -- is it really deprecated? Jason Brvenik (Jan 23)
Re: [Snort-devel] threshold -- is it really deprecated? Jason Brvenik (Jan 23)
Re: [Snort-users] threshold -- is it really deprecated? Jason Brvenik (Jan 23)
Re: off-thread Jason Brvenik (Mar 07)

Jason Haar

Re: Snort/Barnyard2 performance with remote DB Jason Haar (Feb 29)
Re: Snort/Barnyard2 performance with remote DB Jason Haar (Feb 29)
Re: Snort/Barnyard2 performance with remote DB Jason Haar (Feb 29)
Re: Sensor placement with presence of web proxies Jason Haar (Jan 26)

Jason Wallace

Re: HOMENET IP exclusions Jason Wallace (Mar 13)
Re: Noisy Alert thats not in the rules? Jason Wallace (Feb 24)
Re: HOMENET IP exclusions Jason Wallace (Mar 12)
Re: preprocessor normalize_tcp: ips Jason Wallace (Jan 10)
preprocessor normalize_tcp: ips Jason Wallace (Jan 09)
Re: Using snort to track Oracle access Jason Wallace (Feb 23)
Re: BASE and Snorby running together Jason Wallace (Feb 22)
Re: Sensor placement with presence of web proxies Jason Wallace (Jan 26)
Re: preprocessor normalize_tcp: ips Jason Wallace (Jan 10)

Jeff

Noisy Alert thats not in the rules? Jeff (Feb 24)

Jefferson Diego Gomes Rosa

Re: help on snort Jefferson Diego Gomes Rosa (Feb 03)

Jefferson, Shawn

Re: HELP ON SNORT Jefferson, Shawn (Jan 30)
Re: Sensor placement with presence of web proxies Jefferson, Shawn (Jan 26)
Re: Sensor placement with presence of web proxies Jefferson, Shawn (Jan 26)
Re: Decoder Alerts (config options ignored?) Jefferson, Shawn (Jan 20)
Re: BASE and Snorby running together Jefferson, Shawn (Feb 22)
Re: [Snort-Users] about capturing packets Jefferson, Shawn (Feb 14)
Re: BASE and Snorby running together Jefferson, Shawn (Feb 22)

Jeff Kell

Re: Preprocessor issue? can't get new snort to initialize... Jeff Kell (Mar 29)
Preprocessor issue? can't get new snort to initialize... Jeff Kell (Mar 29)

Jeff Murphy

Re: Where Is libprelude? Jeff Murphy (Feb 03)

Jeremy Hoel

Re: HELP ON SNORT Jeremy Hoel (Jan 29)
Re: Snort For logging and auditing Jeremy Hoel (Mar 21)
Re: 2.9.2 Upgrade Jeremy Hoel (Jan 26)
Re: HELP ON SNORT Jeremy Hoel (Jan 29)
2.9.2 Upgrade Jeremy Hoel (Jan 26)
Re: Unknown rule type: reject Fatal Error, Quitting.. on snort 2.8.4.1 Jeremy Hoel (Jan 22)
Re: No data on Snort Report. Jeremy Hoel (Mar 15)
Re: No data on Snort Report. Jeremy Hoel (Mar 15)
Re: cannot authenticate to MSSQL database from BASE Jeremy Hoel (Feb 02)
Re: Post Snort 2.9.2.1 (Ubuntu 10.04 LTS) installation issues Jeremy Hoel (Mar 08)
Re: cannot authenticate to MSSQL database from BASE Jeremy Hoel (Feb 02)
Re: cannot authenticate to MSSQL database from BASE Jeremy Hoel (Feb 02)
Re: Snort 2.9 installation error Jeremy Hoel (Jan 15)
Re: HELP ON SNORT Jeremy Hoel (Jan 30)
Re: FATAL ERROR: VRT-specific-threats.rules Jeremy Hoel (Jan 22)
Re: HELP ON SNORT Jeremy Hoel (Jan 27)

Jeronimo L. Cabral

Oinkmaster fails to download rules Jeronimo L. Cabral (Mar 09)
snort: snort_stream5_tcp.c:4833: CheckSegments: Assertion `SEGBORK' failed. Aborted Jeronimo L. Cabral (Mar 15)
Re: snort: snort_stream5_tcp.c:4833: CheckSegments: Assertion `SEGBORK' failed. Aborted Jeronimo L. Cabral (Mar 15)
Re: Oinkmaster fails to download rules Jeronimo L. Cabral (Mar 09)
Snort 2.9.2.1: segmentation fault Jeronimo L. Cabral (Mar 22)
Child terminated unexpectedly Jeronimo L. Cabral (Mar 14)
Re: Child terminated unexpectedly Jeronimo L. Cabral (Mar 15)
Re: Child terminated unexpectedly Jeronimo L. Cabral (Mar 14)

Jim Hranicky

Re: SSL and Snort Jim Hranicky (Feb 06)
Re: [Snort-devel] threshold -- is it really deprecated? Jim Hranicky (Jan 23)
Re: [Snort-devel] threshold -- is it really deprecated? Jim Hranicky (Jan 24)

JJC

Re: pulledpork documentation JJC (Jan 09)
Re: 21042 Blacklist JJC (Feb 23)
Re: signature true positive or not JJC (Jan 24)
Re: BASE and Snorby running together JJC (Feb 22)
Re: Correct bpf_file syntax? JJC (Feb 21)
Re: Configuring snort as IPS JJC (Jan 24)
Re: Configuring snort as IPS JJC (Jan 24)

JJ Cummings

Re: snort 2.9.2 disable alerts for so_rules (p2p) JJ Cummings (Feb 04)
Re: SID 18773 JJ Cummings (Jan 12)
Re: snort 2.9.2 disable alerts for so_rules (p2p) JJ Cummings (Feb 02)

Joel Esler

Re: how to release a Snort IPv6 plugin? Joel Esler (Feb 05)
Re: [Snort-Users] about capturing packets Joel Esler (Feb 13)
Re: [Snort-users] Announce Unified2 Anonymiser v0.9.0b u2_anon Joel Esler (Jan 23)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Joel Esler (Mar 12)
Re: 2.9.2 Upgrade Joel Esler (Jan 26)
Re: Snort 2.9.2.1 Now Available Joel Esler (Feb 01)
Re: Snort "NORMALIZATION" question Joel Esler (Feb 06)
Re: Oinkmaster fails to download rules Joel Esler (Mar 09)
Re: snort 2.9.2 core dump on solaris 10 sparc Joel Esler (Mar 13)
Re: can't log send out packets Joel Esler (Jan 30)
Re: Only an empty Alert file :( Joel Esler (Mar 13)
Re: help on snort Joel Esler (Mar 04)
Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
Re: snort 2.9.2 preproc sids, gids missing from gen-msg.map Joel Esler (Feb 06)
Re: signature true positive or not Joel Esler (Jan 24)
Re: HELP ON SNORT Joel Esler (Jan 30)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Joel Esler (Mar 30)
Re: Snort terminates abnormally Joel Esler (Mar 13)
Re: Snort rule doesn't generate alerts when hosts responding simultaneously Joel Esler (Mar 12)
Re: pulledpork documentation Joel Esler (Jan 09)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole Terse JavaScript hex 16 byte document.location JavaScript redirect to showthread.php" Joel Esler (Mar 13)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS - Bredolab infected asset POSTing check-in" Joel Esler (Mar 12)
Re: how to release a Snort IPv6 plugin? Joel Esler (Feb 05)
Re: Notification limitation Joel Esler (Jan 13)
Re: Proposed Signatures - Blackhole Exploit Kit Joel Esler (Mar 13)
Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Joel Esler (Mar 25)
Re: Empty output (unified) files Joel Esler (Mar 26)
Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
Re: snort_Base_Barnyard2 Joel Esler (Mar 10)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Joel Esler (Feb 03)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Joel Esler (Mar 12)
Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole Terse JavaScript hex 16 byte document.location JavaScript redirect to showthread.php" Joel Esler (Mar 13)
Re: Error when testing snort.conf with 2.9.2.1 Joel Esler (Feb 20)
Snort.org Blog: The Vulnerability Research Team is hiring, we want YOU. Joel Esler (Feb 28)
Snort.org Blog: Rule Category Reorganization Joel Esler (Mar 09)
Re: Preprocessor issue? can't get new snort to initialize... Joel Esler (Mar 29)
Re: Cannot Find -lipq error Joel Esler (Mar 13)
Re: 2.9.2 Upgrade Joel Esler (Jan 26)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Joel Esler (Mar 31)
Re: Empty output (unified) files Joel Esler (Mar 22)
Re: [Emerging-Sigs] No real performance penalty? Joel Esler (Jan 11)
Re: [Emerging-Sigs] No real performance penalty? Joel Esler (Jan 18)
Re: OpenDPI Joel Esler (Mar 26)
Re: Fast-pattern matcher does not honor ignore_data in the SMTP Preprocessor Joel Esler (Feb 22)
Re: Empty output (unified) files Joel Esler (Mar 28)
Re: [Emerging-Sigs] FP : WEB-CLIENT Microsoft Internet Explorer malformed iframe buffer overflow attempt Joel Esler (Feb 20)
Re: Snort 2.9.2.1 compilation options Joel Esler (Feb 01)
Re: Empty output (unified) files Joel Esler (Mar 26)
Re: cannot authenticate to MSSQL database from BASE Joel Esler (Feb 11)
Snort 2.9.0.5 EOL notice Joel Esler (Mar 19)
Re: [Snort-Users] pcap DAQ configured to passive Joel Esler (Jan 09)
Re: Rules Joel Esler (Mar 27)
Re: Snort and SPADE integration : Segmentation Fault. Joel Esler (Jan 30)
Re: HELP ON SNORT Joel Esler (Jan 29)
Re: Proposed Signatures - Blackhole Exploit Kit Joel Esler (Mar 13)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Joel Esler (Mar 12)
Re: Empty output (unified) files Joel Esler (Mar 27)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Joel Esler (Feb 02)
Re: FATAL ERROR: VRT-specific-threats.rules Joel Esler (Jan 22)
Re: abt snort log file Joel Esler (Jan 27)
Re: how to release a Snort IPv6 plugin? Joel Esler (Feb 04)
Re: Configuring snort as IPS Joel Esler (Jan 25)
Re: Preprocessor issue? can't get new snort to initialize... Joel Esler (Mar 29)
Re: [Emerging-Sigs] How can i prevent from the MS09-004 and MS08-040 HIRisk ? Joel Esler (Feb 05)
Re: Oinkmaster fails to download rules Joel Esler (Mar 09)
Re: [Snort-users] threshold -- is it really deprecated? Joel Esler (Jan 23)
Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
Re: ssp_ssl - excessive alerts Joel Esler (Jan 08)
Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
Re: HELP ON SNORT Joel Esler (Jan 24)
Re: (no subject) Joel Esler (Jan 29)
Re: Configuring snort as IPS Joel Esler (Jan 25)
Re: [Snort-users] Public Bugzilla? [was: threshold -- is it really deprecated?] Joel Esler (Feb 04)
Re: Fine tuning javascript normalize Joel Esler (Jan 11)
Re: Preprocessor issue? can't get new snort to initialize... Joel Esler (Mar 29)
Re: Snort/Barnyard2 performance with remote DB Joel Esler (Feb 27)
Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
Re: pulledpork documentation Joel Esler (Jan 10)
Re: Only an empty Alert file :( Joel Esler (Mar 12)
Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
Re: Excessive alerts on SID 17407 -- Windows help file download Joel Esler (Jan 29)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Joel Esler (Feb 03)
Re: Sensor placement with presence of web proxies Joel Esler (Jan 27)
Re: HELP ON SNORT Joel Esler (Jan 29)
Re: 21042 Blacklist Joel Esler (Feb 23)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch qq" Joel Esler (Mar 07)
Re: Snort 2.9.2.1 Now Available Joel Esler (Jan 30)
Re: on snort Joel Esler (Feb 10)
Re: Old snort version running with the new rules Joel Esler (Jan 09)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Joel Esler (Feb 03)
Re: signature true positive or not Joel Esler (Jan 25)
Re: snort 2.9.2 & Razorback Joel Esler (Jan 30)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Joel Esler (Mar 05)
Re: FATAL ERROR: VRT-specific-threats.rules Joel Esler (Jan 22)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS Blackhole Terse JavaScript hex 16 byte document.location JavaScript redirect to showthread.php" Joel Esler (Mar 13)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Joel Esler (Mar 05)
Re: Rules updates and compile-time options Joel Esler (Jan 29)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Joel Esler (Feb 04)
Re: snort 2.9.2 & Razorback Joel Esler (Jan 30)
Re: Payload detection options conf files Joel Esler (Mar 22)
Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Joel Esler (Mar 25)
Re: [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo Joel Esler (Feb 08)
Re: Snort terminates abnormally Joel Esler (Mar 12)
Re: Sensor placement with presence of web proxies Joel Esler (Jan 26)
Re: Proposed Signatures - Blackhole Exploit Kit Joel Esler (Mar 13)
Re: File-identify category Joel Esler (Jan 05)
Re: Deprecated support prelude on snort 2.9.3 Joel Esler (Mar 03)
Re: snort 2.9.2 preproc sids, gids missing from gen-msg.map Joel Esler (Feb 06)
Re: [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo Joel Esler (Feb 08)
Snort.org errors Joel Esler (Feb 22)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Joel Esler (Mar 12)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" Joel Esler (Mar 05)
Re: [Emerging-Sigs] FP : WEB-CLIENT Microsoft Internet Explorer malformed iframe buffer overflow attempt Joel Esler (Feb 20)
Re: Snort terminates abnormally Joel Esler (Mar 12)
Re: [Snort-users] Public Bugzilla? [was: threshold -- is it really deprecated?] Joel Esler (Jan 24)
Re: Snort 2.9.2.1: segmentation fault Joel Esler (Mar 22)
Snort.org Blog: The importance of PulledPork Joel Esler (Jan 23)
Re: [Snort-devel] snort rule about MS08-067 Joel Esler (Feb 23)
Re: cannot authenticate to MSSQL database from BASE Joel Esler (Feb 11)
Re: snort.conf does not get installed? Joel Esler (Jan 19)
Re: Configuring snort as IPS Joel Esler (Jan 24)
Re: HELP ON SNORT Joel Esler (Jan 27)
Re: Notification limitation Joel Esler (Jan 13)
Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
Re: Invalid protocol name for "ip_proto" rule option: "igmp" Joel Esler (Feb 24)
Re: snort.conf in 2.9.2 and VRT tarball Joel Esler (Jan 01)
Re: Sensor placement with presence of web proxies Joel Esler (Jan 26)
Re: Snort reading error Joel Esler (Mar 20)
Re: Only an empty Alert file :( Joel Esler (Mar 12)
Re: Statistics of running snort Joel Esler (Mar 11)
Re: [Snort-devel] threshold -- is it really deprecated? Joel Esler (Jan 24)
Re: Almost 4000 rules cleaned? Joel Esler (Mar 14)
Re: Invalid protocol name for "ip_proto" rule option: "igmp" Joel Esler (Feb 24)
Snort 2.9.0.5 EOL notice Joel Esler (Mar 19)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Joel Esler (Feb 29)
Re: Where Is libprelude? Joel Esler (Feb 03)
Re: Snort 2.9.2.1 Now Available Joel Esler (Jan 30)
Re: Problems with snort Joel Esler (Mar 26)
Re: Proposed Signatures - Blackhole Exploit Kit Joel Esler (Mar 13)
Re: Rule categories Joel Esler (Jan 04)
Re: Preprocessor issue? can't get new snort to initialize... Joel Esler (Mar 29)

Joe S

segfault - how to troubleshoot Joe S (Jan 31)
pulledpork documentation Joe S (Jan 09)
Re: pulledpork documentation Joe S (Jan 10)

John Heinz

Barnyard2 error John Heinz (Mar 08)
Re: Barnyard2 error John Heinz (Mar 09)

John York

off-thread John York (Mar 07)

Jonathan S. Abrams

Re: Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 03)
Re: snort 2.9.2 & Razorback Jonathan S. Abrams (Feb 06)
Re: FATAL ERROR: VRT-specific-threats.rules Jonathan S. Abrams (Jan 22)
Re: Where Is libprelude? Jonathan S. Abrams (Feb 06)
Re: Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 05)
Re: Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 09)
ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
snort.conf does not get installed? Jonathan S. Abrams (Jan 18)
Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 06)
Where Is libprelude? Jonathan S. Abrams (Feb 03)
Re: Snort 2.9 installation error Jonathan S. Abrams (Jan 14)
Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 03)
Re: Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 06)
Re: ERROR: Can't find pcap DAQ! Jonathan S. Abrams (Jan 14)
Re: Compiling Snort and Razorback Error Jonathan S. Abrams (Feb 05)
FATAL ERROR: VRT-specific-threats.rules Jonathan S. Abrams (Jan 22)
Re: FATAL ERROR: VRT-specific-threats.rules Jonathan S. Abrams (Jan 22)
Re: Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 04)
Re: Where Is libprelude? Jonathan S. Abrams (Feb 05)
Compiling Snort and Razorback Error Jonathan S. Abrams (Jan 03)

Jørgen Bøhnsdalen

Re: snort 2.9.2 disable alerts for so_rules (p2p) Jørgen Bøhnsdalen (Feb 03)

Joshua Kinard

Re: [Snort-users] threshold -- is it really deprecated? Joshua Kinard (Jan 23)
Re: [Snort-users] threshold -- is it really deprecated? Joshua Kinard (Jan 23)
Re: [Snort-users] threshold -- is it really deprecated? Joshua Kinard (Jan 23)
threshold -- is it really deprecated? Joshua Kinard (Jan 20)
Re: how to release a Snort IPv6 plugin? Joshua Kinard (Feb 05)
Re: [Snort-users] Public Bugzilla? [was: threshold -- is it really deprecated?] Joshua Kinard (Feb 05)
Re: [Snort-users] threshold -- is it really deprecated? Joshua Kinard (Jan 23)
Re: [Snort-users] Public Bugzilla? [was: threshold -- is it really deprecated?] Joshua Kinard (Jan 24)
Re: how to release a Snort IPv6 plugin? Joshua Kinard (Feb 05)
Re: threshold -- is it really deprecated? Joshua Kinard (Jan 20)
Re: [Snort-users] threshold -- is it really deprecated? Joshua Kinard (Jan 23)
Sensitive Data Preprocessor Joshua Kinard (Feb 21)
Re: Fast-pattern matcher does not honor ignore_data in the SMTP Preprocessor Joshua Kinard (Feb 21)

Kevin Ross

Re: Configuring snort as IPS Kevin Ross (Jan 24)
Re: signature true positive or not Kevin Ross (Jan 24)
Re: Snort rule about MS08-067 Kevin Ross (Feb 24)
Re: [Snort-Users] about capturing packets Kevin Ross (Feb 14)
Re: Configuring snort as IPS Kevin Ross (Jan 25)
Re: on snort Kevin Ross (Jan 27)
Re: [Snort-Users] about capturing packets Kevin Ross (Feb 13)
Re: signature true positive or not Kevin Ross (Jan 24)
Re: Configuring snort as IPS Kevin Ross (Jan 25)
Re: Configuring snort as IPS Kevin Ross (Jan 24)

Kiet Tran

Re: OpenDPI Kiet Tran (Mar 25)
What is next after compiling a new DAQ? Kiet Tran (Mar 20)
Re: running my preprocesser = quit why? Kiet Tran (Mar 21)

Kimi Ushida

Re: HELP ON SNORT Kimi Ushida (Jan 30)

Kloc, Alisha

Snort crossing interfaces? Kloc, Alisha (Feb 02)

Kungu Panda

snort'ing MPLS Kungu Panda (Jan 12)

Lawrence R. Hughes, Sr.

snort 2.9.2 --enable-timestats Lawrence R. Hughes, Sr. (Jan 17)
snort 2.9.2 preproc sids, gids missing from gen-msg.map Lawrence R. Hughes, Sr. (Feb 06)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Lawrence R. Hughes, Sr. (Feb 03)
snort 2.9.2 Lawrence R. Hughes, Sr. (Jan 27)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Lawrence R. Hughes, Sr. (Feb 03)
Re: snort 2.9.2 disable alerts for so_rules (p2p) Lawrence R. Hughes, Sr. (Feb 02)
snort 2.9.2 disable alerts for so_rules (p2p) Lawrence R. Hughes, Sr. (Feb 02)
snort 2.9.2 & Razorback Lawrence R. Hughes, Sr. (Jan 30)

Lay, James

Fine tuning javascript normalize Lay, James (Jan 11)
Re: Child terminated unexpectedly Lay, James (Mar 14)
Re: HELP ON SNORT Lay, James (Jan 30)
Re: [Spam] Re: segfault - how to troubleshoot Lay, James (Feb 01)
Blackhole Exploit Kit write-up Lay, James (Mar 29)
Re: Fine tuning javascript normalize Lay, James (Jan 11)

Leach, Rob M (NAM E)

Snort Users - Flowbits and rule ordering Leach, Rob M (NAM E) (Feb 09)
Flowbits and rule ordering issue Leach, Rob M (NAM E) (Feb 09)

Lionel PRAT

Rule with noalert Lionel PRAT (Feb 02)

lists () packetmail net

Re: Proposed Signature - COMMUNITY WEB-PHP Remote Execution Backdoor Attempt Against Horde lists () packetmail net (Feb 17)
Re: Proposed Signatures - Blackhole Exploit Kit lists () packetmail net (Mar 13)
Re: Proposed Signatures - Blackhole Exploit Kit lists () packetmail net (Mar 13)
Re: Not uricontent lists () packetmail net (Feb 23)

livio Ricciulli

Re: Multiprocessing Snort with PF_RING DAQ (DNA enabled) livio Ricciulli (Feb 08)
Re: Falses on 2011032/ET SCAN HTTP POST invalid method case? livio Ricciulli (Mar 22)
Re: Multiprocessing Snort with PF_RING DAQ (DNA enabled) Livio Ricciulli (Feb 08)

Luis

snort 2.9.2 core dump on solaris 10 sparc Luis (Mar 01)
Re: request for changes to compile snort in Solaris Luis (Feb 02)
initial Patches for compiling snort 2.9.2 and daq 0.6.2 on solaris Luis (Feb 10)
Initial Patches to compile snort 2.9.2 in Solaris Luis (Feb 10)
request for changes to compile snort in Solaris Luis (Jan 31)

Lukas Matt

Re: Invalid protocol name for "ip_proto" rule option: "igmp" Lukas Matt (Feb 24)
Invalid protocol name for "ip_proto" rule option: "igmp" Lukas Matt (Feb 24)

Mahammed Faiz Aboalmaali

Packet Capturing Mahammed Faiz Aboalmaali (Mar 30)

MALIK AZHAR MUSHTAQ

Snort installation MALIK AZHAR MUSHTAQ (Mar 19)
Snort Installation MALIK AZHAR MUSHTAQ (Mar 07)
Testing Snort MALIK AZHAR MUSHTAQ (Mar 24)

Manohar Bhattarai

Unknown rule type: reject Fatal Error, Quitting.. on snort 2.8.4.1 Manohar Bhattarai (Jan 22)

Marc Manthey (macbroadcast )

Re: snort seminars in germany ? Marc Manthey (macbroadcast ) (Jan 03)

Marcos Rodriguez

Re: Snort on WIN XP Marcos Rodriguez (Feb 07)
Re: OpenDPI Marcos Rodriguez (Mar 24)

Mark Andrews

Re: Advanced DNS rules Mark Andrews (Feb 19)
Re: Advanced DNS rules Mark Andrews (Feb 19)

Mark W. Jeanmougin

Re: off-thread Mark W. Jeanmougin (Mar 08)
Re: segfault - how to troubleshoot Mark W. Jeanmougin (Jan 31)

Martin Holste

Re: Snort/Barnyard2 performance with remote DB Martin Holste (Feb 27)
Re: Sensor placement with presence of web proxies Martin Holste (Jan 27)
Re: HELP ON SNORT Martin Holste (Jan 29)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Martin Holste (Mar 12)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Martin Holste (Mar 12)
Sensor placement with presence of web proxies Martin Holste (Jan 26)
Re: [Spam] Re: segfault - how to troubleshoot Martin Holste (Feb 01)
Re: Using snort to track Oracle access Martin Holste (Feb 23)
Re: HELP ON SNORT Martin Holste (Jan 27)
Re: [Snort-Users] about capturing packets Martin Holste (Feb 14)
Re: BOTNET-CNC Possible host infection - excessive DNS queries for .eu Martin Holste (Mar 12)
Re: threshold deprecation and event_filter Martin Holste (Jan 13)
Re: HELP ON SNORT Martin Holste (Jan 30)
Re: Snort/Barnyard2 performance with remote DB Martin Holste (Feb 27)
Re: Testing Snort Martin Holste (Mar 04)
Re: HELP ON SNORT Martin Holste (Jan 30)

Martin Roesch

Re: [Snort-users] threshold -- is it really deprecated? Martin Roesch (Jan 23)

Martin Schütte

how to release a Snort IPv6 plugin? Martin Schütte (Feb 02)

Matt Jonkman

Re: Proposed Signature for Keystrokes iKeyMonitor iOS Keylogger Matt Jonkman (Mar 21)

Matt Olney

Re: snort 2.9.2 & Razorback Matt Olney (Jan 31)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Matt Olney (Feb 29)
Re: snort 2.9.2 & Razorback Matt Olney (Feb 07)
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Matt Olney (Mar 01)

Maunu, Mark

Re: off-thread Maunu, Mark (Mar 09)

Michael Altizer

Re: DAQ Mod issue Michael Altizer (Mar 21)
Re: var PKT_TIMEOUT in sfdaq.c Michael Altizer (Feb 29)

Michael R Gilliam

2.9.2-1 - Missing Alerts in Unified2 - Partial Alert in Unified Michael R Gilliam (Feb 03)

Michael Steele

Connecting to PostgreSQL database from BASE problems... Michael Steele (Mar 05)
Re: cannot authenticate to MSSQL database from BASE Michael Steele (Feb 11)
Re: cannot authenticate to MSSQL database from BASE Michael Steele (Feb 06)
Re: snort with mysql Michael Steele (Feb 08)
Re: cannot authenticate to MSSQL database from BASE Michael Steele (Jan 22)
Re: Snort on WIN XP Michael Steele (Feb 07)
Re: cannot authenticate to MSSQL database from BASE Michael Steele (Feb 02)
Barnyard and event logging to MySQL and BASE Michael Steele (Mar 23)
Re: cannot authenticate to MSSQL database from BASE Michael Steele (Feb 03)
Re: Barnyard2 - CYGWIN - Windows Compile Michael Steele (Feb 20)
Barnyard2 - CYGWIN - Windows Compile Michael Steele (Feb 19)
Re: Snort on WIN XP Michael Steele (Feb 07)
Problems with PostgreSQL users permissions Michael Steele (Mar 04)
PostgreSQL and BASE usage? Michael Steele (Mar 06)
Re: cannot authenticate to MSSQL database from BASE Michael Steele (Feb 03)

Miguel Alvarez

Re: Snort 2.9.2.1 Now Available Miguel Alvarez (Jan 19)
Error when testing snort.conf with 2.9.2.1 Miguel Alvarez (Feb 20)
Re: Error when testing snort.conf with 2.9.2.1 Miguel Alvarez (Feb 20)
Correct bpf_file syntax? Miguel Alvarez (Feb 21)

Mike Lococo

Re: Snort/Barnyard2 performance with remote DB Mike Lococo (Feb 28)
Re: Snort/Barnyard2 performance with remote DB Mike Lococo (Feb 29)
Re: Snort/Barnyard2 performance with remote DB Mike Lococo (Mar 01)

Miso Patel

Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
Querstion about Chinese IP addresses Miso Patel (Mar 12)
Snort "NORMALIZATION" question Miso Patel (Feb 06)

Mohd Fauzi Bin Suwarno

sid:19825 Apache Killer Mohd Fauzi Bin Suwarno (Mar 06)

Nabyl B

Automated Reply from Nabyl B <nabylb () stptech com> Nabyl B (Feb 19)

ndritsos

Snort rule about MS08-067 ndritsos (Feb 23)
snort rule about MS08-067 ndritsos (Feb 23)

neethu b

Snort reading error neethu b (Mar 19)

Negin Nickparsa

README.UNSOCK Negin Nickparsa (Jan 30)
sample files Negin Nickparsa (Jan 12)

Nick Moore

Re: sample files Nick Moore (Jan 12)
Re: [Snort-users] regarding SNORT Nick Moore (Jan 10)
Re: No data on Snort Report. Nick Moore (Mar 15)
Re: snort Nick Moore (Mar 02)
Re: Empty output (unified) files Nick Moore (Mar 27)
Re: regarding SNORT Nick Moore (Jan 06)
Re: Problems with snort Nick Moore (Mar 26)
Re: snort help Nick Moore (Feb 23)
Re: snort Nick Moore (Feb 14)

Nogwai

Re: HOMENET IP exclusions Nogwai (Mar 13)
HOMENET IP exclusions Nogwai (Mar 12)
Re: HOMENET IP exclusions Nogwai (Mar 13)

Olaf Schreck

Re: Preprocessor issue? can't get new snort to initialize... Olaf Schreck (Mar 29)
Re: Cannot build 2.9.2.2 on OpenBSD 5.0 Olaf Schreck (Mar 29)

Oleg Jakobi

Snort Report 1.3.3 Oleg Jakobi (Feb 14)

orderTalk Tech Support

[TECHSUPPORT #AON-703-45593]: Re: [Snort-Users] about capturing packets orderTalk Tech Support (Feb 13)

Packet Hack

Falses on 2011032/ET SCAN HTTP POST invalid method case? Packet Hack (Mar 22)
Re: Falses on 2011032/ET SCAN HTTP POST invalid method case? Packet Hack (Mar 26)

Patrick Mullen

Re: start error snort 2.9.2.1. Dynamicplugin Error. Patrick Mullen (Feb 27)
Re: threshold -- is it really deprecated? Patrick Mullen (Jan 21)

Paul Halliday

Re: HELP ON SNORT Paul Halliday (Jan 30)
Re: HELP ON SNORT Paul Halliday (Jan 30)

Peter Bates

File-identify category Peter Bates (Jan 05)
Re: Snort 2.9.2.1 Now Available Peter Bates (Feb 01)
Rule categories Peter Bates (Jan 04)
Snort 2.9.2.1 compilation options Peter Bates (Feb 01)
"Valid hex values only please!" error Peter Bates (Jan 23)
Re: "Valid hex values only please!" error Peter Bates (Jan 23)

Philip Edwards

Problems with snort Philip Edwards (Mar 26)

pnss pnss

(no subject) pnss pnss (Jan 15)

PS

Barnyard2 and AFPACKET PS (Feb 06)
Re: SSL and Snort PS (Feb 06)
SSL and Snort PS (Feb 06)
Re: SSL and Snort PS (Feb 06)
Re: Barnyard2 and AFPACKET PS (Feb 06)
Re: Basics of setting up an inline snort installation PS (Feb 09)
Re: Basics of setting up an inline snort installation PS (Feb 09)
Re: SSL and Snort PS (Feb 06)
Re: running snort on Ubuntu PS (Feb 22)
Re: SSL and Snort PS (Feb 07)
Re: Basics of setting up an inline snort installation PS (Feb 09)
Re: SSL and Snort PS (Feb 06)

Qinwen Hu

ARP Processor Question Qinwen Hu (Jan 11)

Randal T. Rioux

Re: OpenDPI Randal T. Rioux (Mar 27)
OpenDPI Randal T. Rioux (Mar 24)
Re: OpenDPI Randal T. Rioux (Mar 25)

Randy Peif

Post Snort 2.9.2.1 (Ubuntu 10.04 LTS) installation issues. Randy Peif (Mar 08)
Post Snort 2.9.2.1 (Ubuntu 10.04 LTS) installation issues Randy Peif (Mar 08)

Ranel, LeRoy (Norcross)

21042 Blacklist Ranel, LeRoy (Norcross) (Feb 23)

Ray Caparros

Re: off-thread Ray Caparros (Mar 08)

Research

Sourcefire VRT Certified Snort Rules Update 2012-01-12 Research (Jan 12)
Sourcefire VRT Certified Snort Rules Update 2012-01-19 Research (Jan 19)
Sourcefire VRT Certified Snort Rules Update 2012-03-13 Research (Mar 13)
Sourcefire VRT Certified Snort Rules Update 2012-02-09 Research (Feb 09)
Sourcefire VRT Certified Snort Rules Update 2012-01-31 Research (Jan 31)
Sourcefire VRT Certified Snort Rules Update 2012-02-14 Research (Feb 14)
Sourcefire VRT Certified Snort Rules Update 2012-01-03 Research (Jan 03)
Sourcefire VRT Certified Snort Rules Update 2012-03-29 Research (Mar 29)
Sourcefire VRT Certified Snort Rules Update 2012-01-26 Research (Jan 26)
Sourcefire VRT Certified Snort Rules Update 2012-02-07 Research (Feb 07)
Sourcefire VRT Certified Snort Rules Update 2012-02-17 Research (Feb 17)
Sourcefire VRT Certified Snort Rules Update 2012-03-27 Research (Mar 27)
Sourcefire VRT Certified Snort Rules Update 2012-02-23 Research (Feb 23)
Sourcefire VRT Certified Snort Rules Update 2012-03-06 Research (Mar 06)
Sourcefire VRT Certified Snort Rules Update 2012-02-21 Research (Feb 21)
Sourcefire VRT Certified Snort Rules Update 2012-01-10 Research (Jan 10)
Sourcefire VRT Certified Snort Rules Update 2012-03-16 Research (Mar 16)
Sourcefire VRT Certified Snort Rules Update 2012-02-02 Research (Feb 02)
Sourcefire VRT Certified Snort Rules Update 2012-02-28 Research (Feb 28)
Sourcefire VRT Certified Snort Rules Update 2012-03-22 Research (Mar 22)
Sourcefire VRT Certified Snort Rules Update 2012-02-27 Research (Feb 27)
Sourcefire VRT Certified Snort Rules Update 2012-01-24 Research (Jan 24)
Sourcefire VRT Certified Snort Rules Update 2012-03-08 Research (Mar 08)
Sourcefire VRT Certified Snort Rules Update 2012-03-20 Research (Mar 20)
Sourcefire VRT Certified Snort Rules Update 2012-03-01 Research (Mar 01)
Sourcefire VRT Certified Snort Rules Update 2012-03-15 Research (Mar 15)

Richard Bejtlich

Re: Correct bpf_file syntax? Richard Bejtlich (Feb 22)
Re: SSL and Snort Richard Bejtlich (Feb 06)

Rich Graves

Re: HELP ON SNORT Rich Graves (Jan 31)
Re: [Snort-users] threshold -- is it really deprecated? Rich Graves (Jan 25)
Re: off-thread Rich Graves (Mar 08)

Rick

No data on Snort Report. Rick (Mar 15)
Re: No data on Snort Report. Rick (Mar 15)

rmkml

Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow rmkml (Mar 25)
Re: BPF Question rmkml (Mar 07)
Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow rmkml (Mar 25)
Re: Excessive alerts on SID 17407 -- Windows help file download rmkml (Jan 27)

romain

Access to the raw data of packets from SFSnortPacket structure romain (Feb 01)

Ron Kaye Jr

(no subject) Ron Kaye Jr (Feb 15)

Rony Roy

Re: Snort 2.9 installation error Rony Roy (Jan 13)
Snort 2.9 installation error Rony Roy (Jan 13)

Russ Combs

Re: Cannot build 2.9.2.2 on OpenBSD 5.0 Russ Combs (Mar 29)
Re: Doubt in development Russ Combs (Feb 07)
Re: ERROR: Can't find pcap DAQ! Russ Combs (Jan 16)
Re: Compiling Snort and Razorback Error Russ Combs (Jan 03)
Re: threshold -- is it really deprecated? Russ Combs (Jan 20)
Re: ERROR: Can't find pcap DAQ! Russ Combs (Jan 11)
Re: preprocessor normalize_tcp: ips Russ Combs (Jan 10)
Re: Snort Beginner Russ Combs (Mar 05)
Re: threshold -- is it really deprecated? Russ Combs (Jan 21)
Re: Where Is libprelude? Russ Combs (Feb 06)
Re: support current pflog format (>= OpenBSD 4.9) Russ Combs (Mar 26)
Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Russ Combs (Jan 20)
Re: Compiling Snort and Razorback Error Russ Combs (Jan 04)
Re: initial Patches for compiling snort 2.9.2 and daq 0.6.2 on solaris Russ Combs (Feb 10)
Re: Where Is libprelude? Russ Combs (Feb 03)
Re: var PKT_TIMEOUT in sfdaq.c Russ Combs (Feb 29)
Re: Access to the raw data of packets from SFSnortPacket structure Russ Combs (Feb 01)
Re: Falses on 2011032/ET SCAN HTTP POST invalid method case? Russ Combs (Mar 23)
Re: Decoder Alerts (config options ignored?) Russ Combs (Jan 24)
Re: snort: snort_stream5_tcp.c:4833: CheckSegments: Assertion `SEGBORK' failed. Aborted Russ Combs (Mar 15)
Re: Evolving the TCP window size option Russ Combs (Jan 10)
Re: snort 2.9.2 Russ Combs (Jan 27)
Re: Where Is libprelude? Russ Combs (Feb 07)
Re: snort 2.9.2 --enable-timestats Russ Combs (Jan 17)
Re: Compiling Snort and Razorback Error Russ Combs (Jan 09)
Re: Very high amount of "TCP Small Segment Threshold Exceeded" Russ Combs (Feb 28)
Re: Compiling Snort and Razorback Error Russ Combs (Jan 05)
Re: Packet Capturing Russ Combs (Mar 30)
Re: preprocessor normalize_tcp: ips Russ Combs (Jan 09)
Re: Cannot build 2.9.2.2 on OpenBSD 5.0 Russ Combs (Mar 30)
Re: Snort with NFQUEUE allows everything (even unopened ports) Russ Combs (Mar 30)
Re: segfault - how to troubleshoot Russ Combs (Jan 31)
Re: Decoder Alerts (config options ignored?) Russ Combs (Jan 20)
Re: Snort 2.9.1 memory usage Russ Combs (Jan 31)
Re: Snort 2.9.1.2 exits on file upload Russ Combs (Feb 02)
Re: Basics of setting up an inline snort installation Russ Combs (Feb 09)
Re: var PKT_TIMEOUT in sfdaq.c Russ Combs (Feb 29)
Re: Very high amount of "TCP Small Segment Threshold Exceeded" Russ Combs (Feb 29)
Re: Compiling Snort and Razorback Error Russ Combs (Jan 05)
Re: snort'ing MPLS Russ Combs (Jan 12)
Re: Cannot build 2.9.2.2 on OpenBSD 5.0 Russ Combs (Mar 29)

Ryan Hudson

Snort For logging and auditing Ryan Hudson (Mar 21)

Ryan McBride

support current pflog format (>= OpenBSD 4.9) Ryan McBride (Mar 24)

Sacher, Désirée

Payload detection options conf files Sacher, Désirée (Mar 22)

Sandip Bankewar

Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
Configuring snort as IPS Sandip Bankewar (Jan 24)

Sangwoo Moon

Re: Multiprocessing Snort with PF_RING DAQ (DNA enabled) Sangwoo Moon (Feb 07)
Multiprocessing Snort with PF_RING DAQ (DNA enabled) Sangwoo Moon (Feb 06)

Scott Runnels

Re: HELP ON SNORT Scott Runnels (Jan 29)

Seth Hall

Re: OpenDPI Seth Hall (Mar 27)

Snort Releases

Snort 2.9.2.2 Now Available Snort Releases (Mar 27)
Snort 2.9.2.1 Now Available Snort Releases (Jan 19)
Snort 2.9.2.1 Now Available Snort Releases (Jan 19)
Snort 2.9.2.1 Now Available Snort Releases (Jan 19)
Snort 2.9.2.2 Now Available Snort Releases (Mar 27)

snort user

Re: Segfault using react snort user (Jan 03)

Stephane Chazelas

revealing obfuscated JS fromCharCode Stephane Chazelas (Mar 16)

Steven Sturges

Re: Segfault using react Steven Sturges (Jan 03)
Re: Unified Logging (PKT_STREAM_TWH & PKT_FROM_CLIENT) Steven Sturges (Feb 21)
Re: Segfault using react Steven Sturges (Jan 03)
Re: threshold deprecation and event_filter Steven Sturges (Jan 11)
Re: Segfault using react Steven Sturges (Jan 04)

Steve Wombell

Using snort to track Oracle access Steve Wombell (Feb 23)

Sudarshan Raghavan

Re: Snort 2.9.1.2 exits on file upload Sudarshan Raghavan (Feb 02)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Re: Snort 2.9.1.2 exits on file upload Sudarshan Raghavan (Feb 02)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Snort 2.9.1.2 exits on file upload Sudarshan Raghavan (Feb 02)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Re: Snort 2.9.1.2 exits on file upload Sudarshan Raghavan (Feb 02)
Re: Snort 2.9.1.2 exits on file upload Sudarshan Raghavan (Feb 02)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)

tadios tefera

Re: cannot authenticate to MSSQL database from BASE tadios tefera (Feb 02)
Re: cannot authenticate to MSSQL database from BASE tadios tefera (Jan 25)
Re: cannot authenticate to MSSQL database from BASE tadios tefera (Feb 03)
Re: cannot authenticate to MSSQL database from BASE tadios tefera (Feb 11)
Re: cannot authenticate to MSSQL database from BASE tadios tefera (Feb 03)
Re: cannot authenticate to MSSQL database from BASE tadios tefera (Jan 29)
cannot authenticate to MSSQL database from BASE tadios tefera (Jan 22)

Tarek Heggi

Request for Guidance Tarek Heggi (Mar 14)

tingwei liu

snort-2.9.2.1 NFQ mode performance poor tingwei liu (Mar 03)
Is there any docs about the theory of snort and daq? tingwei liu (Mar 03)
Re: running my preprocesser = quit why? tingwei liu (Mar 20)

troxlinux

barnyard2 with snort troxlinux (Mar 08)
Re: Barnyard2 error troxlinux (Mar 08)
problem with db snort mysql troxlinux (Jan 15)

Tudor Panaitescu

Re: Snort->OSSIM Sensor only, unified2? Tudor Panaitescu (Jan 11)
Re: Snort->OSSIM Sensor only, unified2? Tudor Panaitescu (Jan 11)

turki

Re: Snort/Barnyard2 performance with remote DB turki (Feb 27)
Re: Snort/Barnyard2 performance with remote DB turki (Feb 28)
Re: Snort/Barnyard2 performance with remote DB turki (Feb 29)
Snort/Barnyard2 performance with remote DB turki (Feb 27)

Umut Arus

Suppressing some alert Umut Arus (Jan 10)

vincent

snort 2.9.2.2 build 121 packages for RHEL5.x and RHEL6.x now available (now with libpcap-1.2.1) vincent (Mar 30)
snort 2.9.2.1 build 107 packages for RHEL5.x and RHEL6.x vincent (Jan 19)
SID 18773 vincent (Jan 12)
snort 2.9.2.2 build 121 packages for RHEL5.x and RHEL6.x now available vincent (Mar 28)
ssp_ssl - excessive alerts vincent (Jan 08)

waldo kitty

Re: snort 2.9.2 disable alerts for so_rules (p2p) waldo kitty (Feb 04)
Re: snort 2.9.2 disable alerts for so_rules (p2p) waldo kitty (Feb 02)
Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
Re: snort 2.9.2 disable alerts for so_rules (p2p) waldo kitty (Feb 03)
Re: Preprocessor issue? can't get new snort to initialize... waldo kitty (Mar 29)
Re: Preprocessor issue? can't get new snort to initialize... waldo kitty (Mar 29)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" waldo kitty (Mar 30)
Re: Preprocessor issue? can't get new snort to initialize... waldo kitty (Mar 29)
Re: Very high amount of "TCP Small Segment Threshold Exceeded" waldo kitty (Feb 29)
Re: running my preprocesser = quit why? waldo kitty (Mar 19)
Re: Necessary Change for "1:21417 <-> SPECIFIC-THREATS hostile PDF associated with Laik exploit kit" waldo kitty (Mar 29)
Re: Very high amount of "TCP Small Segment Threshold Exceeded" waldo kitty (Feb 28)
Re: Snort 2.9 installation error waldo kitty (Jan 13)
Re: cannot authenticate to MSSQL database from BASE waldo kitty (Feb 03)
Re: snort 2.9.2 disable alerts for so_rules (p2p) waldo kitty (Feb 03)
Re: [Snort-devel] threshold -- is it really deprecated? waldo kitty (Jan 25)

Will Metcalf

Re: SSL and Snort Will Metcalf (Feb 06)

Yaron Koral

Multiple pattern search engines Yaron Koral (Jan 10)

yasayag () gmail com

Statistics of running snort yasayag () gmail com (Mar 11)

Yashartha Chaturvedi

c0c0n 2012 - Call For Papers and Call For Workshops Yashartha Chaturvedi (Mar 18)

Yew Chuan Ong

Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Yew Chuan Ong (Mar 25)
IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Yew Chuan Ong (Mar 25)
BOTNET-CNC Possible host infection - excessive DNS queries for .eu Yew Chuan Ong (Mar 12)

Yossi

Re: signature true positive or not Yossi (Jan 24)
signature true positive or not Yossi (Jan 24)

Yossi Asayag

Old snort version running with the new rules Yossi Asayag (Jan 08)

Zhuxian

For the command line option --alert-before-pass, is it deprecated or not? Zhuxian (Jan 22)

快乐的狗(!)

Re: can't log send out packets 快乐的狗(!) (Jan 30)
回复： can't log send out packets 快乐的狗(!) (Jan 30)

赵易岳

running my preprocesser = quit why? 赵易岳 (Mar 19)

Previous period

Next period