Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort-users digest, Vol 1 #2134 - 12 msgs

From: "Michael L. Capps" <Michael_L_Capps () attbi com>
Date: Wed, 31 Jul 2002 18:15:10 -0700
I have experienced the exact same thing with SMTP HELO overflow.  I also
am getting the FTP USER overflow alerts but I haven't gotten to them
yet.  Are you using binary or ascii logging?

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of
snort-users-request () lists sourceforge net
Sent: Wednesday, July 31, 2002 8:34 AM
To: snort-users () lists sourceforge net
Subject: Snort-users digest, Vol 1 #2134 - 12 msgs

Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-admin () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. FTP USER overflow attempt alerts, no logged packets. (Dolfred
Mascarenhas)
   2. RE: snort can do this? (McCammon, Keith)
   3. Re: Running SORT in Windows (Alexandre GIGLEUX)
   4. RE: snort behavior in very high-load environment, B
       SD vs. linux (Cloppert, Michael)
   5. Re: Running SORT in Windows (Laurent Grignet)
   6. philosophical question (Eduard San Anselmo)
   7. RE: philosophical question (McCammon, Keith)
   8. RE: snort behavior in very high-load environment,
       B SD vs. linux (Williams Jon)
   9. RE: philosophical question (RR)
  10. Re: philosophical question (Marco Aurelio Valtas Cunha)

--__--__--

Message: 1
Date: Wed, 31 Jul 2002 06:34:13 -0700 (PDT)
From: Dolfred Mascarenhas <dolfredm () yahoo com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] FTP USER overflow attempt alerts, no logged
packets.

Hi, 

My snort alerted on the FTP user overflow attempt, as
detailed below. On checking the logs, I observed that
no packets were recorded for this alert, despite the
large number of entries in the alerts file. Offensive
packets were logged on all other alerts, but not this
one.

My Snort version is 1.8.7
Any comments/ideas will be appreciated.

Thanks,
Dolfred.



[**] [1:1734:4] FTP USER overflow attempt [**]
[Classification: Attempted Administrator Privilege
Gain] [Priority: 1]
07/29-10:04:20.610705 0:A0:8E:14:EC:E8 -> 0:0:C:7:AC:0
type:0x800 len:0xAA
x.x.x.x:1349 -> x.x.x.x:21 TCP TTL:240 TOS:0x10 ID:0
IpLen:20 DgmLen:156
***AP*** Seq: 0xC7BB95C1 Ack: 0xC7BB95C1 Win: 0x0
TcpLen: 20
[Xref => http://www.securityfocus.com/bid/4638] [Snort
log] 

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


--__--__--

Message: 2
Subject: RE: [Snort-users] snort can do this?
Date: Wed, 31 Jul 2002 10:00:03 -0400
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
To: "gohometa" <gohome97 () tatung com>,
        <snort-users () lists sourceforge net>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2389A.911EE527
Content-Type: text/plain;
        charset="big5"
Content-Transfer-Encoding: quoted-printable

Yes.  It's in the Users Manual under "Tag."=20

-----Original Message-----
From: gohometa [mailto:gohome97 () tatung com]
Sent: Wednesday, July 31, 2002 4:32 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort can do this?


I f we detect a intrusion by just detect a packet,may be it is not =
correct
If I want to detect sequential packet to decide wether
they are from same source,and assure some one intrude me ,How can T do?
  snort can do this?
=20


------_=_NextPart_001_01C2389A.911EE527
Content-Type: text/html;
        charset="big5"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dbig5">


<META content=3D"MSHTML 5.50.4916.2300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D058545813-31072002>Yes.&nbsp; It's in the Users Manual under=20
"Tag."&nbsp;</SPAN></FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> gohometa=20
  [mailto:gohome97 () tatung com]<BR><B>Sent:</B> Wednesday, July 31, 2002
=
4:32=20
  AM<BR><B>To:</B>
snort-users () lists sourceforge net<BR><B>Subject:</B>=20
  [Snort-users] snort can do this?<BR><BR></FONT></DIV>
  <DIV><FONT size=3D2>I f we detect&nbsp;a intrusion by just detect a =
packet,may=20
  be it is not correct</FONT></DIV>
  <DIV><FONT size=3D2>If I want to detect&nbsp;sequential packet to =
decide=20
  wether</FONT></DIV>
  <DIV><FONT size=3D2>they are&nbsp;from&nbsp;same source,and =
assure&nbsp;some one=20
  intrude me</FONT>&nbsp;<FONT size=3D2>,How can T do?</FONT></DIV>
  <DIV><FONT size=3D2>&nbsp; snort can do this?</FONT></DIV>
  <DIV><FONT size=3D2></FONT>&nbsp;</DIV></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C2389A.911EE527--


--__--__--

Message: 3
From: "Alexandre GIGLEUX" <Alexandre.Gigleux () loria fr>
To: "Roger Niken" <rogern () grintek com>,
        <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Running SORT in Windows
Date: Wed, 31 Jul 2002 16:15:34 +0200

This is a multi-part message in MIME format.

------=_NextPart_000_004A_01C238AD.7F8F7180
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Running SORT in WindowsHello,

Go to : http://www.snort.org/dl/contrib/ and download WinPCap ...

Alex
  ----- Original Message -----=20
  From: Roger Niken=20
  To: snort-users () lists sourceforge net=20
  Sent: Wednesday, July 31, 2002 10:58 AM
  Subject: [Snort-users] Running SORT in Windows


  Hi=20

  I have downloaded SNORT for Win32 and keep getting an error "unable to
=
locate DLL-wpcap.dll" when trying to execute the file. The manual that =
came with the installation only explains how to use SNORT in Linux. =
Please assist.

  Regards=20
   =20
  Roger Niken=20
  Syrinx Communications=20
  Network Management: Systems Manager=20
  +27 (0)11 616 0701  (Office)=20
  +27 (0)82 376 5193 (Mobile)=20



  **********************************************************************
  This email and any files transmitted with it are confidential and
  intended solely for the use of the individual or entity to whom they
  are addressed. If you have received this email in error please notify
  the system manager.

  This footnote also confirms that this email message has been swept
  by Sophos AntiVirus Interface for the presence of computer viruses.

  www.sophos.com
  **********************************************************************


------=_NextPart_000_004A_01C238AD.7F8F7180
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Running SORT in Windows</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Go to : <A=20
href=3D"http://www.snort.org/dl/contrib/";>http://www.snort.org/dl/contri
b=
/</A>&nbsp;and=20
download WinPCap ...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Alex</FONT></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV=20
  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
  <A title=3Drogern () grintek com href=3D"mailto:rogern () grintek com">Roger
=
Niken</A>=20
  </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
  title=3Dsnort-users () lists sourceforge net=20
  =
href=3D"mailto:snort-users () lists sourceforge net">snort-users () lists sour
c=
eforge.net</A>=20
  </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Wednesday, July 31, 2002
=
10:58=20
  AM</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [Snort-users] Running
=
SORT in=20
  Windows</DIV>
  <DIV><BR></DIV>
  <P><FONT face=3DArial size=3D2>Hi</FONT> </P>
  <P><FONT face=3DArial size=3D2>I have downloaded SNORT for Win32 and =
keep getting=20
  an error "unable to locate DLL-wpcap.dll" when trying to execute the =
file. The=20
  manual that came with the installation only explains how to use SNORT
=
in=20
  Linux. Please assist.</FONT></P>
  <P><FONT face=3DArial size=3D2>Regards</FONT> <BR><FONT
face=3DArial=20
  size=3D2>&nbsp;</FONT> <BR><FONT face=3DArial size=3D2>Roger =
Niken</FONT><FONT=20
  face=3DArial> </FONT><BR><FONT face=3DArial size=3D2>Syrinx=20
  Communications</FONT><FONT face=3DArial> </FONT><BR><FONT face=3DArial
=

  size=3D2>Network Management: Systems Manager</FONT><FONT face=3DArial>
=

  </FONT><BR><FONT face=3DArial size=3D2>+27 (0)11 616 0701&nbsp;=20
  (Office)</FONT><FONT face=3DArial> </FONT><BR><FONT face=3DArial =
size=3D2>+27 (0)82=20
  376 5193 (Mobile)</FONT><FONT face=3DArial> </FONT></P><CODE><FONT=20
  =
size=3D3><BR><BR>*******************************************************
*=
**************<BR>This=20
  email and any files transmitted with it are confidential =
and<BR>intended=20
  solely for the use of the individual or entity to whom they<BR>are =
addressed.=20
  If you have received this email in error please notify<BR>the
system=20
  manager.<BR><BR>This footnote also confirms that this email message =
has been=20
  swept<BR>by Sophos AntiVirus Interface for the presence of computer=20
  =
viruses.<BR><BR>www.sophos.com<BR>**************************************
*=
*******************************<BR></BLOCKQUOTE></FONT></CODE></BODY></H
T=
ML>

------=_NextPart_000_004A_01C238AD.7F8F7180--



--__--__--

Message: 4
From: "Cloppert, Michael" <Michael.Cloppert () 53 com>
To: 'Adam D'Amico' <adamico () speakeasy net>, 
        snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort behavior in very high-load environment,
B
        SD vs. linux
Date: Wed, 31 Jul 2002 10:16:11 -0400

Okay, I'm not going to be able to address all of your issues/concerns
here
as I'm fairly new with snort myself, BUT here are my thoughts...


Now, I've read/heard for a long time that the BSD packet capture
ability is far better than that in linux, even with the new 2.4
optimizations.

I've heard this too, this is the first attempt at verifying such claims
with
regard to snort that I've read.  Kudos!


I've got two identical boxes with two identical gig-e feeds running
into them.  The hardware is dual P3 1.26GHz, 1GB RAM, plenty of
7200rpm IDE disk, and Intel pro1000-T adapters.  On the copper there
is a steady stream from our backbone of around 55-70kpps, weighing
in at between 300-400Mbps, depending on time of day.  

Okay, first thing to consider is your processors.  Keep in mind snort is
single-threaded, so unless you're running barnyard (I think that's what
it's
called), which handles output processors in a separate thread, this
likely
won't help your performance.  Second, the point you make about your PCI
bus
being 32 as opposed to 64 bit is valid.  Remember, you have not only
your
gig ethernet card trying to talk across this bus, but also all the data
going to your disk array, and if you have two NIC's (one for capture and
one
for management), you're cramming that data onto the bus as well.
Whether or
not LINUX & BSD handle pushing data across the bus differently I don't
know,
but something to think about.


Snort analyzed -906323712 out of -843192947 packets, The 
kernel dropped

<snip>

Snort analyzed -1634877952 out of -796656885 packets, The 
kernel dropped
793215694(22.674%) packets

<snip>

Snort analyzed -249022464 out of -1275082956 packets, The 
kernel dropped
1452753881(113.934%) packets

How do I drop more than 100%?

I'd bet you're seeing integer wraparound.  Snort's using a signed
integer
for keeping track of how many packets it's captured and when it attempts
to
count high enough, you will begin to see negative numbers.  If you're
not a
coder, here's basically how it works.  IF a signed integer is used, the
high-order bit is reserved as the negative indicator.  For example, 0000
0010 is a positive number, but 1000 0111 is a negative number (because
the
high-order bit is set).  When you're counting, if you get high enough
and
you add 1 to 0111 1111, you get 1000 0000, which then puts you in the
negative realm!  You may simply need to regulate the number of packets
you're capturing by doing so for a shorter period of time, so you avoid
this
problem - maybe do this a number of times and add up your results?  It's
a
thought...

Hope this helps.  Definitely post any other results you get - this is
very
useful information!!

Mike


--__--__--

Message: 5
Date: Wed, 31 Jul 2002 16:49:23 +0200
From: Laurent Grignet <lgrignet () ulg ac be>
Reply-To: unif <lgrignet () ulg ac be>
Organization: ulg
To: Snort-users () lists sourceforge net
Subject: Re: [Snort-users] Running SORT in Windows


Hi


Hello,


I have downloaded SNORT for Win32 and keep getting an error "unable to
locate DLL-wpcap.dll" when trying to execute the file. The manual that

came

with the installation only explains how to use SNORT in Linux. Please
assist.


did you install winpcap ? If not it's why snort doesn't work

see http://winpcap.polito.it/ for information


Regards


Hope This Helps,


Roger Niken 


Laurent



--__--__--

Message: 6
Date: Wed, 31 Jul 2002 17:00:17 +0200
From: Eduard San Anselmo <esananselmo () albasoft com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] philosophical question

I've just installed snort and everything seems to work fine. Too fine, I

would say: my sensor is informing of many alerts that aren't so, I mean,

there are lots of false positives that I'm supposed to tune. That's my 
question: what does tuning mean? The way I see it is that I have to look

at the alerts and change some things in the rules that triggered those 
alerts, so they won't bother me again. Is that a good point of view?
Thank you.



--__--__--

Message: 7
Subject: RE: [Snort-users] philosophical question
Date: Wed, 31 Jul 2002 10:59:10 -0400
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
To: "Eduard San Anselmo" <esananselmo () albasoft com>,
        <snort-users () lists sourceforge net>

Correct.  You need to examine what you believe to be FP, and adjust your
=
rules files accordingly.  The popular method is to pass on the sig in =
local.rules or the like, or write BPF statements to correct the issue.


-----Original Message-----
From: Eduard San Anselmo [mailto:esananselmo () albasoft com]
Sent: Wednesday, July 31, 2002 11:00 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] philosophical question
=20
=20
I've just installed snort and everything seems to work fine.=20
Too fine, I=20
would say: my sensor is informing of many alerts that aren't=20
so, I mean,=20
there are lots of false positives that I'm supposed to tune.=20
That's my=20
question: what does tuning mean? The way I see it is that I=20
have to look=20
at the alerts and change some things in the rules that=20
triggered those=20
alerts, so they won't bother me again. Is that a good point of view?
Thank you.
=20
=20
=20
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=3D31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
=20



--__--__--

Message: 8
From: "Williams Jon" <WilliamsJon () JohnDeere com>
To: "'Adam D'Amico'" <adamico () speakeasy net>,
        snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort behavior in very high-load environment,
 B SD vs. linux
Date: Wed, 31 Jul 2002 10:13:56 -0500

While I haven't got nearly the load you've got, I'll share what I've
found
in my testing.

First, I don't remember if it was Linux or another OS (Solaris?), but
there's at least one Unix out there that lies about its packet drop
rate, as
it its hard coded to 0 in the kernel.  In my testing of Slowaris vs.
FreeBSD, this appears to be the case.

Second, the single threading problem can be minimized if you use BSD and
can
segment your snort processes using command line BPF.  For example, if
you've
got three /24 subnets, 10.0.1.0, 10.0.2.0, and 10.0.3.0, run one snort
process for each with the BPF on the command line of "net 10.0.1.0" or
whatever.  By doing that, you can gain some of the benefits of having
multiple processors (if your kernel is built for it) even with a
single-threaded snort.  As a side note, I've also found it worth running
an
N+1 process with a BPF of "not net 10.0.1.0 and not net 10.0.2.0 and not
net
10.0.3.0" and alerting on any packet I see.  This has been one of the
most
useful rules I've put together, since it shows me things that
theoretically
shouldn't be on my network.  <grin>

Next, depending on the traffic loads, you can run into performance
issues
based on the capabilities of your system.  At really high speeds, things
like your PCI bus width and disk write speeds are always an issue, but
your
memory bandwidth can also become an issue.

As for rules, I'm actually getting to the point where I think I've got
some
of my networks profiled fairly well.  I know basically what types of
network
traffic are allowed, what applications run there, things like that.
Once
you have that information, I believe that it is more useful to look for
violations to normal than to spend time looking for what unknown
"experts
out there" say you should look for.  For example, if I know that only
TCP
traffic is allowed on a WAN link, then create a rule that alerts when
the
protocol field is not TCP.  Not only will you run fewer rules, I believe
that this will give a better chance at detecting new viruses, as well.

Finally, if you do use external rules, such as from snort.org, take a
hard
look at what rules you run.  Get rid of as many as you can, try very
hard
not to use the address list construct (i.e. [1.1.1.1,2.2.2.2,3.3.3.3]),
and
try to optimize the order of the rules such that the most specific rules
(specific addresses and ports) that don't have content: options are at
the
top and the least specific ones (any any -> any any) that use content:
options are at the bottom.  This helps break out of the critical path
faster, so you waste less time looking at most packets.

I hope this helps.  Please let us know what your results are, since this
information is very useful to many of us :-)

Jon

-----Original Message-----
From: Adam D'Amico [mailto:adamico () speakeasy net]
Sent: Tuesday, July 30, 2002 5:43 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort behavior in very high-load environment, BSD
vs. linux


Hello,

I've been working with snort for a while now in an environment that
seems to be on the bleeding edge of what should be snortable.  I've
gotten predictable results in some spots and weirdness in others.
I thought I would share my results with everyone here, in the hope
that someone might get use out of them, and maybe even have decent
explanations for the weirdness.  I've read through a lot of the
previous threads having to do with packet loss and system tuning,
but not much of it was applicable, given the network environment
I'm running in.



--__--__--

Message: 9
From: "RR" <rehmanr () dedicatedtech com>
To: "Eduard San Anselmo" <esananselmo () albasoft com>,
        <snort-users () lists sourceforge net>
Subject: RE: [Snort-users] philosophical question
Date: Wed, 31 Jul 2002 11:25:10 -0400

I would say yes. That is a good starting point. However you may need to
write your own rules as well for some specific things that you want to
monitor. Remember, pre-defined rules don't do "everything".

HTH

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Eduard San
Anselmo
Sent: Wednesday, July 31, 2002 11:00 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] philosophical question


I've just installed snort and everything seems to work fine. Too fine, I
would say: my sensor is informing of many alerts that aren't so, I mean,
there are lots of false positives that I'm supposed to tune. That's my
question: what does tuning mean? The way I see it is that I have to look
at the alerts and change some things in the rules that triggered those
alerts, so they won't bother me again. Is that a good point of view?
Thank you.



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



--__--__--

Message: 10
Date: Wed, 31 Jul 2002 11:33:07 -0400
From: Marco Aurelio Valtas Cunha <mavcunha () bit fmrp usp br>
Organization: =?ISO-8859-1?Q?Funda=E7=E3o_Hemocentro?=
To: Eduard San Anselmo <esananselmo () albasoft com>
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] philosophical question

Yeah, that's a good point of view, but tunning means more like "know 
what is the data in your network, then update only the rules that apply 
to it." It's better have false positives than miss real alerts.

Marco.

Eduard San Anselmo wrote:

I've just installed snort and everything seems to work fine. Too fine,

I 

would say: my sensor is informing of many alerts that aren't so, I

mean, 

there are lots of false positives that I'm supposed to tune. That's my



question: what does tuning mean? The way I see it is that I have to

look 

at the alerts and change some things in the rules that triggered those



alerts, so they won't bother me again. Is that a good point of view?
Thank you.



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
##############################################################
# Atenção meu email mudou para  mavcunha () bit fmrp usp br     #
# Veja porque http://scarecrow.fmrp.usp.br/~mavcunha/public  #
# Attention my email changed to mavcunha () bit fmrp usp br     #
# See why here http://scarecrow.fmrp.usp.br/~mavcunha/public #
##############################################################
Marco Aurélio Valtas Cunha
Laboratório de Bioinformática
Hemocentro de Ribeirão Preto
Faculdade de Medicina de Ribeirão Preto
Universidade de São Paulo
Tel 55 16 3963-9300 R: 9603
homepage http://bit.fmrp.usp.br
email: mavcunha () bit fmrp usp br




--__--__--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: