Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

1245 messages starting Sep 27 12 and ending Aug 13 12
Date index | Thread index | Author index

Abhishek Sharma

Changing name and file size limit of ALERT output file Abhishek Sharma (Sep 27)

Adam

snort on one interface Adam (Jul 18)
Re: snort on one interface Adam (Jul 18)
Re: snort on one interface Adam (Jul 19)

Al Al

FW: snort 2.9.8.3 not detecting skype Al Al (Jul 11)
hi, to understand Al Al (Jul 09)
snort 2.9.8.3 not detecting skype Al Al (Jul 10)

Alex Adamos

Packet Logger Mode- what is func()? Alex Adamos (Sep 21)
Binary file format- tcpdump Alex Adamos (Sep 25)

Alex Kirk

Re: Unknown ClassType Alex Kirk (Sep 10)
Re: Couple sigs Alex Kirk (Sep 10)
Re: Couple sigs Alex Kirk (Sep 10)
Re: Couple sigs Alex Kirk (Sep 10)
Re: How to wite snort rule with "OR" condition without PCRE Alex Kirk (Jul 08)
Re: Help with a signature Alex Kirk (Sep 15)
Re: Binary file format- tcpdump Alex Kirk (Sep 25)
Re: Couple sigs Alex Kirk (Sep 10)
Re: How to write a snort rule match NO content GET orPOST in http request Alex Kirk (Jul 25)
Re: How to write a snort rule match NO content GET or POST in http request Alex Kirk (Jul 26)

Alfredo Cardigliano

Re: [Ntop-misc] Pfring crashes the kernel with white lists. Alfredo Cardigliano (Jul 22)
Re: [Ntop-misc] Snort and PF_RING stats Alfredo Cardigliano (Jul 11)

AllowOverride

Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 28)
Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 27)
Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 27)
Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 27)
Re: Barnyard2 - v2-1.10 is released AllowOverride (Sep 26)

Amm Snort

Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 10)
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 09)
Snort DB clean up ACID/BASE Amm Snort (Sep 25)
preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
Re: schemas not created Amm Snort (Aug 08)
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)

Andrew Torres

http_header Andrew Torres (Jul 23)
Re: How to write a snort rule match NO content GET orPOST in http request Andrew Torres (Jul 25)
Re: How to write a snort rule match NO content GET orPOST in http request Andrew Torres (Jul 25)

Antonin

Create rule to check illegal web access Antonin (Jul 19)
Re: Create rule to check illegal web access Antonin (Jul 19)
Re: Create rule to check illegal web access Antonin (Jul 19)

ARAI Shun-ichi

Re: Stream5 ARAI Shun-ichi (Aug 23)

Arshan Awais

Problem Compiling Snort! Arshan Awais (Sep 03)

Asieh Mokarian

problem with using snort to log in MS SQL server on another machine Asieh Mokarian (Aug 13)

Balasubramaniam Natarajan

Snort weird behaviour Balasubramaniam Natarajan (Aug 25)
Re: Snort installation - restore mysql (snort-2.9.3). Balasubramaniam Natarajan (Jul 25)
Query on webroot Balasubramaniam Natarajan (Sep 13)
Re: How to wite snort rule with "OR" condition without PCRE Balasubramaniam Natarajan (Jul 08)
Re: Fwd: cve-2010-1635 detection Balasubramaniam Natarajan (Aug 17)
Re: Snort weird behaviour Balasubramaniam Natarajan (Aug 25)
Re: snort on one interface Balasubramaniam Natarajan (Jul 20)
Re: Fwd: cve-2010-1635 detection Balasubramaniam Natarajan (Aug 18)
Analyzing Snort alert Balasubramaniam Natarajan (Jul 09)
Re: Snort on Solaris Balasubramaniam Natarajan (Jul 29)

beenph

Re: [barnyard2-users] Compiling Barnyard with ./configure --with-mysql --with-postgresql beenph (Aug 05)
Re: Send snort alerts via syslog to ArcSight beenph (Sep 27)
Re: Barnyard2 - v2-1.10 is released beenph (Sep 27)
Re: not event in snort 2.9.3 beenph (Sep 27)
Re: Barnyard2 giving issues after upgrading system beenph (Aug 17)
Re: [barnyard2-users] Re: Fwd: Missing packets with by2 beenph (Jul 24)
Re: Multiple Instances of Snort and Barnyard2 Startup script beenph (Sep 04)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 31)
Re: [barnyard2-users] WinSnort.com News: New Guided Install for Compiling Barnyard2 on Windows have arrived! beenph (Aug 21)
Re: [barnyard2-users] Fatal error after upgrading barnyard2 beenph (Sep 29)
Re: Fwd: Missing packets with by2 beenph (Jul 24)
Re: Snort/Banyard2 Logging beenph (Jul 13)
Re: snort 2.9.x Barnyard2-1.9 Build without libpcap beenph (Aug 06)
Re: Snort/Banyard2 Logging beenph (Jul 17)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 31)
Re: not event in snort 2.9.3 beenph (Sep 27)
Re: Barnyard - Database link down beenph (Aug 05)
Re: snort classification Question beenph (Aug 21)
Re: Snort / Barnyard2 Placement beenph (Sep 26)
Re: [barnyard2-users] Compiling Barnyard with ./configure --with-mysql --with-postgresql beenph (Aug 05)
Re: [barnyard2-users] Fatal error after upgrading barnyard2 beenph (Sep 29)
Re: Snort + PF_RING + DAQ beenph (Sep 04)
Fwd: Missing packets with by2 beenph (Jul 23)
Re: Snort + PF_RING + DAQ beenph (Sep 04)
Re: Automatically block IP on firewall box from snort IDS beenph (Sep 18)
Re: [barnyard2-users] Fatal error after upgrading barnyard2 beenph (Sep 29)
Re: Barnyard2 - v2-1.10 is released beenph (Sep 27)
Re: [barnyard2-users] Re: Fwd: Missing packets with by2 beenph (Jul 24)
Re: Barnyard - Database link down beenph (Aug 05)
Re: Fwd: Missing packets with by2 beenph (Jul 23)
Re: Barnyard2 - v2-1.10 is released beenph (Sep 25)
Re: not event in snort 2.9.3 beenph (Sep 27)
Re: [Snort-devel] Barnyard2 - v2-1.10 is released beenph (Sep 26)
Re: [barnyard2-users] Re: Fwd: Missing packets with by2 beenph (Jul 24)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue beenph (Aug 30)
Re: [Snort-devel] Barnyard2 - v2-1.10 is released beenph (Sep 26)
External DAQ Module : DAQ_PCAP_SPOOLER v1.0b beenph (Sep 16)
Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem beenph (Aug 20)

Benjamin Lincoln

logging to syslog Benjamin Lincoln (Sep 19)
Re: logging to syslog Benjamin Lincoln (Sep 19)

Berndt, Achim

Snort 2.9.3.1 / Barnyard2 2.1.10 / Base 1.4.5 -> view alert problem Berndt, Achim (Aug 24)
Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem Berndt, Achim (Aug 25)
Snort 2.9.3.1 / Barnyard2 2.1.9 Problem Berndt, Achim (Aug 20)
Re: Snort 2.9.3.1 / Barnyard2 2.1.9 Problem Berndt, Achim (Aug 24)

Bill Mathews

Re: Email Bill Mathews (Aug 29)

Brandon Phelps

Re: Pulled Pork 403 Error Brandon Phelps (Jul 25)
Pulled Pork 403 Error Brandon Phelps (Jul 25)

Bravo Snipper

understand snort code--Where to start ? Bravo Snipper (Jul 26)
How to decide which rules should be enabled. Bravo Snipper (Jul 18)
Re: How to decide which rules should be enabled. Bravo Snipper (Jul 19)

Brett Edgar

Enormous increase in GZIP Decompression failures with 2.9.3 vs 2.9.2.3 on 64-bit Brett Edgar (Jul 25)
Re: Enormous increase in GZIP Decompression failures with 2.9.3 vs 2.9.2.3 on 64-bit Brett Edgar (Jul 26)
Re: Enormous increase in GZIP Decompression failures with 2.9.3 vs 2.9.2.3 on 64-bit Brett Edgar (Jul 25)

Brian Swan

Unknown ClassType Brian Swan (Sep 10)
Very Limited Logging Brian Swan (Sep 26)

Brickman Gonzalez, Sara

problem with pulledpork Brickman Gonzalez, Sara (Jul 30)

Bryan A. Jones

Re: Manual updates Bryan A. Jones (Jul 11)
Re: Manual updates Bryan A. Jones (Jul 12)
CLI support for downloading DAQ Bryan A. Jones (Jul 23)
Old file in daq releases Bryan A. Jones (Jul 23)
Re: DAQ ./configure problem with libpcap>1.0.0 Bryan A. Jones (Jul 03)
DAQ ./configure problem with libpcap>1.0.0 Bryan A. Jones (Jul 03)

Budinich Galvez, Luis Alberto

Problem rebuilding rpm from daq Budinich Galvez, Luis Alberto (Aug 07)

Castle, Shane

snort.stats analysis Castle, Shane (Jul 16)
Re: Pulled Pork Castle, Shane (Aug 28)
Re: PulledPork modifysid issue Castle, Shane (Aug 24)
Re: How to decide which rules should be enabled. Castle, Shane (Jul 19)
ICMP type 8 code 80? Castle, Shane (Jul 26)
PulledPork modifysid issue Castle, Shane (Aug 24)
Re: http_inspect tuning issue Castle, Shane (Jul 03)
Re: Adobe Flash outdated Castle, Shane (Aug 21)
http_inspect tuning issue Castle, Shane (Jul 02)
Re: PulledPork modifysid issue Castle, Shane (Aug 24)
Re: http_inspect tuning issue Castle, Shane (Jul 03)
Re: Adobe Flash outdated Castle, Shane (Aug 21)
Re: snort.stats analysis Castle, Shane (Jul 16)

Chiesa Stefano

Failed to parse the IP address: $HOME_NET Chiesa Stefano (Aug 16)
R: Failed to parse the IP address: $HOME_NET - [[]] Chiesa Stefano (Aug 17)
R: SNORT (snortsam) integration with Checkpoint NGX R65 - [[]] Chiesa Stefano (Aug 21)
R: SNORT (snortsam) integration with Checkpoint NGXR65 - [[]] Chiesa Stefano (Aug 20)
SNORT (snortsam) integration with Checkpoint NGX R65 Chiesa Stefano (Aug 20)

C. L. Martinez

Re: OS options to monitor traffic over a 1GiB and 10 GiB C. L. Martinez (Jul 01)
Re: OS options to monitor traffic over a 1GiB and 10 GiB C. L. Martinez (Jul 03)

C. Marshall

Re: Is there a ruleset for breakingpoint malicious traffic? C. Marshall (Aug 06)

c_mullins702000 () yahoo com

Re: [Snort-users] Snort-users Digest, Vol 76, Issue 16 c_mullins702000 () yahoo com (Sep 07)

Craft, Robert

Re: Failed to parse the IP address: $HOME_NET Craft, Robert (Aug 16)

daisung choi

snorby, squert, BASE and sguil stopped except Snort daisung choi (Aug 29)

Damien Hull

Installing & Configuring snort Damien Hull (Aug 12)
Re: Configuring Snort Damien Hull (Aug 24)
Configuring Snort Damien Hull (Aug 24)
Downloading Snort 2.9.3.0 Damien Hull (Aug 30)
Re: Configuring Snort Damien Hull (Aug 24)

dandantheitman

Re: Snort's architecture dandantheitman (Sep 06)

Dang Le Nam

Convert pcap file or snort log file to csv file to analysis, Dang Le Nam (Aug 05)
Portscan traffic don't appear on BASE - snort 2.9.2.2 Dang Le Nam (Jul 30)
Re: Snort-users Digest, Vol 75, Issue 15 Dang Le Nam (Aug 13)
Error when running snort_inline 2.6.1.5 on Centos x86-64 Dang Le Nam (Aug 10)
Error plugin snort performance on munin project Dang Le Nam (Sep 01)
No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Dang Le Nam (Jul 30)

Daniel Merritt

FreeBSD and alert_unixsock Daniel Merritt (Aug 18)

Dave Venman

Re: Failed to parse the IP address: $HOME_NET Dave Venman (Aug 16)

David Turnbull

Bug; ts_print() reporting negative years before 2000 David Turnbull (Jul 28)

David Wilson

pcap comparison too; David Wilson (Aug 28)

Deepika p

guide for 64-bit Deepika p (Jul 04)
log file Deepika p (Jul 04)

Dheeraj Gupta

Snort Unified2 File Format Dheeraj Gupta (Sep 17)
Re: Updating Rules with PulledPork and no outsid connection Dheeraj Gupta (Sep 17)

Diego Moronta

option -o in snort 2.8.5.2-8 Diego Moronta (Jul 26)

Dionyssios Edwards

HTTP 304 alerts Dionyssios Edwards (Sep 24)

Doug Burks

Re: snorby, squert, BASE and sguil stopped except Snort Doug Burks (Aug 29)
Re: Configure and fine tune Snort Rules Doug Burks (Jul 06)
Looking for a prebuilt Snort IDS Distro Doug Burks (Sep 23)
Re: Automated File Carving? Doug Burks (Aug 08)

Edward Fjellskål

Re: Stream5 Edward Fjellskål (Aug 22)
Re: Adobe Flash outdated Edward Fjellskål (Aug 22)

elof

Large receive offload, good or bad? elof (Aug 30)

Emeka Agu

Re: What do I need to configure in snort.conf to protect against segmentation attacks? Emeka Agu (Aug 26)
Re: What do I need to configure in snort.conf to protect against segmentation attacks? Emeka Agu (Aug 27)
What do I need to configure in snort.conf to protect against segmentation attacks? Emeka Agu (Aug 22)
Re: Frag3 timeout ignored Emeka Agu (Sep 02)

Eric Biederman

Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 30)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 31)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Eric Biederman (Aug 31)

Eric G

Re: where can i download BASE? Eric G (Sep 09)
Re: [Snort-sigs] typical errors when trying pulledpork Eric G (Sep 08)

Eric Luellen

Re: Snort/Banyard2 Logging Eric Luellen (Jul 17)
Snort 2.9.3 Eric Luellen (Jul 20)
Snort/Banyard2 Logging Eric Luellen (Jul 13)
Re: Snort 2.9.3 Eric Luellen (Jul 20)
Snort + PF_RING + DAQ Eric Luellen (Aug 29)
Re: Snort + PF_RING + DAQ Eric Luellen (Aug 30)
Re: Snort 2.9.3 Eric Luellen (Jul 20)

firnsy

Barnyard2 - v2-1.10 is released firnsy (Sep 25)

Francois Gaudreault

Question about alert logging Francois Gaudreault (Sep 13)

Gautham Rachaiah

(no subject) Gautham Rachaiah (Aug 17)

Giles Coochey

Re: Internal Network vs. External Network Giles Coochey (Sep 12)
Re: ICMP type 8 code 80? Giles Coochey (Jul 26)
Re: ICMP type 8 code 80? Giles Coochey (Jul 26)
Re: RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?) Giles Coochey (Sep 26)
Re: RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?) Giles Coochey (Sep 26)

GITSS

Snort installation - restore mysql (snort-2.9.3). GITSS (Jul 25)

Gmail Personal

Re: pcaps for triggering rules Gmail Personal (Aug 24)
Frag3 timeout ignored Gmail Personal (Sep 01)
Re: pcaps for triggering rules Gmail Personal (Aug 24)
Re: What do I need to configure in snort.conf to protect against segmentation attacks? Gmail Personal (Aug 26)
Re: pcaps for triggering rules Gmail Personal (Aug 24)

Graham Bignell

Re: FN with http_header and pcreH followed by same http_header+distance0... Graham Bignell (Jul 24)

Greg Williams

Re: Email Greg Williams (Aug 29)
Re: Email Greg Williams (Aug 29)

Hafez Kamal

[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions Hafez Kamal (Aug 08)

hamid alaei

snort sensor placement-packet decoding issues hamid alaei (Aug 18)
Ethernet Frames hamid alaei (Aug 23)
Ethernet Frames hamid alaei (Aug 22)

Hamid Reza Hasani

Performance test Hamid Reza Hasani (Jul 28)

harry.tuttle

byte_test question harry.tuttle (Aug 24)
Re: byte_test question harry.tuttle (Aug 24)

Heine Lysemose

Re: Snort Installed fine but daemon will not run Heine Lysemose (Aug 22)
Re: pcaps for triggering rules Heine Lysemose (Aug 24)
Re: Using PP Heine Lysemose (Sep 13)
Re: [barnyard2-users] Fatal error after upgrading barnyard2 Heine Lysemose (Sep 28)
Re: snort admin interface GUI type Heine Lysemose (Aug 29)
Re: Looking for a prebuilt Snort IDS Distro Heine Lysemose (Sep 20)
Re: schemas not created Heine Lysemose (Aug 08)
Re: Using PP Heine Lysemose (Sep 13)

Henri Reinikainen

little help with false positives? Henri Reinikainen (Jul 19)

Horton, Nicholas A - Merrifield, VA - Contractor

Re: Email Horton, Nicholas A - Merrifield, VA - Contractor (Aug 29)

H Phillips

Posting H Phillips (Sep 08)
No alerts in BASE H Phillips (Sep 10)
(no subject) H Phillips (Sep 10)

Hui Cao

Re: Snort for report GTp statistics Hui Cao (Jul 05)
Re: Snort for report GTp statistics Hui Cao (Jul 09)

Ian Bowers

Re: SNORT daily report Ian Bowers (Jul 16)
Re: ICMP type 8 code 80? Ian Bowers (Jul 26)
Re: SNORT daily report Ian Bowers (Jul 16)

Ivan Raic

Spotify music app signature Ivan Raic (Aug 09)

Jack

Re: Snort + PF_RING + DAQ Jack (Sep 04)
Re: Warning: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. Jack (Sep 08)
Re: Warning: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. Jack (Sep 06)
Re: stream5 and http_inspect Jack (Sep 05)
Re: typical errors when trying pulledpork Jack (Sep 08)
Re: Multiple Instances of Snort and Barnyard2 Startup script Jack (Sep 07)
Re: snort inline with jumbo frame Jack (Sep 10)
Multiple Instances of Snort and Barnyard2 Startup script Jack (Sep 04)
Re: Snort and MySQL Jack (Sep 21)
Re: Multiple Instances of Snort and Barnyard2 Startup script Jack (Sep 07)

Jack Pepper

Re: DAQ ./configure problem with libpcap>1.0.0 Jack Pepper (Jul 03)

Jaime Nebrera

Re: OS options to monitor traffic over a 1GiB and 10 GiB Jaime Nebrera (Jul 04)
Re: RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?) Jaime Nebrera (Sep 26)
Re: snort admin interface GUI type Jaime Nebrera (Aug 29)
Re: Looking for a prebuilt Snort IDS Distro Jaime Nebrera (Sep 21)
Re: snort admin interface GUI type Jaime Nebrera (Aug 29)
Re: RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?) Jaime Nebrera (Sep 26)
TCP Syn performance test Jaime Nebrera (Jul 26)
Re: snort admin interface GUI type Jaime Nebrera (Aug 29)
redBorder IPS Presentation Jaime Nebrera (Jul 04)
redBorder IPS Presentation Jaime Nebrera (Jul 04)
Re: Looking for a prebuilt Snort IDS Distro Jaime Nebrera (Sep 21)
redBorder IPS Manual Jaime Nebrera (Aug 10)

James Davis

suppressing all signatures from a particular generator James Davis (Aug 24)
Re: suppressing all signatures from a particular generator James Davis (Aug 29)
Re: suppressing all signatures from a particular generator James Davis (Aug 30)

James Dickenson

Re: How to see output snort rule TAG option? James Dickenson (Aug 01)

James Lay

Re: mystery alerts James Lay (Aug 30)
Re: Rule thoughts James Lay (Sep 06)
Quick Kuluoz sig James Lay (Aug 31)
Question on http_client_body James Lay (Jul 02)
Re: Quick uricontent question James Lay (Sep 19)
Re: Rule thoughts James Lay (Sep 06)
Re: Malicious UA sig thoughts James Lay (Sep 18)
Re: Rule thoughts James Lay (Sep 06)
Re: Low hanging fruit #2 James Lay (Sep 13)
Re: snort syslog output support James Lay (Sep 14)
Re: Quick uricontent question James Lay (Sep 19)
Re: Understanding within James Lay (Aug 15)
Re: A question on flows with pcaps James Lay (Aug 08)
Re: Low hanging fruit - inforet James Lay (Aug 29)
Re: Understanding within James Lay (Aug 15)
Rule thoughts James Lay (Sep 06)
Quick rule optimize request James Lay (Jul 17)
Re: snort classification Question James Lay (Aug 22)
Couple sigs - Firefox plugins James Lay (Sep 26)
Re: Couple sigs James Lay (Sep 10)
Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
Low hanging fruit #2 James Lay (Sep 12)
Re: Understanding within James Lay (Aug 15)
Re: Rule thought James Lay (Aug 06)
Quick rebots sig James Lay (Aug 24)
Quick uricontent question James Lay (Sep 19)
Malicious UA sig thoughts James Lay (Sep 18)
Re: threshold.conf not working? James Lay (Sep 10)
A question on flows with pcaps James Lay (Aug 08)
Re: Malicious UA sig thoughts James Lay (Sep 18)
Re: Quick rule optimize request James Lay (Jul 17)
Rule thought James Lay (Aug 06)
Tumblr redirect update James Lay (Jul 06)
Re: Couple sigs James Lay (Sep 10)
Re: Question on http_client_body James Lay (Jul 02)
Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
Re: Help with Alerts James Lay (Sep 09)
Re: Quick rebots sig James Lay (Aug 27)
Re: Low hanging fruit - inforet James Lay (Aug 29)
Couple sigs James Lay (Sep 07)
Matching host get and content James Lay (Jul 09)
Low hanging fruit - inforet James Lay (Aug 29)
Re: Quick Android/Fakelash.A!tr.spy sig James Lay (Sep 24)
Re: Quick rebots sig James Lay (Aug 27)
Re: Rule thoughts James Lay (Sep 06)
Understanding within James Lay (Aug 15)
Quick Android/Fakelash.A!tr.spy sig James Lay (Sep 21)

Jamie

Re: SNORT daily report Jamie (Jul 15)
Re: Help with a signature Jamie (Sep 15)

Jamie Riden

Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf Jamie Riden (Jul 20)
Re: SNORT daily report Jamie Riden (Jul 16)
Re: Help with a signature Jamie Riden (Sep 15)

Jason Haar

Re: Email Jason Haar (Aug 29)
Re: RE : Re: RE : snort 2.9.2.3 not detecting skype Jason Haar (Jul 10)
Re: PCRE and cross packet matching Jason Haar (Aug 05)

jbox2705

snort 2.9.3 - PreProcessor Profile stats for PCRE jbox2705 (Jul 01)

Jefferson, Shawn

Re: snorby, squert, BASE and sguil stopped except Snort Jefferson, Shawn (Aug 29)
Re: Barnyard2 - v2-1.10 is released Jefferson, Shawn (Sep 25)
Re: which rules to load ? Jefferson, Shawn (Aug 29)
Re: false positives Mit lincoln laboratory and snort signatures Jefferson, Shawn (Aug 14)
Re: Automated File Carving? Jefferson, Shawn (Aug 17)
Automated File Carving? Jefferson, Shawn (Aug 08)

Jeff Kell

Re: Problems compiling SnortSam on OpenBSD Jeff Kell (Sep 05)

Jeffrey Jilg

snort 2.9.2.2 undefined symbols, and no data Jeffrey Jilg (Aug 23)

Jeremy Hoel

Re: Looking for a prebuilt Snort IDS Distro Jeremy Hoel (Sep 20)
Re: Still Empty log file Jeremy Hoel (Jul 30)
Re: SNORT daily report Jeremy Hoel (Jul 15)
Re: IP- and Portvar buffer limit? Jeremy Hoel (Aug 05)
Re: Still Empty log file Jeremy Hoel (Jul 25)
Re: Snort Installed fine but daemon will not run Jeremy Hoel (Aug 22)
Re: Snort and MySQL Jeremy Hoel (Sep 21)
Re: Looking for a prebuilt Snort IDS Distro Jeremy Hoel (Sep 22)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Jeremy Hoel (Aug 31)
Re: Snort Installed fine but daemon will not run Jeremy Hoel (Aug 22)
Re: Snort Installed fine but daemon will not run Jeremy Hoel (Aug 22)
Re: Content-list rule option Jeremy Hoel (Aug 07)
Re: Snort not seeing traffic Jeremy Hoel (Aug 27)
Re: Still Empty log file Jeremy Hoel (Jul 21)
Re: What kernel should I run? Jeremy Hoel (Sep 14)
Re: Looking for a prebuilt Snort IDS Distro Jeremy Hoel (Sep 21)
Re: Snort / Barnyard2 Placement Jeremy Hoel (Sep 26)
Re: Still Empty log file Jeremy Hoel (Jul 28)
Re: snort classification Question Jeremy Hoel (Aug 24)
Re: Pulled Pork Jeremy Hoel (Aug 28)
Re: Monitoring via bonded interfaces; allowed or problematic? Jeremy Hoel (Sep 12)
Re: Snort not seeing traffic Jeremy Hoel (Aug 28)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Jeremy Hoel (Aug 30)
Re: How to decide which rules should be enabled. Jeremy Hoel (Jul 18)

Jerry McCaslin

ERROR: The dynamic detection library Jerry McCaslin (Aug 08)

Jesse Bowling

Re: DAQ ./configure problem with libpcap>1.0.0 Jesse Bowling (Jul 03)
Re: Potential memory leak/settings for memory conservation in 2.9.2.3/2.9.3_rc1? Jesse Bowling (Jul 05)
Potential memory leak/settings for memory conservation in 2.9.2.3/2.9.3_rc1? Jesse Bowling (Jul 03)
Re: Potential memory leak/settings for memory conservation in 2.9.2.3/2.9.3_rc1? Jesse Bowling (Jul 05)

Jesse Whyte

Re: RE : Snort SIP Preprocessor error Jesse Whyte (Aug 22)
Snort SIP Preprocessor error Jesse Whyte (Aug 22)

Jim Hranicky

Re: [barnyard2-users] Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
Re: [barnyard2-users] Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)
Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 23)
Missing packets with by2 Jim Hranicky (Jul 23)
Re: Fwd: Missing packets with by2 Jim Hranicky (Jul 24)

Jimmy Ford

Issues with install Snort 2.9.3.1 Barnyard2 -1.9 Jimmy Ford (Aug 20)
Re: Snort Installed fine but daemon will not run Jimmy Ford (Aug 22)
Snort Installed fine but daemon will not run Jimmy Ford (Aug 22)
Re: Snort Installed fine but daemon will not run Jimmy Ford (Aug 22)
Re: Snort Installed fine but daemon will not run Jimmy Ford (Aug 22)
Re: Snort Installed fine but daemon will not run Jimmy Ford (Aug 22)

JJC

Re: Pulled Pork JJC (Aug 28)
Re: manual update of rules using pulledpork JJC (Jul 11)
Re: Updating Rules with PulledPork and no outside connection JJC (Sep 18)
Re: Pulled Pork JJC (Aug 28)
Re: How to decide which rules should be enabled. JJC (Jul 19)
Re: I'm so close I smell Bacon... little more help thanks! JJC (Sep 15)
Re: Updating Rules with PulledPork and no outside connection JJC (Sep 19)
Re: how to set domain alias in postfix+postfixadmin JJC (Sep 18)
Re: Metasploit exploits on Snort JJC (Sep 18)
Re: Updating Rules with PulledPork and no outside connection JJC (Sep 19)
Re: Updating Rules with PulledPork and no outside connection JJC (Sep 19)
Re: I'm getting close, I smell more bacon JJC (Sep 14)
Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf JJC (Jul 24)
Re: problem with pulledpork JJC (Aug 01)
Re: Snort's architecture JJC (Sep 06)
Re: logging to syslog JJC (Sep 19)
Re: Rules and Tuning JJC (Aug 14)

JJ Cummings

Re: snort.stats analysis JJ Cummings (Jul 16)
Re: Pulled Pork JJ Cummings (Aug 28)
Re: Still Empty log file JJ Cummings (Jul 20)
Re: Is there a 64bit version of Snort 2.9.3 available for download from snort.org? JJ Cummings (Aug 19)
Re: rules for new Java 0-day? JJ Cummings (Aug 28)
Re: Rules and Tuning JJ Cummings (Aug 16)
Re: I'm so close I smell Bacon... little more help thanks! JJ Cummings (Sep 17)
Re: Updating Rules with PulledPork and no outside connection JJ Cummings (Sep 17)
Re: Updating Rules with PulledPork and no outside connection JJ Cummings (Sep 19)

jlarson () gogocast net

unsubscribe jlarson () gogocast net (Jul 13)

Joao Daniel Neves

Re: Snort and MySQL Joao Daniel Neves (Sep 25)
Snort, BASE, and FRW Joao Daniel Neves (Sep 25)
Re: Snort and MySQL Joao Daniel Neves (Sep 21)
Snort and MySQL Joao Daniel Neves (Sep 21)
Re: Snort, BASE, and FRW Joao Daniel Neves (Sep 26)

joecat28

(no subject) joecat28 (Aug 24)

Joe Gedeon

Agentless AIX Joe Gedeon (Jul 11)

Joel Esler

Re: Large receive offload, good or bad? Joel Esler (Aug 30)
Re: SNORT (snortsam) integration with Checkpoint NGX R65 - [[]] Joel Esler (Aug 22)
Re: Understanding within Joel Esler (Aug 15)
Re: Help with Alerts Joel Esler (Sep 09)
Re: Netflix Joel Esler (Aug 21)
Re: False positives Joel Esler (Aug 22)
Re: Snort and MySQL Joel Esler (Sep 21)
Re: Variables Joel Esler (Aug 31)
Re: [Emerging-Sigs] Downloading older versions of snort Joel Esler (Aug 09)
Re: Snort's modules Joel Esler (Jul 25)
Re: Malicious UA sig thoughts Joel Esler (Sep 18)
Re: option -o in snort 2.8.5.2-8 Joel Esler (Jul 27)
Re: Quick rebots sig Joel Esler (Aug 27)
Re: Snort Labs and conf files for 2.9.3.1? Joel Esler (Aug 27)
Re: Snort-users Digest, Vol 76, Issue 16 Joel Esler (Sep 07)
Re: Adobe Flash outdated Joel Esler (Aug 22)
Re: Segfaults with libsf_smtp_preproc.so.0.0.0 Joel Esler (Jul 09)
Re: The DAQ version does not support reload. Joel Esler (Jul 04)
Re: PCRE and cross packet matching Joel Esler (Aug 06)
Re: Quick rule optimize request Joel Esler (Jul 17)
Re: Snort Rules for Version 2.8.5.1 Joel Esler (Sep 21)
Re: Why PulledPork over Oinkmaster Joel Esler (Sep 26)
Re: pcaps for triggering rules Joel Esler (Aug 24)
Re: FreeBSD and alert_unixsock Joel Esler (Aug 21)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Joel Esler (Aug 31)
Re: Very Limited Logging Joel Esler (Sep 26)
Re: log file Joel Esler (Jul 04)
Re: Problems compiling SnortSam on OpenBSD Joel Esler (Sep 05)
Re: Snort on Windows Joel Esler (Jul 16)
Re: Regarding snort configuration Joel Esler (Sep 26)
Re: SNORT (snortsam) integration with Checkpoint NGX R65 Joel Esler (Aug 20)
Re: How to write a snort rule match NO content GET orPOST in http request Joel Esler (Jul 25)
Re: problems with PP Joel Esler (Sep 14)
Re: Snort Sam Joel Esler (Aug 07)
Re: Snort 2.9.3 Joel Esler (Jul 20)
Re: IP Protocol Rules? Joel Esler (Jul 01)
Re: Quick uricontent question Joel Esler (Sep 20)
Re: Automated File Carving? Joel Esler (Aug 17)
Re: Snort-sigs Digest, Vol 76, Issue 14 Joel Esler (Sep 11)
Re: snort classification Question Joel Esler (Aug 21)
Re: sniffer detection Joel Esler (Jul 15)
Re: Help with Alerts Joel Esler (Sep 09)
Re: WEB-MISC backup access Joel Esler (Aug 20)
Re: Help with Alerts Joel Esler (Sep 08)
Re: Barnyard2 - v2-1.10 is released Joel Esler (Sep 27)
Re: what is difference Joel Esler (Aug 29)
Re: IPS inline problem, again Joel Esler (Jul 05)
Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf Joel Esler (Jul 20)
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Joel Esler (Aug 09)
Re: virus.rules file Joel Esler (Sep 04)
Re: pcaps for triggering rules Joel Esler (Aug 24)
Re: Reputation Preprocessor Joel Esler (Sep 25)
Re: [Snort-devel] Snort DB clean up ACID/BASE Joel Esler (Sep 26)
Re: Dynamic Preprocessor example does not make alert why? Joel Esler (Sep 07)
Re: Fwd: cve-2010-1635 detection Joel Esler (Aug 17)
Re: Snort 2.9.3 mysql schema missing? Joel Esler (Jul 20)
Re: unsubscribe Joel Esler (Jul 13)
Re: snort classification Question Joel Esler (Aug 21)
Re: Snort Labs and conf files for 2.9.3.1? Joel Esler (Aug 27)
Re: Simple IPS config for snort Joel Esler (Jul 04)
Re: Snort Process Forking Joel Esler (Sep 11)
Re: byte_test question Joel Esler (Aug 24)
Re: [Emerging-Sigs] Downloading older versions of snort Joel Esler (Aug 10)
Re: stream5 and http_inspect Joel Esler (Sep 05)
Re: Quick Android/Fakelash.A!tr.spy sig Joel Esler (Sep 24)
Re: Snort 2.9.3 Joel Esler (Jul 20)
Re: Snort 2.9.3.1, Barnyard2 2.9.1 and Mysql issue Joel Esler (Aug 31)
Re: Snort + PF_RING + DAQ Joel Esler (Sep 04)
Re: Snort SIP Preprocessor error Joel Esler (Aug 22)
Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf Joel Esler (Jul 20)
Re: Is snort.org down? Joel Esler (Sep 06)
Re: what is difference Joel Esler (Aug 29)
Re: Snort new install won't start Joel Esler (Jul 24)
Re: Snort 2.9.3 Joel Esler (Jul 20)
Re: problem with using snort to log in MS SQL server on another machine Joel Esler (Aug 14)
Re: Snort install Joel Esler (Jul 03)
Fwd: Help with Alerts Joel Esler (Sep 10)
Re: Snort + PF_RING + DAQ Joel Esler (Sep 04)
Re: Netflix Joel Esler (Aug 21)
Re: turnkey snort system? Joel Esler (Aug 22)
Re: Snort weird behaviour Joel Esler (Aug 26)
Re: Snort + PF_RING + DAQ Joel Esler (Sep 04)
Re: Size of $HOME_NET Joel Esler (Aug 31)
Snort.org Blog: Rule Category Reorganization Phase 2 Joel Esler (Aug 30)
Re: PCRE and cross packet matching Joel Esler (Aug 06)
Re: snort classification Question Joel Esler (Aug 22)
Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf Joel Esler (Jul 24)
Re: PCRE recursion limit override related segv... Joel Esler (Aug 31)
Re: Snort + PF_RING + DAQ Joel Esler (Sep 06)
Re: pcaps for triggering rules Joel Esler (Aug 24)
Re: HTTP Inspect Statistics Joel Esler (Sep 12)
Re: unsubscribe Joel Esler (Aug 17)
Re: Gripe - Snort "other" downloads not signed/hashed Joel Esler (Aug 23)
Re: Problem With Snort Joel Esler (Sep 17)
Re: Quick rebots sig Joel Esler (Aug 27)
Re: Downloading Snort 2.9.3.0 Joel Esler (Aug 31)
Re: SNORT daily report Joel Esler (Jul 16)
Re: Snort + PF_RING + DAQ Joel Esler (Sep 04)
Re: Disabled rule still alerting Joel Esler (Aug 29)
Re: [Emerging-Sigs] Downloading older versions of snort Joel Esler (Aug 10)
Re: IPS inline problem, again Joel Esler (Jul 05)
Re: Dealing with Snort rules and signatures Joel Esler (Aug 03)
Re: Variables Joel Esler (Aug 31)
Re: Email Joel Esler (Aug 29)
Re: Old file in daq releases Joel Esler (Jul 23)
Re: Disabled rule still alerting - UPDATE - FIXED ! Joel Esler (Aug 29)
Re: about http config Joel Esler (Jul 31)
Re: Barnyard2 - v2-1.10 is released Joel Esler (Sep 26)
Re: snort.stats analysis Joel Esler (Jul 16)
Re: Snort IDS vs my firewall Joel Esler (Aug 26)
Re: False positives/Oink Code/Oinkmaster vs Pulled Pork? Joel Esler (Sep 06)
Re: Content-list rule option Joel Esler (Aug 17)
Re: Snort Rules Joel Esler (Sep 19)
Re: Content-list rule option Joel Esler (Aug 07)
Re: Snort 2.9.3.0 - Some groups of rules missing from snort.conf Joel Esler (Jul 20)
Re: Portscan traffic don't appear on BASE - snort 2.9.2.2 Joel Esler (Aug 01)
Re: Quick Android/Fakelash.A!tr.spy sig Joel Esler (Sep 21)
Re: Help with Alerts Joel Esler (Sep 09)
Re: [Emerging-Sigs] Downloading older versions of snort Joel Esler (Aug 10)
Re: Pulled Pork 403 Error Joel Esler (Jul 25)
Re: Matching host get and content Joel Esler (Jul 09)
Re: What is this I see? Joel Esler (Sep 11)
Re: [Emerging-Sigs] Hungry and tired Joel Esler (Aug 23)
Re: Low hanging fruit #2 Joel Esler (Sep 13)
Re: I'm getting close, I smell more bacon Joel Esler (Sep 14)
Re: snort on one interface Joel Esler (Jul 18)
Re: Up and Running Joel Esler (Sep 11)
Re: Snort IDS vs my firewall Joel Esler (Aug 24)
Re: typical errors when trying pulledpork Joel Esler (Sep 09)
Re: Rule thoughts Joel Esler (Sep 06)
Re: Snort-sigs Digest, Vol 75, Issue 1 Joel Esler (Aug 03)
Re: byte_test question Joel Esler (Aug 24)
Re: What do I need to configure in snort.conf to protect against segmentation attacks? Joel Esler (Aug 27)
Re: [Emerging-Sigs] Downloading older versions of snort Joel Esler (Aug 10)
Re: Snort weird behaviour Joel Esler (Aug 25)
Re: [Emerging-Sigs] Downloading older versions of snort Joel Esler (Aug 10)
Re: Fwd: how to change mailto address Joel Esler (Sep 09)
Re: CLI support for downloading DAQ Joel Esler (Jul 23)
Re: [Snort-sigs] Snort.org Blog: Rule Category Reorganization Phase 2 Joel Esler (Aug 30)
Re: Snort-users Digest, Vol 74, Issue 60 Joel Esler (Jul 25)
Snort 2.9.2.2 is now End-Of-Lifed Joel Esler (Aug 24)
Re: I'd like to be able to post to this list - auth me? thanks Pete Joel Esler (Aug 19)
Re: Automatically block IP on firewall box from snort IDS Joel Esler (Sep 18)
Re: problems with PP Joel Esler (Sep 14)
Re: snort classification Question Joel Esler (Aug 21)
Re: How to decide which rules should be enabled. Joel Esler (Jul 19)
Re: typical errors when trying pulledpork Joel Esler (Sep 08)
Re: log response pkts Joel Esler (Jul 03)
Re: [Snort-users] Multi-process Snort Joel Esler (Aug 16)
Re: Snort and MySQL Joel Esler (Sep 21)
Re: snort classification Question Joel Esler (Aug 21)
Re: Output database option - Back in? Joel Esler (Sep 11)
Re: PulledPork modifysid issue Joel Esler (Aug 24)
Re: IP Protocol Rules? Joel Esler (Jul 03)
Re: Quick Kuluoz sig Joel Esler (Aug 31)
Re: Snort against DARPA Dataset Joel Esler (Jul 14)
Re: Snort new install won't start Joel Esler (Jul 24)
Re: typical errors when trying pulledpork Joel Esler (Sep 07)
Re: Snort Labs and conf files for 2.9.3.1? Joel Esler (Aug 24)
Re: Quick uricontent question Joel Esler (Sep 19)
Re: pcap comparison too; Joel Esler (Aug 29)
Re: Metasploit exploits on Snort Joel Esler (Sep 18)
Re: Internal Network vs. External Network Joel Esler (Sep 12)
Re: Problems compiling SnortSam on OpenBSD Joel Esler (Sep 05)
Re: Up and Running Joel Esler (Sep 11)
Re: setting up snort Joel Esler (Jul 30)
Re: snort classification Question Joel Esler (Aug 21)
Re: http_inspect tuning issue Joel Esler (Jul 04)
Re: FN with http_header and pcreH followed by same http_header+distance0... Joel Esler (Jul 24)
Re: Expect Script Joel Esler (Aug 18)
Re: Snort - failed to load snort_dynamicrules Joel Esler (Sep 19)
Re: Automated File Carving? Joel Esler (Aug 17)
Re: No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Joel Esler (Jul 30)
Re: rules for new Java 0-day? Joel Esler (Aug 28)
Re: Low hanging fruit #2 Joel Esler (Sep 13)
Re: Rules and Tuning Joel Esler (Aug 16)
Re: Understanding within Joel Esler (Aug 15)
Re: http_header Joel Esler (Jul 23)
Re: Manual updates Joel Esler (Jul 12)
Re: What do I need to configure in snort.conf to protect against segmentation attacks? Joel Esler (Aug 27)
Re: false positives Mit lincoln laboratory and snort signatures Joel Esler (Aug 16)
Re: Low hanging fruit - inforet Joel Esler (Aug 29)
Re: Unified2 Joel Esler (Sep 18)
Re: PCRE recursion limit override related segv... Joel Esler (Aug 31)
Re: typical errors when trying pulledpork Joel Esler (Sep 07)
Re: problem with pulledpork Joel Esler (Jul 30)
Re: How to decide which rules should be enabled. Joel Esler (Jul 19)
Re: New Snort Sensor Implementation Joel Esler (Sep 12)
Re: problem with pulledpork Joel Esler (Aug 01)
Re: Configuring Snort Joel Esler (Aug 25)
Re: Compiling Barnyard with ./configure --with-mysql --with-postgresql Joel Esler (Aug 05)
Re: Up and Running Joel Esler (Sep 11)
Re: Failed to parse the IP address: $HOME_NET Joel Esler (Aug 16)
Re: RE : FP with pcre P and http_client_body + distance 0 ? Joel Esler (Jul 22)
Re: Best practices dealing with alerts Joel Esler (Jul 25)
Re: http_inspect tuning issue Joel Esler (Jul 03)
Re: Variables Joel Esler (Aug 31)
Re: Snort installation - restore mysql (snort-2.9.3). Joel Esler (Jul 25)

JoeSox

Re: Bulk export? JoeSox (Jul 10)
Bulk export? JoeSox (Jul 09)

John Babio

(no subject) John Babio (Sep 30)

John Gay

Re: Failed to parse the IP address: $HOME_NET John Gay (Aug 16)

John Ives

Re: Automatically block IP on firewall box from snort IDS John Ives (Sep 18)

Johnny Venter

Re: Snort architecture Johnny Venter (Jul 11)

John York

Re: Using PP John York (Sep 13)
rules for new Java 0-day? John York (Aug 28)

jorbru30

Re: IP Protocol Rules? jorbru30 (Jul 02)
0 Dynamic rules? jorbru30 (Jul 05)

Jose Ortiz

Content-list rule option Jose Ortiz (Aug 07)
Re: Content-list rule option Jose Ortiz (Aug 08)

Josh Little

Re: Create rule to check illegal web access Josh Little (Jul 19)

Joshua Kinard

Re: IP Protocol Rules? Joshua Kinard (Jul 01)

JP Vossen

Re: [Emerging-Sigs] Downloading older versions of snort JP Vossen (Aug 10)

jtravlos

Warning: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. jtravlos (Sep 06)
Re: Warning: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. jtravlos (Sep 06)
Warning: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. jtravlos (Sep 08)

kay

Re: Simple IPS config for snort kay (Jul 05)
Re: Simple IPS config for snort kay (Jul 05)
Re: How to write a snort rule match NO content GET or POST in http request kay (Jul 30)
Re: FW: snort 2.9.8.3 not detecting skype kay (Jul 11)
Simple IPS config for snort kay (Jul 04)
Re: guide for 64-bit kay (Jul 05)
Extra verdicts feature request for next snort version kay (Jul 06)
The DAQ version does not support reload. kay (Jul 04)
Re: IPS inline problem, again kay (Jul 05)
Re: Simple IPS config for snort kay (Jul 05)
Re: Install Snort2.9.2.3 and Snortsam kay (Jul 11)
Re: Simple IPS config for snort kay (Jul 05)
Re: Install Snort2.9.2.3 and Snortsam kay (Jul 11)
IPS inline problem, again kay (Jul 05)

Kevin Ross

Re: Choosing a firewall with Snort Kevin Ross (Sep 30)
Re: Automatically block IP on firewall box from snort IDS Kevin Ross (Sep 18)
Re: Snort and DPI Kevin Ross (Aug 02)
Re: Choosing a firewall with Snort Kevin Ross (Sep 28)
Re: Choosing a firewall with Snort Kevin Ross (Sep 26)
Re: Create rule to check illegal web access Kevin Ross (Jul 19)
Re: Automatically block IP on firewall box from snort IDS Kevin Ross (Sep 18)

L0rd Ch0de1m0rt

distance, within, and negated matches L0rd Ch0de1m0rt (Jul 01)

Lahav Savir

Best practices dealing with alerts Lahav Savir (Jul 24)

Lawrence R. Hughes, Sr.

Snort 2.9.x pcap & pfring Lawrence R. Hughes, Sr. (Aug 01)
snort 2.9.x Barnyard2-1.9 Build without libpcap Lawrence R. Hughes, Sr. (Aug 06)

Lay, James

Re: Import data from wireshark to Snort Lay, James (Sep 11)
Re: reading log files Lay, James (Jul 05)
Re: Still Empty log file Lay, James (Jul 20)
Re: Updating Rules with PulledPork in Offline mode Lay, James (Sep 17)
Re: How to write a snort rule match NO content GET orPOST in http request Lay, James (Jul 25)
Re: Failed to parse the IP address: $HOME_NET Lay, James (Aug 16)
Re: How to write a snort rule match NO content GET orPOST in http request Lay, James (Jul 25)
Re: How to decide which rules should be enabled. Lay, James (Jul 19)
Re: Still Empty log file Lay, James (Jul 18)
Re: http_inspect tuning issue Lay, James (Jul 03)
If they'd only been running Snort... Lay, James (Jul 02)
Re: How to decide which rules should be enabled. Lay, James (Jul 19)
Re: write PCRE rule Lay, James (Sep 18)
Re: Warning: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. Lay, James (Sep 06)

Leon

why i cann't receive daily report snort daily report? Leon (Sep 18)
Why i cann't receive daily report snort daily report? Leon (Sep 18)
how to set domain alias in postfix+postfixadmin Leon (Sep 18)

Leonardo Pezente

tcp flood rule Leonardo Pezente (Sep 28)

Leonard P. Jacobs

Re: [Snort-users] [Emerging-Sigs] ICMP type 8 code 80? Leonard P. Jacobs (Jul 28)
Re: [Snort-users] [Emerging-Sigs] ICMP type 8 code 80? Leonard P. Jacobs (Jul 28)

leon () kingdest com

why didn't receive daily snort report leon () kingdest com (Sep 10)
where can i download BASE? leon () kingdest com (Sep 09)
[Snort-user] Can not receive daily report leon () kingdest com (Sep 15)
how to change mailto address leon () kingdest com (Sep 09)
Fwd: how to change mailto address leon () kingdest com (Sep 09)

Liming Huang

snort options too long make segmentation fault Liming Huang (Jul 18)

lists () packetmail net

Re: Understanding within lists () packetmail net (Aug 15)
Re: Quick uricontent question lists () packetmail net (Sep 19)
Re: Understanding within lists () packetmail net (Aug 15)
Re: Quick rebots sig lists () packetmail net (Aug 27)
Re: Quick uricontent question lists () packetmail net (Sep 19)
Re: Sig help (Tumblr redirect) lists () packetmail net (Jul 03)
Re: Snort.org Blog: Rule Category Reorganization Phase 2 lists () packetmail net (Aug 30)
Re: Malicious UA sig thoughts lists () packetmail net (Sep 18)
Re: Couple sigs lists () packetmail net (Sep 10)
Re: Couple sigs lists () packetmail net (Sep 10)
Re: Sig help (Tumblr redirect) lists () packetmail net (Jul 03)
Re: Rule thought lists () packetmail net (Aug 06)
Re: Rule thoughts lists () packetmail net (Sep 06)
Re: Understanding within lists () packetmail net (Aug 15)
Re: Quick rebots sig lists () packetmail net (Aug 27)
Re: Rule thought lists () packetmail net (Aug 06)
Re: Low hanging fruit - inforet lists () packetmail net (Aug 29)

Livio () metaflows com

Re: IP Protocol Rules? Livio () metaflows com (Jul 01)

Livio Ricciulli

Re: Snort + PF_RING + DAQ Livio Ricciulli (Sep 04)
Re: Snort + PF_RING + DAQ livio Ricciulli (Sep 04)
Re: Snort + PF_RING + DAQ livio Ricciulli (Aug 30)
Re: Multiple Snorts (and PF_RING) livio Ricciulli (Jul 10)
Re: OS options to monitor traffic over a 1GiB and 10 GiB livio Ricciulli (Jul 03)
Re: Multiple Snorts (and PF_RING) livio Ricciulli (Jul 10)
Re: Snort + PF_RING + DAQ livio Ricciulli (Sep 04)
Re: Snort + PF_RING + DAQ livio Ricciulli (Sep 04)
Re: Snort + PF_RING + DAQ livio Ricciulli (Sep 04)

Logan Anderson

Re: [Emerging-Sigs] Downloading older versions of snort Logan Anderson (Aug 12)

Luca Deri

Re: Snort + PF_RING + DAQ Luca Deri (Sep 10)
Re: Snort + PF_RING + DAQ Luca Deri (Sep 04)

Luis

Re: snort 2.9.3 core dump on solaris 10 sparc Luis (Aug 09)
snort 2.9.3 core dump on solaris 10 sparc Luis (Aug 09)

Lukas Matt

ERROR: dcerpc2: dce2_co.c(1952) Could not create DCE/RPC frag reassembled packet. Lukas Matt (Jul 17)

Maneesh Patel

SNORT daily report Maneesh Patel (Jul 15)

Márcio Erli

Test Snort Márcio Erli (Aug 23)
Re: Test Snort Márcio Erli (Aug 23)

Marcos Rodriguez

Re: Automated File Carving? Marcos Rodriguez (Aug 08)
Re: PCRE and cross packet matching Marcos Rodriguez (Aug 03)
Re: turnkey snort system? Marcos Rodriguez (Aug 22)
Re: Configuring Snort Marcos Rodriguez (Aug 24)
Re: Multi-process Snort Marcos Rodriguez (Aug 14)

Martin Haug

Interesting Project for a 6-month Internship Martin Haug (Sep 11)
Re: Interesting Project for a 6-month Internship Martin Haug (Sep 12)

Martin Schütte

Re: Dynamic Preprocessor example does not make alert why? Martin Schütte (Sep 07)

Matt Jonkman

Re: [Emerging-Sigs] request enhance old sid 3193 please Matt Jonkman (Jul 29)

Matt Watchinski

Re: Enormous increase in GZIP Decompression failures with 2.9.3 vs 2.9.2.3 on 64-bit Matt Watchinski (Jul 25)

Maunu, Mark

Re: Automated File Carving? Maunu, Mark (Aug 08)

mayssa jemel

Using snort on eclipse mayssa jemel (Jul 27)
(no subject) mayssa jemel (Jul 05)

Michael Brown

Variables Michael Brown (Aug 31)
Re: Variables Michael Brown (Aug 31)
setting up snort Michael Brown (Jul 30)
Puppetizing snort Michael Brown (Sep 13)
Re: Variables Michael Brown (Aug 31)

Michael Steele

Logging Snort events to a SQL Server from Barnyard2 Michael Steele (Jul 15)
Re: logging to syslog Michael Steele (Sep 19)
Re: Help with Alerts Michael Steele (Sep 09)
Updating Rules with PulledPork and no outside connection Michael Steele (Sep 17)
Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 18)
Re: Snort on Windows Michael Steele (Jul 16)
Re: Help with Alerts Michael Steele (Sep 09)
Re: PostgreSQL problem Michael Steele (Sep 10)
Output database option - Back in? Michael Steele (Sep 08)
Re: No alert on base 1.4.5 with sfportscan - snort 2.9.2.2 Michael Steele (Jul 30)
Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 19)
Re: [Snort-devel] Barnyard2 - v2-1.10 is released Michael Steele (Sep 26)
Re: Output database option - Back in? Michael Steele (Sep 11)
Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 19)
Hot News: Barnyard2 is now on Windows! Michael Steele (Aug 16)
Re: [barnyard2-users] Compiling Barnyard with ./configure --with-mysql --with-postgresql Michael Steele (Aug 05)
Why PulledPork over Oinkmaster Michael Steele (Sep 26)
BASE Error: base_qry_alert.php:535: db->DB->MetaColumnNames('data') is NOT an array. Ignoring. Michael Steele (Sep 08)
Compiling Barnyard with ./configure --with-mysql --with-postgresql Michael Steele (Aug 05)
Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 18)
Re: Using PP Michael Steele (Sep 13)
Re: problems with PP Michael Steele (Sep 14)
Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 19)
Compiling Barnyard2 Win-32 - Scripted Compiling added Michael Steele (Aug 28)
Re: Updating Rules with PulledPork and no outside connection Michael Steele (Sep 17)
Updating Rules with PulledPork in Offline mode Michael Steele (Sep 17)
Re: [Snort-devel] Barnyard2 - v2-1.10 is released Michael Steele (Sep 26)
Snort 2.9.3.1 - Barnyard2 - BASE 1.4.5 PostgreSQL 9.1.4 - Viewing events gives error Michael Steele (Sep 07)
Compiling PostgreSQL for Barnyard2 Michael Steele (Aug 09)
WinSnort.com News: New Guided Install for Compiling Barnyard2 on Windows have arrived! Michael Steele (Aug 20)
Snort 2.9.3.0 - Some groups of rules missing from snort.conf Michael Steele (Jul 19)
Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf Michael Steele (Jul 24)
Re: problem with using snort to log in MS SQL server on another machine Michael Steele (Aug 14)
Re: problems with PP Michael Steele (Sep 14)

Michael Stoico

Re: Snort on Windows Michael Stoico (Jul 16)

Michael Wood

Re: Convert pcap file or snort log file to csv file to analysis, Michael Wood (Aug 05)

Miguel Alvarez

Re: [barnyard2-users] Fatal error after upgrading barnyard2 Miguel Alvarez (Sep 29)
threshold.conf not working? Miguel Alvarez (Sep 10)
Fatal error after upgrading barnyard2 Miguel Alvarez (Sep 28)
What kernel should I run? Miguel Alvarez (Sep 14)
Segfaults with libsf_smtp_preproc.so.0.0.0 Miguel Alvarez (Jul 09)
Re: [barnyard2-users] Fatal error after upgrading barnyard2 Miguel Alvarez (Sep 29)
Re: Segfaults with libsf_smtp_preproc.so.0.0.0 Miguel Alvarez (Jul 09)
Re: threshold.conf not working? Miguel Alvarez (Sep 10)
Re: [barnyard2-users] Fatal error after upgrading barnyard2 Miguel Alvarez (Sep 29)

Mike Cox

Re: [Emerging-Sigs] Downloading older versions of snort Mike Cox (Aug 10)
Re: Downloading older versions of snort Mike Cox (Aug 09)
Re: [Emerging-Sigs] Downloading older versions of snort Mike Cox (Aug 10)
Re: [Emerging-Sigs] Downloading older versions of snort Mike Cox (Aug 10)
Re: [Emerging-Sigs] Downloading older versions of snort Mike Cox (Aug 10)
Re: [Emerging-Sigs] Downloading older versions of snort Mike Cox (Aug 10)

Mike Hale

Re: snort classification Question Mike Hale (Aug 24)
Re: snort classification Question Mike Hale (Aug 21)
Re: snort classification Question Mike Hale (Aug 25)
Re: snort classification Question Mike Hale (Aug 21)

minhtamnw

write PCRE rule minhtamnw (Sep 18)

Mitesh Jadia

Re: Multi-process Snort Mitesh Jadia (Aug 17)

ML mail

Automatically block IP on firewall box from snort IDS ML mail (Sep 18)
Problems compiling SnortSam on OpenBSD ML mail (Sep 05)
Re: Automatically block IP on firewall box from snort IDS ML mail (Sep 18)
Re: Automatically block IP on firewall box from snort IDS ML mail (Sep 18)
Re: Problems compiling SnortSam on OpenBSD ML mail (Sep 05)

MLP SCADA

Re: turnkey snort system? MLP SCADA (Aug 22)
turnkey snort system? MLP SCADA (Aug 22)
Re: turnkey snort system? MLP SCADA (Aug 22)

mohamad hosein jafari

Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 21)
snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: what is difference mohamad hosein jafari (Aug 29)
Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 24)
Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 21)
Re: snort classification Question mohamad hosein jafari (Aug 25)
Re: snort classification Question mohamad hosein jafari (Aug 22)
Re: snort classification Question mohamad hosein jafari (Aug 21)
what is difference mohamad hosein jafari (Aug 29)
Re: snort classification Question mohamad hosein jafari (Aug 22)
Re: snort classification Question mohamad hosein jafari (Aug 24)

Mohamed Talaat

Re: Snort-users Digest, Vol 74, Issue 60 Mohamed Talaat (Jul 24)

Morgan Yang

snort support for custom headers Morgan Yang (Jul 11)

MuSung Kim

Is there a ruleset for breakingpoint malicious traffic? MuSung Kim (Aug 05)

Nabyl Benmlih

Re: Snort new install won't start Nabyl Benmlih (Jul 24)
Snort new install won't start Nabyl Benmlih (Jul 19)
Re: Snort new install won't start Nabyl Benmlih (Jul 23)

Nagy Dániel

sniffer detection Nagy Dániel (Jul 15)

Negin Nickparsa

false positives Mit lincoln laboratory and snort signatures Negin Nickparsa (Aug 13)

Neha Chriss

HTTP Inspect Statistics Neha Chriss (Sep 12)

Nhok Maruko

Import data from wireshark to Snort Nhok Maruko (Sep 11)

Nicholas Horton

Re: Stream5 Nicholas Horton (Aug 25)
Re: Email Nicholas Horton (Aug 30)
Expect Script Nicholas Horton (Aug 18)
Re: Email Nicholas Horton (Aug 29)
Re: Stream5 Nicholas Horton (Aug 23)
Re: Stream5 Nicholas Horton (Aug 22)
Re: Email Nicholas Horton (Aug 30)
Re: Expect Script Nicholas Horton (Aug 19)
Pulled Pork Nicholas Horton (Aug 28)
Re: Pulled Pork Nicholas Horton (Aug 28)
Question About Variables Nicholas Horton (Aug 13)
Email Nicholas Horton (Aug 29)
Stream5 Nicholas Horton (Aug 24)
Swatch Nicholas Horton (Aug 30)
Re: Pulled Pork Nicholas Horton (Aug 28)
Re: Email Nicholas Horton (Aug 30)
Expect Script Nicholas Horton (Aug 19)
Stream5 Nicholas Horton (Aug 22)

Nick Moore

Having an issue with Snort Report Nick Moore (Sep 18)
Re: Snort 2.9.3 mysql schema missing? Nick Moore (Jul 20)

Nick Randolph

Re: Proposed Signature - SPECIFIC-THREATS Blackhole landing page with specific structure Nick Randolph (Jul 12)

Nigel Houghton

Re: Barnyard2 - v2-1.10 is released Nigel Houghton (Sep 28)

Nikolai Preminin

Re: Multi-process Snort Nikolai Preminin (Aug 14)
Output Module Nikolai Preminin (Sep 17)
Programming output module Nikolai Preminin (Sep 03)

Pablo Atiaga

Send snort alerts via syslog to ArcSight Pablo Atiaga (Sep 27)

Pak Chan

Re: Looking for a prebuilt Snort IDS Distro Pak Chan (Sep 22)
Re: Looking for a prebuilt Snort IDS Distro Pak Chan (Sep 21)
Re: Looking for a prebuilt Snort IDS Distro Pak Chan (Sep 24)

Pardeep Dhiman

snort not logging Pardeep Dhiman (Aug 24)

Pat John

snortviz: new snort alert graph tool Pat John (Sep 12)

Patrick Mullen

Re: PCRE and cross packet matching Patrick Mullen (Aug 03)
Re: distance, within, and negated matches Patrick Mullen (Jul 01)
Re: Snort against DARPA Dataset Patrick Mullen (Jul 05)

Patterson, David R (IHS/HQ)

Re: ICMP type 8 code 80? Patterson, David R (IHS/HQ) (Jul 26)
Re: ICMP type 8 code 80? Patterson, David R (IHS/HQ) (Jul 26)

Paul Cable

Adobe Flash outdated Paul Cable (Aug 21)
Re: Netflix Paul Cable (Aug 21)
Re: Adobe Flash outdated Paul Cable (Aug 21)
Re: Adobe Flash outdated Paul Cable (Aug 21)
Netflix Paul Cable (Aug 21)

Paul Halliday

Re: RE : snort 2.9.2.3 not detecting skype Paul Halliday (Jul 10)
Re: RE : Re: RE : snort 2.9.2.3 not detecting skype Paul Halliday (Jul 10)
Re: snort admin interface GUI type Paul Halliday (Aug 29)
Re: snort admin interface GUI type Paul Halliday (Aug 29)

Paul Schmehl

Re: Snort on Windows Paul Schmehl (Jul 16)

Paul Sharon

schemas not created Paul Sharon (Aug 08)

Peter Bates

Re: Pfring crashes the kernel with white lists. Peter Bates (Jul 18)
Multiple Snorts (and PF_RING) Peter Bates (Jul 09)
Re: Snort + PF_RING + DAQ Peter Bates (Sep 04)
Re: OS options to monitor traffic over a 1GiB and 10 GiB Peter Bates (Jul 04)
Re: problems with PP Peter Bates (Sep 14)
Re: Installing & Configuring snort Peter Bates (Aug 13)
Re: Snort + PF_RING + DAQ Peter Bates (Sep 06)
Re: Multiple Snorts (and PF_RING) Peter Bates (Jul 10)
Snort and PF_RING stats Peter Bates (Jul 10)
Re: Multiple Snorts (and PF_RING) Peter Bates (Jul 10)
Re: why didn't receive daily snort report Peter Bates (Sep 10)
Size of $HOME_NET Peter Bates (Aug 31)
Re: Snort not generating alerts Peter Bates (Jul 13)
Re: Snort Installed fine but daemon will not run Peter Bates (Aug 22)
Re: Snort + PF_RING + DAQ Peter Bates (Sep 04)
Re: Using PP Peter Bates (Sep 13)
Re: Internal Network vs. External Network Peter Bates (Sep 12)
Re: Large receive offload, good or bad? Peter Bates (Aug 30)
Re: Multi-process Snort Peter Bates (Aug 17)
Re: Snort not generating alerts Peter Bates (Jul 10)
Re: Snort + PF_RING + DAQ Peter Bates (Sep 05)
Re: pcaps for triggering rules Peter Bates (Aug 24)
Re: Snort + PF_RING + DAQ Peter Bates (Aug 30)
Re: which rules to load ? Peter Bates (Aug 29)
Re: Snort not generating alerts Peter Bates (Jul 10)
Re: Snort not seeing traffic Peter Bates (Aug 29)
Re: IDS / IPS Bake time Peter Bates (Sep 13)
Re: Snort dropping more packets than it received Peter Bates (Sep 12)

Philip Edwards

False positives Philip Edwards (Aug 22)

PR

Re: I'm getting close, I smell more bacon PR (Sep 15)
Re: [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1 PR (Aug 19)
here is a screenshot. sorry! i forgot to attach PR (Sep 06)
Re: typical errors when trying pulledpork PR (Sep 07)
Re: Snort and MySQL PR (Sep 21)
Re: Looking for a prebuilt Snort IDS Distro PR (Sep 20)
I'd like to be able to post to this list - auth me? thanks Pete PR (Aug 19)
I'm getting close, I smell more bacon PR (Sep 15)
typical errors when trying pulledpork PR (Sep 08)
Re: typical errors when trying pulledpork PR (Sep 08)
Re: Import data from wireshark to Snort PR (Sep 11)
Re: Snort-sigs Digest, Vol 75, Issue 1 PR (Aug 03)
Re: [Snort-sigs] typical errors when trying pulledpork PR (Sep 09)
Re: typical errors when trying pulledpork PR (Sep 08)
Re: typical errors when trying pulledpork PR (Sep 08)
Re: Snort-sigs Digest, Vol 75, Issue 1 PR (Aug 03)
Re: Snort Rules for Version 2.8.5.1 PR (Sep 21)
Re: Looking for a prebuilt Snort IDS Distro PR (Sep 21)
Re: Your message to Snort-sigs awaits moderator approval PR (Aug 19)
Re: Looking for a prebuilt Snort IDS Distro PR (Sep 21)
Is there a 64bit version of Snort 2.9.3 available for download from snort.org? PR (Aug 19)
False positives/Oink Code/Oinkmaster vs Pulled Pork? PR (Sep 06)
Re: Output database option - Back in? PR (Sep 09)
Re: typical errors when trying pulledpork PR (Sep 08)
Re: typical errors when trying pulledpork PR (Sep 08)
I'm so close I smell Bacon... little more help thanks! PR (Sep 15)
Re: Output database option - Back in? PR (Sep 09)
Re: Snort-sigs Digest, Vol 76, Issue 14 PR (Sep 11)

Pratik Narang

which rules to load ? Pratik Narang (Aug 29)
Re: Snort not generating alerts Pratik Narang (Jul 12)
Snort architecture Pratik Narang (Jul 11)
Re: Snort not generating alerts Pratik Narang (Jul 10)
Barnyard2 giving issues after upgrading system Pratik Narang (Aug 17)
Taking action on exploit attempts Pratik Narang (Sep 22)
Snort and DPI Pratik Narang (Aug 02)
Help with Alerts Pratik Narang (Sep 08)
Snort Sam Pratik Narang (Aug 07)
Re: [Snort-users] Multi-process Snort Pratik Narang (Aug 17)
Snort's modules Pratik Narang (Jul 25)
Dealing with Snort rules and signatures Pratik Narang (Jul 30)
Snort IDS vs my firewall Pratik Narang (Aug 24)
Re: Snort not seeing traffic Pratik Narang (Aug 27)
virus.rules file Pratik Narang (Sep 04)
Re: Snort not generating alerts Pratik Narang (Jul 10)
Re: Using PP Pratik Narang (Sep 13)
Re: Regarding snort configuration Pratik Narang (Sep 26)
Choosing a firewall with Snort Pratik Narang (Sep 25)
Snort install Pratik Narang (Jul 01)
Dealing with Snort rules and signatures Pratik Narang (Jul 27)
Re: Using PP Pratik Narang (Sep 13)
Re: Snort not seeing traffic Pratik Narang (Aug 29)
Re: Automatically block IP on firewall box from snort IDS Pratik Narang (Sep 18)
Re: Snort not generating alerts Pratik Narang (Jul 10)
Re: Metasploit exploits on Snort Pratik Narang (Sep 18)
Snort not seeing traffic Pratik Narang (Aug 26)
Re: pcaps for triggering rules Pratik Narang (Aug 24)
Re: Snort IDS vs my firewall Pratik Narang (Aug 26)
Re: problems with PP Pratik Narang (Sep 14)
Re: Snort not generating alerts Pratik Narang (Jul 05)
Re: Snort not generating alerts Pratik Narang (Jul 10)
Snort not generating alerts Pratik Narang (Jul 05)
Re: pcaps for triggering rules Pratik Narang (Aug 24)
Triggering some rules Pratik Narang (Aug 23)
Re: Snort's modules Pratik Narang (Jul 27)
Using PP Pratik Narang (Sep 13)
What is this I see? Pratik Narang (Sep 10)
stream5 and http_inspect Pratik Narang (Sep 05)
pcaps for triggering rules Pratik Narang (Aug 23)
Re: Choosing a firewall with Snort Pratik Narang (Sep 26)
Re: pcaps for triggering rules Pratik Narang (Aug 24)
Re: Snort IDS vs my firewall Pratik Narang (Aug 25)
reading log files Pratik Narang (Jul 04)
Re: Choosing a firewall with Snort Pratik Narang (Sep 27)
Metasploit exploits on Snort Pratik Narang (Sep 18)
Re: Snort install Pratik Narang (Jul 03)
Multi-process Snort Pratik Narang (Aug 14)
Snort's modules Pratik Narang (Jul 25)
problems with PP Pratik Narang (Sep 14)
Re: where can i download BASE? Pratik Narang (Sep 09)
Snort's architecture Pratik Narang (Sep 05)
Help with Alerts Pratik Narang (Sep 09)

praveen_recker .

Re: Snort not generating alerts praveen_recker . (Jul 05)
Re: Changing name and file size limit of ALERT output file praveen_recker . (Sep 27)

PS

Re: Automated File Carving? PS (Aug 08)

Rajiv D

Re: [Emerging-Sigs] ICMP type 8 code 80? Rajiv D (Jul 28)

Randal T. Rioux

Re: snort syslog output support Randal T. Rioux (Sep 13)

Ray Caparros

Re: Looking for a prebuilt Snort IDS Distro Ray Caparros (Sep 20)

Research

Sourcefire VRT Certified Snort Rules Update 2012-07-19 Research (Jul 19)
Sourcefire VRT Certified Snort Rules Update 2012-08-15 Research (Aug 15)
Sourcefire VRT Certified Snort Rules Update 2012-09-11 Research (Sep 11)
Sourcefire VRT Certified Snort Rules Update 2012-08-22 Research (Aug 22)
Sourcefire VRT Certified Snort Rules Update 2012-09-17 Research (Sep 17)
Sourcefire VRT Certified Snort Rules Update 2012-07-12 Research (Jul 12)
Sourcefire VRT Certified Snort Rules Update 2012-09-25 Research (Sep 25)
Sourcefire VRT Certified Snort Rules Update 2012-08-09 Research (Aug 09)
Sourcefire VRT Certified Snort Rules Update 2012-09-06 Research (Sep 06)
Sourcefire VRT Certified Snort Rules Update 2012-09-04 Research (Sep 04)
Sourcefire VRT Certified Snort Rules Update 2012-07-17 Research (Jul 17)
Sourcefire VRT Certified Snort Rules Update 2012-08-02 Research (Aug 02)
Sourcefire VRT Certified Snort Rules Update 2012-07-10 Research (Jul 10)
Sourcefire VRT Certified Snort Rules Update 2012-09-18 Research (Sep 18)
Sourcefire VRT Certified Snort Rules Update 2012-08-07 Research (Aug 07)
Sourcefire VRT Certified Snort Rules Update 2012-09-27 Research (Sep 27)
Sourcefire VRT Certified Snort Rules Update 2012-08-30 Research (Aug 30)
Sourcefire VRT Certified Snort Rules Update 2012-08-28 Research (Aug 28)
Sourcefire VRT Certified Snort Rules Update 2012-07-24 Research (Jul 24)
Sourcefire VRT Certified Snort Rules Update 2012-09-13 Research (Sep 13)
Sourcefire VRT Certified Snort Rules Update 2012-08-14 Research (Aug 14)
Sourcefire VRT Certified Snort Rules Update 2012-08-01 Research (Aug 01)
Sourcefire VRT Certified Snort Rules Update 2012-07-03 Research (Jul 03)
Sourcefire VRT Certified Snort Rules Update 2012-08-23 Research (Aug 23)
Sourcefire VRT Certified Snort Rules Update 2012-09-21 Research (Sep 21)

Richmond, Ian

Re: SHELLCODE_PORTS & double negatives. Richmond, Ian (Jul 12)
Re: Snort not generating alerts Richmond, Ian (Jul 12)
SHELLCODE_PORTS & double negatives. Richmond, Ian (Jul 10)

Rina Rina

snort admin interface GUI type Rina Rina (Aug 29)

Rm Kml

FN with http_header and pcreH followed by same http_header+distance0... Rm Kml (Jul 24)
Re : Re: logging to syslog Rm Kml (Sep 19)
FP with pcre P and http_client_body + distance 0 ? Rm Kml (Jul 21)

rmkml

Offer rule for detect lastest Bind vulnerability rmkml (Sep 12)
Re: Rule thoughts rmkml (Sep 06)
Re: "http_client_body" rule not working rmkml (Jul 26)
request enhance old sid 3193 please rmkml (Jul 29)
Re: "http_client_body" rule not working rmkml (Jul 27)

rmkml () yahoo fr

RE : FP with pcre P and http_client_body + distance 0 ? rmkml () yahoo fr (Jul 22)
RE : FP with pcre P and http_client_body + distance 0 ? rmkml () yahoo fr (Jul 22)
RE : Re: RE : snort 2.9.2.3 not detecting skype rmkml () yahoo fr (Jul 10)
request adding space on very old sid 541 please rmkml () yahoo fr (Jul 17)
RE : snort 2.9.2.3 not detecting skype rmkml () yahoo fr (Jul 10)

Robert Parker

Having trouble firing certain rules Robert Parker (Sep 24)

Robert Vineyard

Re: OS options to monitor traffic over a 1GiB and 10 GiB Robert Vineyard (Jul 01)
PF_RING DAQ with Snort 2.9.3 compile errors Robert Vineyard (Jul 23)
Re: Multi-process Snort Robert Vineyard (Aug 14)
Re: [Snort-users] OS options to monitor traffic over a 1GiB and 10 GiB Robert Vineyard (Jul 01)

Ronan

Snort on Windows Ronan (Jul 11)
Log File? Ronan (Jul 11)

Ron Gallimore

WinSnort Team Ron Gallimore (Jul 10)

Rony Roy

Snort on Solaris Rony Roy (Jul 29)

Russ Combs

Re: understand snort code--Where to start ? Russ Combs (Jul 27)
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
Re: Extra verdicts feature request for next snort version Russ Combs (Jul 06)
Re: snort options too long make segmentation fault Russ Combs (Jul 18)
Re: S5: Session exceeded configured max bytes to queue Russ Combs (Jul 10)
Re: Packet Logger Mode- what is func()? Russ Combs (Sep 21)
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
Re: reading log files Russ Combs (Jul 05)
Re: snort inline with jumbo frame Russ Combs (Sep 11)
Re: Snort's modules Russ Combs (Jul 27)
Re: Interesting Project for a 6-month Internship Russ Combs (Sep 11)
Re: threshold.conf not working? Russ Combs (Sep 10)
Re: Snort's modules Russ Combs (Jul 25)
Re: Manual updates Russ Combs (Jul 11)
Re: unsubscribe Russ Combs (Aug 17)
Re: Potential memory leak/settings for memory conservation in 2.9.2.3/2.9.3_rc1? Russ Combs (Jul 05)
Re: snort inline with jumbo frame Russ Combs (Sep 10)
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 10)

sajjad purmohseni

using sort general hash table module (sfxhash) in dynamic-preprocessors sajjad purmohseni (Sep 23)

Scott Finlon

Re: Snort dropping more packets than it received Scott Finlon (Sep 12)
Snort dropping more packets than it received Scott Finlon (Sep 12)

Seth Hall

Re: Pfring crashes the kernel with white lists. Seth Hall (Jul 18)

shadab

Problem With Snort shadab (Sep 17)
Regarding snort configuration shadab (Sep 24)
Re: Regarding snort configuration shadab (Sep 26)

Shaiming Hsiung

Re: How to write a snort rule match NO content GET or POST in http request Shaiming Hsiung (Jul 26)
"http_client_body" rule not working Shaiming Hsiung (Jul 26)
Re: How to write a snort rule match NO content GET or POST in http request Shaiming Hsiung (Jul 26)
Re: "http_client_body" rule not working Shaiming Hsiung (Aug 01)
Re: "http_client_body" rule not working Shaiming Hsiung (Jul 27)

Shanks

Re: unsubscribe Shanks (Aug 17)

Sharath Hiremagalore

Snort HTTP Pre-processor issues Sharath Hiremagalore (Jul 25)

Sheng-Hao Wang

snort inline with jumbo frame Sheng-Hao Wang (Sep 10)
Re: snort inline with jumbo frame Sheng-Hao Wang (Sep 10)
snort inline with jumbo frame Sheng-Hao Wang (Sep 09)

Shomiron Das Gupta

Re: Snort, BASE, and FRW Shomiron Das Gupta (Sep 25)
Re: Choosing a firewall with Snort Shomiron Das Gupta (Sep 27)

Snort Releases

Snort 2.9.3.1 Now Available Snort Releases (Aug 08)
Snort 2.9.3.1 Now Available Snort Releases (Aug 08)
Snort 2.9.3 Now Available Snort Releases (Jul 18)
Snort 2.9.3 Now Available Snort Releases (Jul 18)

Sravan Bhamidipati

Re: Snort against DARPA Dataset Sravan Bhamidipati (Jul 13)
Re: Snort against DARPA Dataset Sravan Bhamidipati (Jul 05)
Re: Snort against DARPA Dataset Sravan Bhamidipati (Jul 05)
Re: Snort against DARPA Dataset Sravan Bhamidipati (Jul 05)
Re: Snort against DARPA Dataset Sravan Bhamidipati (Jul 02)

Stefano Debenedetti

Re: Snort-users Digest, Vol 75, Issue 79 Stefano Debenedetti (Aug 31)

Steven Sturges

Re: Possible bug in compiling snort 2.9.2.3 Steven Sturges (Jul 19)
Re: PCRE recursion limit override related segv... Steven Sturges (Aug 31)

Steven Vona

Barnyard - Database link down Steven Vona (Aug 01)
Barnyard - Database link down Steven Vona (Aug 07)
Barnyard - Database link down Steven Vona (Aug 05)
Rules and Tuning Steven Vona (Aug 14)
Re: Rules and Tuning Steven Vona (Aug 16)

Steve Sandington

Is snort.org down? Steve Sandington (Sep 06)

Sujoy Ghosh

Re: reading log files Sujoy Ghosh (Jul 06)
Re: Snort Configuration Problem Sujoy Ghosh (Jul 02)
Configure and fine tune Snort Rules Sujoy Ghosh (Jul 06)
Re: Configure and fine tune Snort Rules Sujoy Ghosh (Jul 06)
Re: reading log files Sujoy Ghosh (Jul 05)

Sunny Fugate

Re: Snort against DARPA Dataset Sunny Fugate (Jul 02)
Re: Snort against DARPA Dataset Sunny Fugate (Jul 05)

Sunny James Fugate

Re: pcaps for triggering rules Sunny James Fugate (Aug 24)
Re: http_inspect tuning issue Sunny James Fugate (Jul 03)

tadios tefera

Re: manual update of rules using pulledpork tadios tefera (Jul 12)
manual update of rules using pulledpork tadios tefera (Jul 11)

TermVRL M

Snort - failed to load snort_dynamicrules TermVRL M (Sep 19)

THG

Fwd: cve-2010-1635 detection THG (Aug 16)

Tim Covel

Re: Automated File Carving? Tim Covel (Aug 08)

Todd Wease

Re: snort 2.9.3 core dump on solaris 10 sparc Todd Wease (Aug 09)
Re: Snort new install won't start Todd Wease (Jul 19)

Tom Hangstin

snort ips Tom Hangstin (Sep 10)

Tony Reusser

Re: Disabled rule still alerting Tony Reusser (Aug 29)
mystery alerts Tony Reusser (Aug 30)
Re: Disabled rule still alerting - UPDATE - FIXED ! Tony Reusser (Aug 29)
Disabled rule still alerting Tony Reusser (Aug 29)
Re: Disabled rule still alerting Tony Reusser (Aug 29)

Tony Robinson

Re: Snort install Tony Robinson (Jul 03)
Re: Snort 2.9.3 Tony Robinson (Jul 20)
Re: PCRE and cross packet matching Tony Robinson (Aug 03)
Re: snort not logging Tony Robinson (Aug 24)
Re: How to decide which rules should be enabled. Tony Robinson (Jul 18)
Re: Gripe - Snort "other" downloads not signed/hashed Tony Robinson (Aug 23)
Re: pcaps for triggering rules Tony Robinson (Aug 24)
Re: Snort architecture Tony Robinson (Jul 11)
Re: guide for 64-bit Tony Robinson (Jul 05)
Autosnort v1 for Ubuntu 12.04 Tony Robinson (Aug 22)
Re: turnkey snort system? Tony Robinson (Aug 22)
Re: pcaps for triggering rules Tony Robinson (Aug 23)
Re: Rules and Tuning Tony Robinson (Aug 14)
Re: How to decide which rules should be enabled. Tony Robinson (Jul 18)
Re: Test Snort Tony Robinson (Aug 23)
Re: IP Protocol Rules? Tony Robinson (Jul 01)
Re: Configuring Snort Tony Robinson (Aug 24)
Re: Automated File Carving? Tony Robinson (Aug 08)
Re: Snort's architecture Tony Robinson (Sep 06)

Tran M. Thang

How to write a snort rule match NO content GET or POST in http request Tran M. Thang (Jul 24)
Snort2.9.2.3 PortScan and HTTP_INSPECT don't work Tran M. Thang (Jul 12)
How to wite snort rule with "OR" condition without PCRE Tran M. Thang (Jul 08)
How to check snort rules syntax using snortvalidator Tran M. Thang (Aug 30)
Portscan and http_inspect don't work with Snort2.9.2.3 on Debian Server Tran M. Thang (Jul 13)
How to see output snort rule TAG option? Tran M. Thang (Jul 31)
Re: How to write a snort rule match NO content GET or POST in http request Tran M. Thang (Jul 29)
Install Snort2.9.2.3 and Snortsam Tran M. Thang (Jul 11)

troxlinux

Re: not event in snort 2.9.3 troxlinux (Sep 27)
Re: not event in snort 2.9.3 troxlinux (Sep 27)
not event in snort 2.9.3 troxlinux (Sep 27)

Turnbough, Bradley E.

New Snort Sensor Implementation Turnbough, Bradley E. (Sep 12)
Internal Network vs. External Network Turnbough, Bradley E. (Sep 12)
Looking for a prebuilt Snort IDS Distro Turnbough, Bradley E. (Sep 20)
Monitoring via bonded interfaces; allowed or problematic? Turnbough, Bradley E. (Sep 11)
Re: Looking for a prebuilt Snort IDS Distro Turnbough, Bradley E. (Sep 21)
Re: Looking for a prebuilt Snort IDS Distro Turnbough, Bradley E. (Sep 20)
Snort / Barnyard2 Placement Turnbough, Bradley E. (Sep 26)
Snort Rules for Version 2.8.5.1 Turnbough, Bradley E. (Sep 21)
RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?) Turnbough, Bradley E. (Sep 25)
Snort Process Forking Turnbough, Bradley E. (Sep 11)
Re: RedBorder IDS / A bit disappointed... (maybe someone can help & clarify?) Turnbough, Bradley E. (Sep 25)
IDS / IPS Bake time Turnbough, Bradley E. (Sep 13)

Valentin Avram

Re: Possible bug in compiling snort 2.9.2.3 Valentin Avram (Jul 19)

Victor Roemer

Re: Snort's architecture Victor Roemer (Sep 07)
Re: Multiple Snorts (and PF_RING) Victor Roemer (Jul 10)
Re: suppressing all signatures from a particular generator Victor Roemer (Aug 24)
Re: [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1 Victor Roemer (Aug 20)
Re: Output database option - Back in? Victor Roemer (Sep 08)
Re: Problem Compiling Snort! Victor Roemer (Sep 04)
Re: suppressing all signatures from a particular generator Victor Roemer (Aug 29)
Re: Problem Compiling Snort! Victor Roemer (Sep 04)

Vinayak Malshetty

Error while installing pfring-DAQ module Vinayak Malshetty (Jul 01)
Re: Snort for report GTp statistics Vinayak Malshetty (Jul 05)
Snort for report GTp statistics Vinayak Malshetty (Jul 04)
log response pkts Vinayak Malshetty (Jul 02)
Facing issue in logging GTP response packets Vinayak Malshetty (Jul 02)
PF-ring and snort performance Vinayak Malshetty (Jul 18)

vpiserchia () gmail com

Re: PCRE and cross packet matching vpiserchia () gmail com (Aug 06)
PCRE and cross packet matching vpiserchia () gmail com (Aug 03)

waldo kitty

Re: reading log files waldo kitty (Jul 05)
Re: Issues with install Snort 2.9.3.1 Barnyard2 -1.9 waldo kitty (Aug 20)
Re: Rule thoughts waldo kitty (Sep 07)
Re: Snort against DARPA Dataset waldo kitty (Jul 16)
Re: Frag3 timeout ignored waldo kitty (Sep 01)
Re: Import data from wireshark to Snort waldo kitty (Sep 11)
Re: Bulk export? waldo kitty (Jul 10)
Re: Snort's architecture waldo kitty (Sep 07)
Re: Help with Alerts waldo kitty (Sep 08)
Re: Help with Alerts waldo kitty (Sep 09)
Re: pcaps for triggering rules waldo kitty (Aug 23)
Re: Regarding snort configuration waldo kitty (Sep 25)
Re: Snort against DARPA Dataset waldo kitty (Jul 14)
Re: SNORT daily report waldo kitty (Jul 16)
Re: snort.stats analysis waldo kitty (Jul 16)
Re: Help with Alerts waldo kitty (Sep 09)
Re: Snort-sigs Digest, Vol 76, Issue 14 waldo kitty (Sep 11)
Re: HTTP 304 alerts waldo kitty (Sep 25)
Re: how to change mailto address waldo kitty (Sep 09)
Re: typical errors when trying pulledpork waldo kitty (Sep 09)
Re: Snort against DARPA Dataset waldo kitty (Jul 02)
Re: snort.stats analysis waldo kitty (Jul 16)
Re: ERROR: The dynamic detection library waldo kitty (Aug 08)
Re: problem with using snort to log in MS SQL server on another machine waldo kitty (Aug 13)
Re: Snort's architecture waldo kitty (Sep 07)
Re: OS options to monitor traffic over a 1GiB and 10 GiB waldo kitty (Jul 02)
Re: snort classification Question waldo kitty (Aug 25)
Re: Snort, BASE, and FRW waldo kitty (Sep 25)
Re: Snort on Windows waldo kitty (Jul 16)
Re: http_inspect tuning issue waldo kitty (Jul 02)
Re: snort classification Question waldo kitty (Aug 25)
Re: Frag3 timeout ignored waldo kitty (Sep 02)
Re: [Snort-sigs] typical errors when trying pulledpork waldo kitty (Sep 08)
Re: http_inspect tuning issue waldo kitty (Jul 03)
Re: snort.stats analysis waldo kitty (Jul 16)
Re: Taking action on exploit attempts waldo kitty (Sep 25)
Re: Snort weird behaviour waldo kitty (Aug 25)
Re: What is this I see? waldo kitty (Sep 11)
Re: snort.stats analysis waldo kitty (Jul 16)
Re: snort classification Question waldo kitty (Aug 21)
Re: How to write a snort rule match NO content GET or POST in http request waldo kitty (Jul 30)
Re: Snort, BASE, and FRW waldo kitty (Sep 25)
Re: snort classification Question waldo kitty (Aug 23)
Re: Binary file format- tcpdump waldo kitty (Sep 25)

waseem sarwar

Re: Snort Pre-processor + DPX Installation Issue waseem sarwar (Jul 01)

Wei Chea Ang

Re: Create rule to check illegal web access Wei Chea Ang (Jul 19)
Re: Create rule to check illegal web access Wei Chea Ang (Jul 19)

Weir, Jason

Re: Snort Labs and conf files for 2.9.3.1? Weir, Jason (Aug 27)
Re: Snort 2.9.3 mysql schema missing? Weir, Jason (Jul 20)
Snort Labs and conf files for 2.9.3.1? Weir, Jason (Aug 24)
Re: Snort Labs and conf files for 2.9.3.1? Weir, Jason (Aug 27)
Snort 2.9.3 mysql schema missing? Weir, Jason (Jul 20)
Re: Snort installation - restore mysql (snort-2.9.3). Weir, Jason (Jul 25)
Re: Snort Installed fine but daemon will not run Weir, Jason (Aug 22)
Re: Snort 2.9.3.0 - Some groups of rules missing fromsnort.conf Weir, Jason (Jul 20)

William Allison

DAQ module for Endace cards William Allison (Aug 30)

William Sandin

Re: Barnyard - Database link down William Sandin (Aug 05)
Re: IP- and Portvar buffer limit? William Sandin (Aug 05)
IP- and Portvar buffer limit? William Sandin (Aug 05)

Will Metcalf

Re: A question on flows with pcaps Will Metcalf (Aug 08)
Re: Question on http_client_body Will Metcalf (Jul 02)
Re: PCRE recursion limit override related segv... Will Metcalf (Aug 31)
Re: Sig help (Tumblr redirect) Will Metcalf (Jul 03)
Re: Error when running snort_inline 2.6.1.5 on Centos x86-64 Will Metcalf (Aug 10)
PCRE recursion limit override related segv... Will Metcalf (Aug 31)
Re: Sig help (Tumblr redirect) Will Metcalf (Jul 03)
Re: IP- and Portvar buffer limit? Will Metcalf (Aug 05)

Wilson, Dave

Help with a signature Wilson, Dave (Sep 15)

yew chuan Ong

New IE Zero Day yew chuan Ong (Sep 17)
Proposed Signature - SPECIFIC-THREATS Blackhole landing page with specific structure yew chuan Ong (Jul 12)
Re: [Emerging-Sigs] New IE Zero Day yew chuan Ong (Sep 17)
Re: WEB-MISC backup access yew chuan Ong (Aug 20)
WEB-MISC backup access yew chuan Ong (Aug 19)

Yonas Abebe

Re: Still Empty log file Yonas Abebe (Jul 21)
Re: Still Empty log file Yonas Abebe (Jul 20)
Reputation Preprocessor Yonas Abebe (Sep 25)
Still Empty log file Yonas Abebe (Jul 18)
Re: Still Empty log file Yonas Abebe (Jul 25)
Re: Still Empty log file Yonas Abebe (Jul 28)
Re: Still Empty log file Yonas Abebe (Jul 22)
Re: Still Empty log file Yonas Abebe (Jul 19)
Re: Still Empty log file Yonas Abebe (Jul 31)
Re: Still Empty log file Yonas Abebe (Jul 30)
Re: Still Empty log file Yonas Abebe (Jul 22)

Yoshimasa Obana

Re: Dynamic Preprocessor example does not make alert why? Yoshimasa Obana (Sep 11)
Dynamic Preprocessor example does not make alert why? Yoshimasa Obana (Sep 07)

陆康

about http config 陆康 (Jul 31)

韩方

Fw: Re: hi, I'd like to use portscan preprocessor for detect nmap scan, But it' can't works, could you give me some hint? many thx! 韩方 (Aug 13)

Previous period

Next period