Snort mailing list archives
unsubscribe
From: "Ryan McClure (Systems Admin) - United Shipping" <rmcclure () unitedshipping com>
Date: Fri, 11 May 2001 07:45:16 -0600
-----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Friday, May 11, 2001 1:24 AM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #634 - 9 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit http://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: Snort won't run (alexus) 2. Re: ******unsubscribe****** (shawn . moyer) 3. RE: Snort won't run (Watson, Ed) 4. Re: ******unsubscribe****** (Martin Roesch) 5. Re: loggin issue (roman () danyliw com) 6. Re: Snort + Acid w/ MySQL question(s) (roman () danyliw com) 7. Snort 1.8-beta4 Build 17 coredump (Steve Shockley) 8. RE: Rules vs performance (Jean-Francois Zwobada) 9. Antwort: [Snort-users] DNS Query Logging? (holger.bumke () nbg net) --__--__-- Message: 1 From: "alexus" <ml () db nexgen com> To: "Dave Ryan" <dave.ryan () eircom net> Cc: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort won't run Date: Thu, 10 May 2001 18:17:10 -0400 hmm works with this one:) thanks ----- Original Message ----- From: "Dave Ryan" <dave.ryan () eircom net> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 6:12 PM Subject: Re: [Snort-users] Snort won't run
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The latest rulesfile is specific to 1.8 Try these rules instead: www.snort.org/Files/Current/snortrules.tar.gz Rgds. Quoting alexus (ml () db nexgen com):i'm using snort 1.7 with latest set of rules for some reason it won't run, any ideas? su-2.04# /usr/local/bin/snort -c /usr/local/bin/rules/snort.conf --== Initializing Snort ==-- Initializing Network Interface fxp0 Decoding Ethernet on interface fxp0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... *WARNING*: unknown preprocessor "stream2", ignoring! *WARNING*: unknown preprocessor "rpc_decode", ignoring! *WARNING*: unknown preprocessor "bo", ignoring! *WARNING*: unknown preprocessor "telnet_decode", ignoring! database: compiled support for ( mysql ) database: configured to use mysql database: user = alexus database: database name = alexus database: password is set database: host = localhost database: sensor name = 64.81.208.245 database: sensor id = 1 database: using the "log" facility Error: Unknown config: classification su-2.04# what am i doin wrong now? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users- -- Dave Ryan Computer Incident Response Team dave.ryan () eircom net Eircom Multimedia -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (OpenBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjr7EkoACgkQHSjBCI+q2yL2jACfZmDIpaL7ajbIC4As0AqpYjkG w0cAn3hTAY6RgjvX2aJykUVMlFYsOO+D =pFey -----END PGP SIGNATURE-----
--__--__-- Message: 2 Date: Thu, 10 May 2001 17:32:40 -0500 From: "shawn . moyer" <shawn () net-connect net> Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ******unsubscribe****** "Insanity is doing the same thing and expecting different results." Dr. Edwards Deming -- s h a w n m o y e r shawn () net-connect net "May the forces of evil become confused on the way to your house." --George Carlin --__--__-- Message: 3 From: "Watson, Ed" <ewatson () academic com> To: 'alexus' <ml () db nexgen com>, snort-users () lists sourceforge net Subject: RE: [Snort-users] Snort won't run Date: Thu, 10 May 2001 15:38:28 -0700 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0D9A1.EEDE1DF0 Content-Type: text/plain; charset="iso-8859-1" don't know if this will make a difference, this works for me. /usr/local/bin/snort -A full -c /usr/local/bin/rules/snort.conf -----Original Message----- From: alexus [mailto:ml () db nexgen com] Sent: Thursday, May 10, 2001 2:50 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort won't run i'm using snort 1.7 with latest set of rules for some reason it won't run, any ideas? su-2.04# /usr/local/bin/snort -c /usr/local/bin/rules/snort.conf --== Initializing Snort ==-- Initializing Network Interface fxp0 Decoding Ethernet on interface fxp0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... *WARNING*: unknown preprocessor "stream2", ignoring! *WARNING*: unknown preprocessor "rpc_decode", ignoring! *WARNING*: unknown preprocessor "bo", ignoring! *WARNING*: unknown preprocessor "telnet_decode", ignoring! database: compiled support for ( mysql ) database: configured to use mysql database: user = alexus database: database name = alexus database: password is set database: host = localhost database: sensor name = 64.81.208.245 database: sensor id = 1 database: using the "log" facility Error: Unknown config: classification su-2.04# what am i doin wrong now? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------_=_NextPart_001_01C0D9A1.EEDE1DF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: [Snort-users] Snort won't run</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>don't know if this will make a difference, this works = for me.</FONT> </P> <P><FONT SIZE=3D2>/usr/local/bin/snort -A full -c = /usr/local/bin/rules/snort.conf</FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: alexus [<A = HREF=3D"mailto:ml () db nexgen com">mailto:ml () db nexgen com</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Thursday, May 10, 2001 2:50 PM</FONT> <BR><FONT SIZE=3D2>To: snort-users () lists sourceforge net</FONT> <BR><FONT SIZE=3D2>Subject: [Snort-users] Snort won't run</FONT> </P> <BR> <P><FONT SIZE=3D2>i'm using snort 1.7 with latest set of rules</FONT> </P> <P><FONT SIZE=3D2>for some reason it won't run, any ideas?</FONT> </P> <P><FONT SIZE=3D2>su-2.04# /usr/local/bin/snort -c = /usr/local/bin/rules/snort.conf</FONT> </P> <P><FONT SIZE=3D2> --=3D=3D = Initializing Snort =3D=3D--</FONT> </P> <P><FONT SIZE=3D2>Initializing Network Interface fxp0</FONT> <BR><FONT SIZE=3D2>Decoding Ethernet on interface fxp0</FONT> <BR><FONT SIZE=3D2>Initializing Preprocessors!</FONT> <BR><FONT SIZE=3D2>Initializing Plug-ins!</FONT> <BR><FONT SIZE=3D2>Initializating Output Plugins!</FONT> </P> <P><FONT = SIZE=3D2>+++++++++++++++++++++++++++++++++++++++++++++++++++</FONT> <BR><FONT SIZE=3D2>Initializing rule chains...</FONT> </P> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor "stream2", = ignoring!</FONT> </P> <BR> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor = "rpc_decode", ignoring!</FONT> </P> <BR> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor "bo", = ignoring!</FONT> </P> <BR> <P><FONT SIZE=3D2>*WARNING*: unknown preprocessor = "telnet_decode", ignoring!</FONT> </P> <P><FONT SIZE=3D2>database: compiled support for ( mysql )</FONT> <BR><FONT SIZE=3D2>database: configured to use mysql</FONT> <BR><FONT = SIZE=3D2>database: = user =3D alexus</FONT> <BR><FONT SIZE=3D2>database: database name =3D alexus</FONT> <BR><FONT SIZE=3D2>database: password is set</FONT> <BR><FONT = SIZE=3D2>database: = host =3D localhost</FONT> <BR><FONT SIZE=3D2>database: sensor name =3D = 64.81.208.245</FONT> <BR><FONT SIZE=3D2>database: sensor id =3D = 1</FONT> <BR><FONT SIZE=3D2>database: using the "log" facility</FONT> <BR><FONT SIZE=3D2>Error: Unknown config: classification</FONT> <BR><FONT SIZE=3D2>su-2.04# </FONT> </P> <P><FONT SIZE=3D2>what am i doin wrong now?</FONT> </P> <BR> <P><FONT = SIZE=3D2>_______________________________________________</FONT> <BR><FONT SIZE=3D2>Snort-users mailing list</FONT> <BR><FONT SIZE=3D2>Snort-users () lists sourceforge net</FONT> <BR><FONT SIZE=3D2>Go to this URL to change user options or = unsubscribe:</FONT> <BR><FONT SIZE=3D2><A = HREF=3D"http://lists.sourceforge.net/lists/listinfo/snort-users" = TARGET=3D"_blank">http://lists.sourceforge.net/lists/listinfo/snort-user= s</A></FONT> <BR><FONT SIZE=3D2>Snort-users list archive:</FONT> <BR><FONT SIZE=3D2><A = HREF=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users" = TARGET=3D"_blank">http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-u= sers</A></FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0D9A1.EEDE1DF0-- --__--__-- Message: 4 Date: Thu, 10 May 2001 18:39:50 -0400 From: Martin Roesch <roesch () sourcefire com> To: "shawn . moyer" <shawn () net-connect net> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] ******unsubscribe****** Especially when *every message to the list* ends with instructions on how to perform that function.... "shawn . moyer" wrote:
"Insanity is doing the same thing and expecting different results." Dr. Edwards Deming -- s h a w n m o y e r shawn () net-connect net "May the forces of evil become confused on the way to your house." --George Carlin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org --__--__-- Message: 5 To: Koaps <koaps () 2nutz com> Cc: roman () danyliw com, snort-users () lists sourceforge net From: roman () danyliw com Subject: Re: [Snort-users] loggin issue Date: Thu, 10 May 2001 21:15:11 US/Eastern Well, -N disables the log facility and only enables the alert facility. However, from your previous email, it would appear that you have set the database plug-in to only read the log facility. Either remove the -N or reconfigure the DB plugin to use alert output database: log, postgresql, user=root ... ^^^ |========= with -N this needs to be alert cheers, Roman
nope no loggin and no -A I use this /usr/local/bin/snort -c /var/snort/snort.conf -N L8rZ, )\_/( < o,0 > ~ \ / KoAps ----- Original Message ----- From: <roman () danyliw com> To: "Koaps" <koaps () 2nutz com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 8:35 AM Subject: Re: [Snort-users] loggin issue Is it logging anywhere else (e.g. to a file)? What does you command line look like? Does it have a "-A", if so remove it. RomanI don't get it.... I have Snort 1.7 on OpenBSd it's telling me it's seeing Packets, it's sending alerts, but I see nodatain mysql....
============================================================================
=== Snort received 5065 packets and dropped 0(0.000%) packets Breakdown by protocol: Action Stats: TCP: 5048 (99.664%) ALERTS: 7 UDP: 0 (0.000%) LOGGED: 7 ICMP: 12 (0.237%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) ======================================= connect info Initializing rule chains... database: compiled support for ( mysql ) database: configured to use mysql database: user = ids database: password is set database: database name = snortdb database: host = 192.168.69.5 database: sensor name = 192.168.69.12 database: sensor id = 2 database: using the "log" facility 796 Snort rules read... 796 Option Chains linked into 114 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ I am using ACID to look at the SnortDB I can see it's registered in the database as a sensor... I just see no data from it L8rZ, )\_/( < o,0 > ~ \ / KoAps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ --__--__-- Message: 6 To: alexus <ml () db nexgen com> Cc: snort-users () lists sourceforge net From: roman () danyliw com Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s) Date: Thu, 10 May 2001 21:23:05 US/Eastern OK, lets avoid the automated table creation for now. Try running the SQL manually (create_acid_tbls_mysql.sql) Roman
mysql> select * from user where user='alexus';
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+ | Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+ | localhost | alexus | 34484ed463a66850 | Y | Y | N | Y | N | N | N | N | N | N | N | N | N | N |
+-----------+--------+------------------+-------------+-------------+-------
------+-------------+-------------+-----------+-------------+---------------
+--------------+-----------+------------+-----------------+------------+----
--------+ 1 row in set (0.00 sec) mysql> i copy and paste mysql output to show you that i do have all right privileges i also upgrade acid to 0.9.6b9 (which is latest beta for today) it still doesn't work ----- Original Message ----- From: <roman () danyliw com> To: "alexus" <ml () db nexgen com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, May 10, 2001 11:18 AM Subject: Re: [Snort-users] Snort + Acid w/ MySQL question(s)One observation: - ACID 0.9.5 does not use ADODB. This DB abstraction was introduced in 0.9.6b2 (Jan 2001). Hence, this addition into acid_conf.php will be ignored. Two recommendations: - are you sure that you have CREATE permissions on the DB user set in acid_conf.php? If all else fails, try using the "create_acid_tbls_mysql.sql" to manually create the ACID tables. - upgrade to a more recent version of ACID => 0.9.6b9. There are significant feature improvements as well as bug fixes. If you prefer an older version, upgrade to at least 0.9.6b1 for it has a number of important bug fixes cheers, RomanI'm using the following: FreeBSD 4.3 - RELEASE (STABLE) ACID-0.9.5 - RELEASE (STABLE) ADODB v1.0.1 - RELEASE (STABLE) PHP - 4.0.5 - RELEASE (STABLE) APACHE - 1.3.19 - RELEASE (STABLE) SNORT - 1.7 - RELEASE (STABLE) to compile snort i used following line: ../configure --with-mysql=/usr/local/mysql;make;make install i did change acid_conf.php i put path to adodb in adodb i put local path in adodb.inc.php when i go to http://localhost/acid it redirects me to acid_main.php
and
whenit gets there i get this: The underlying database alexus@localhost apears to be invalid. The database version is valid, but the ACID DB structure (table:acid_ag) isnot present. Use the Setup page to configure and optimize the DB when i click on "Setup page" in status window i get "DONE" for "Search Indexes" and i have "CreateACIDAG" for "ACID tables" i'm assuming i need to click on "Create ACID
AG",
whenI do that nothing happenes, it won't disappear or it won't change
status
to"DONE".. what am i missing? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ --__--__-- Message: 7 From: "Steve Shockley" <steve.shockley () shockley net> To: <snort-users () lists sourceforge net> Date: Thu, 10 May 2001 22:35:06 -0400 Subject: [Snort-users] Snort 1.8-beta4 Build 17 coredump I'm running (or trying to!) Snort 1.8 Beta 4 Build 17 on OpenBSD 2.9-snapshot (5/10). I'm mostly running the standard ruleset/config file, except I've turned on syslog logging. I used to have it running on this machine with Snort 1.7 and OpenBSD 2.8-Release, but somewhere along the way it broke and I didn't have time to fix it. I've recompiled Snort and I have the latest CVS update. Are there any known issues with this build? It seems to dump core a few minutes after starting it, even running it interactively as root. --__--__-- Message: 8 Date: Fri, 11 May 2001 08:54:39 +0200 To: Kevin Brown <Kevin.M.Brown () asu edu>, "'Robinson, Ken'" <ken.robinson () ccra-adrc gc ca>, "Snort List (E-mail)" <snort-users () lists sourceforge net> From: Jean-Francois Zwobada <zwobada () fluxus net> Subject: RE: [Snort-users] Rules vs performance Hi guys What's the average and peak bandwidth you're trying to analyse ? Regards JF At 12:53 10/05/01 -0700, Kevin Brown wrote:
I know on the Intel box I was testing out (PII 450 256MB) on a 100Mb/s link the snort was clocking 40% of the cpu with absolutely no rules or plugins. I don't remember the specifics, but I was removing rules from the list till snort dropped to 80% or less and of the ruleset of 400 rules I had to drop all but 50 I believe to get it down. I'm currently using a Sparc 500 and it is clocking 50% of the CPU (same link) with the full ruleset in place (snort1.8b5 build 20). I downloaded top and compiled it and just watch the processes and notice that with just the database and spp plugins snort is slowing eating up my 1GB of memory. I don't know if that is a memory leak or just a lot of memory caching going on within
snort.
-----Original Message----- From: Robinson, Ken [<mailto:ken.robinson () ccra-adrc gc ca>mailto:ken.robinson () ccra-adrc gc ca] Sent: Thursday, May 10, 2001 12:42 To: Snort List (E-mail) Subject: [Snort-users] Rules vs performance Hello, Are there any rule-of-thumb, or such on how the number of Snort rules affects the performance? In doing some lab tests, we found that has the amount of traffic went up,
we
detected fewer and fewer test attacks. CPU usage was high, but not peaked right out. The lab boxes were PIII 800Mhz systems with 100Mbit NICs and 256Meg RAM. I don't know of the misses were due to an issue with the hardware (NIC missing packets?), or if there were too many rules to sort through for the Snort software, or too much logging? We've looked through the snort rules from Whitehats and found many cases were we could reduce the rules by either dropping them (i.e. don't care), reducing them (i.e. all the ICMP Itype 8 could just be recorded as ping instead of detecting which OS), or making groups of them as activate rules (i.e. the DeepThroat backdoor rules). We could also use the Activate rules to log the next 50 packets and then run a full set or rules on those logged packets. So, any advise for us? Should we use Activate rules as much as possible? Should we generalize rules? Or is all of this not going to make much of a difference? Thanks. ---- Ken Robinson _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: <http://lists.sourceforge.net/lists/listinfo/snort-users>http://lists.sourc
eforge.net/lists/listinfo/snort-users
Snort-users list archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>http://www.geocra
wler.com/redir-sf.php3?list=snort-users
Jean-Francois Zwobada Cellule Securite - Fluxus Phone : +33.1.44.97.70.00 - Fax : +33.1.44.97.70.14 30, rue du Chateau des Rentiers - 75013 PARIS --__--__-- Message: 9 From: <holger.bumke () nbg net> To: "Richard, Jeff" <Jeff-Richard () forum-financial com> cc: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Date: Fri, 11 May 2001 09:22:13 +0200 Subject: Antwort: [Snort-users] DNS Query Logging? Try this small Shell-Skript: ---------------------------------------------------------------------------- ---- #!/bin/bash # suite to your needs NAMEDSTATS="/etc/named.stats" PID="/var/run/named.pid" LOG="/tmp/namedqueries.tmp" # nothing to be changed below if you're using bash. declare -i RR_new=0 declare -i RR_old=0 kill -SIGILL `cat $PID` RR_old=`tail -1 $LOG` RR_new=`tail -3 $NAMEDSTATS | head -1 | awk '{print $1}'` echo $RR_new >$LOG echo "$[RR_new-${RR_old}]" ---------------------------------------------------------------------------- ---- Other stats could be get by changing the field-parameter. Nice job for cron/MRTG. =:^) Hope it helps.... Regards, Holger "Richard, Jeff" <Jeff-Richard () forum-financial com> am 10.05.2001 22:47:34 An: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Kopie: (Blindkopie: Holger Bumke/nbg/DE) Thema: [Snort-users] DNS Query Logging? I hope someone can give a hand on this. I need to get a count of how many DNS queries my DNS servers are receiving. What should a rule for DNS queries look like? I'm not failure with DNS traffic, but realize that UDP 53, is the protocol/port, just not sure of any signature(s). -Jeff --__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net http://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 10)
- <Possible follow-ups>
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- unsubscribe Ryan McClure (Systems Admin) - United Shipping (May 11)
- Re: unsubscribe Andy Lowton (May 11)
- unsubscribe per.thorsheim (May 13)