Snort mailing list archives
Re: Demarc Certified Open Signatures
From: "Demarc Security" <snort_ml () demarc org>
Date: Wed, 2 Mar 2005 18:32:16 -0800 (PST)
I'm sorry if my last post was unclear: "The details about who wrote/contributed to each individual rule is available through our Snort rule description database interface at the community portal:" It is an *interface* to the snort rule description database as it stands today, created by the community, and published for use by the community ( http://www.snort.org/snort-db/help.html ). Our Certified Open Signatures program was just announced today and content will be changing as we add more information to the database, which will, of course, continue to be free to download in its entirety. (That's why it's on the "Community Portal" website, not our commercial website!) Our intention is simply to create a rules database that is free for all to access without restrictions or delays. It does not appear to be in the security community's best interest to request community support with signature creation, then charge a fee to access the latest rules without a delay. While the new Sourcefire license does not limit redistribution for free projects, there will still be a five-day delay before the rules are made publicly available for those who don't pay for a subscription. Five days is a long time to be exposed to a threat without any coverage from whatever Snort-based security solution you may use. Ashlyn Reznik Demarc Threat Research Team Email: areznik () demarc com http://www.demarc.com/products/ -------- Original Message -------- Date: Wed, March 2, 2005 4:27 pm From: James Affeld <jamesaffeld () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] RE: Demarc Certified Open Signatures
Your Snort rule description database appears to have been lifted from the snort website with only minor changes, at least for this example. http://www.snort.org/snort-db/sid.html?sid=1632 http://snort.demarc.com/signatures/Chat_Session_Rules/1632/ Is it a stretch to call it "our" database? What is the % of original content there? (Meter by snort rule)Message: 2 Date: Wed, 2 Mar 2005 15:04:04 -0800 (PST) Subject: RE: [Snort-users] Demarc Certified Open Signatures From: "Demarc Security" <snort_ml () demarc org> To: <snort-users () lists sourceforge net><redacted>To Bamm's point on copyrights, The details about who wrote/contributed to each individual rule is available through our Snort rule description database interface at the community portal: http://snort.demarc.com/signatures/ As for the downloads, we originally had separate contributer lines for each individual rule to give everyone credit who worked on the rules such as all the people who have contributed rules on the snort-sigs mailing list and all the rules that originally came from whitehats, however this made the file bulky and hard to visually parse. We will however have the script that interfaces with the rules database and creates these downloads reinsert the general catchall line crediting marty, brian, "et al" to make sure that there is no misinterpretation of our intentions. Thanks for pointing that out! Ashlyn Reznik Demarc Threat Research Team Email: areznik () demarc com http://www.demarc.com/products/ -------- Original Message -------- Date: Wed, March 2, 2005 10:18 am From: "Ron Jenkins" <rjenkins () dibr net> To: "Demarc Security" <snort_ml () demarc org> Subject: RE: [Snort-users] Demarc Certified Open SignaturesWill oinkmaster work with the rules downloads? Thanks... -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of DemarcSecurity Sent: Wednesday, March 02, 2005 12:09 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Demarc Certified OpenSignaturesSince our inception in 2001, Demarc has beencommitted to promoting secureInternet use by providing free versions of ourproducts for users at home.We believe that because we use Open Sourcetechnology such as Linux andSnort, that we should give back to the security communityas a whole. We havecontinued to fulfill this commitment, mostrecently with the release of ourSentarus HomeAdmin Edition, which allows people todeploy some of our latestsecurity technology in their home lab environmentsat no cost.In addition to our Sentarus and PureSecureproducts, our customers have alsobenefited from the expertise of our ThreatResearch Team which has, to date,been tasked with verifying rule stream updates andeducating customers onthe detailed workings of Snort technology. In light ofsome upcomingchanges, we're now expanding our research team and formallyannouncing our new"Certified Open Signatures" program. OurCertified Open Signatures program,which will be universally available to the entirecommunity, is founded onthese two principles: 1) Like the Snort program itself, the latestrule signatures shouldalways be available for free becausestrong computer and networksecurity are in everyone's best interests. 2) The best way for a company to serve acommunity project is toremain true to the original goals of thatproject and refrain fromcharging for vital components that have alwaysbeencommunity-driven and free. We make this announcement now, as we have recentlyreceived notice fromSourcefire that, as of next week, early access toall future Snortsignatures they create will be based on a subscription model. The Sourcefire license changes as they werepresented to us are:- All rule updates will be a minimum of fivedays older than thoseSourcefire sells to their customers, and youwill be required toregister to receive them or to wait for the nextmajor Snort release.- To receive the latest rules any sooner, youwill have to paySourcefire a rule subscription fee. We sincerely respect the efforts of the SourcefireSnort development groupalong with the numerous others who created thebase technology and rulesetsthat have made Snort a household name in thesecurity community.However, one of the greatest benefits of using Snort is thecommunity review processwhich will now be subject to an imposed arbitrary delay. At Demarc, our commitment to the securitycommunity is simple:- Demarc will maintainhttp://snort.demarc.com/ as a communityportal for Snort signatures and Snort-basedtechnology. (This site is meantto augment and not replace snort.org or thesnort-sigs mailing list.)- Demarc will produce and revise rules, aswell as collaborate withactive groups to bring together the bestrules from all communitysources. User sites such as Bleeding Snort havebeen at the forefrontof new signature development and we view thesegroups' contributionsas invaluable. Our goal is to work with thesegroups and to serve asthe trusted source for certified, production level rulesets. - Demarc's Threat Research Team will continueto provide the latestcutting-edge and Demarc Certified rules,making them immediatelyavailable for
ic download and contribution.
- Demarc will not charge for the download,use, or modification ofrules hosted on this site. Our community portal at http://snort.demarc.com/will continually evolveover the next several weeks to offer more features,including direct userinteraction. Our community portal will also becomethe new home for theSPADE statistical packet anomaly detection project andSnortSnarf, twoprojects originally managed by SiliconDefense andsubsequently transferred to Demarc.We welcome your support on these projects throughsignature review andsubmissions, and, as with all community projects,your feedback is alwayswelcome to help make it better. Sincerely, Ashlyn Reznik Demarc Threat Research Team Email: areznik () demarc com http://www.demarc.com/products/-------------------------------------------------------SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of ITProducts from real users.Discover which products truly live up to the hype.Start reading now.http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users-------- End Original Message -------- --__--__-- Message: 3 Subject: RE: [Snort-users] Snort isn't doing anything.. Date: Wed, 2 Mar 2005 17:11:45 -0600 From: "Harper, Patrick" <Patrick.Harper () phns com> To: "Marc Hering" <mhering () reval com>, <snort-users () lists sourceforge net> Is it a true hub, some hubs are really switches=2E The archives have a=0D= =0Alot about this issue=2E What make and model? =0D=0A=0D=0A-----Original = Message-----=0D=0AFrom: Marc Hering [mailto:mhering@reval=2Ecom] =0D=0ASent= : Wednesday, March 02, 2005 4:09 PM=0D=0ATo: snort-users@lists=2Esourceforg= e=2Enet=0D=0ASubject: [Snort-users] Snort isn't doing anything=2E=2E=0D=0A= =0D=0AHey Everyone=2E=2E=2E=0D=0A=0D=0AI just setup my first snort box runn= ing on Fedora Core 3=2E I installed=0D=0Aeverything, including ACID and st= arted snort up=2E=2E=2EIt starts up just fine=0D=0Aand a ps auxww |grep sno= rt shows that the app is running=2E=2E=0D=0A =0D=0A502 3740 0=2E7 14= =2E5 41444 37196 ? Ss 16:56 0:01=0D=0A/usr/local/bin/snort -c /us= r/local/snort/etc/snort=2Econf -i eth1 -g=0D=0Asnortgroup -D -u snortuser= =0D=0A=0D=0A =0D=0AHowever, If I run an nmap scan (doesn't matter what opti= ons) on any host=0D=0Aon my network (Snort can see it, it's on a hub) it do= esn't log anything=2E=0D=0ASo far it's only logged 1 alert for a SQL scan= =2E=2E I have tried updating=0D=0Athe rules to no avail=2E=2E=2E=0D=0A =0D= =0AMy snort=2Econf is the default out of the box setup, the only things i= =0D=0Ahave changed are as follows=0D=0A =0D=0A***********************Chang= ed itemsin=0D=0Asnort=2Econf********************************=0D=0AvarRULE= _PATH /usr/local/snort/rules=0D=0A =0D=0A =0D=0Aoutput database: log, mysql= ,user=3Dthepropersnortuser=0D=0Apassword=3Dsnortuserspassworddbname=3Dthe= snortdatabase host=3Dlocalhost=0D=0A (Names have been changed to protect t= he innocent :) )=0D=0A =0D=0A output alert_syslog: LOG_LOCAL3=0D=0A output= alert_fast: snort=2Elog=0D=0A output alert_full: alert=2Efull=0D=0A*******=*****************************************=0D=0A=0D=0A=0D=0A =0D=0AFrom wha= t I can understand=2E=2E=2E=2Ethis SHOULD work, is there something I=0D=0Ah= ave missed????=0D=0A=0D=0AThanks=0D=0A=0D=0A=0D=0A=0D=0A------------------=-----------------------=0D=0ADisclaimer: This electronic message, includin= g any attachments, is=0D=0Aconfidential and intended solely for use of the = intended recipient(s)=2E This=0D=0Amessage may contain information that is = privileged or otherwise protected=0D=0Afrom disclosure by applicable law=2E= Any unauthorized disclosure,=0D=0Adissemination, use or reproduction is st= rictly prohibited=2E If you have=0D=0Areceived this message in error, pleas= e delete it and notify the sender=0D=0Aimmediately=2E=0D=0A --__--__-- Message: 4 To: Matt Kettler <mkettler () evi-inc com> Cc: snort-users () lists sourceforge net, snort-users-admin () lists sourceforge net Subject: Re: [Snort-users] uricontent questions From: Brad W Rothwell <ROTHBW () inel gov> Date: Wed, 2 Mar 2005 16:29:22 -0700 This is a multipart message in MIME format. --=_alternative 0080FA4187256FB8_= Content-Type: text/plain; charset="US-ASCII" I changed it to a more generic form. alert tcp any any <> any any (msg: "foo found"; uricontent:"foo"; nocase;) and it still does not trip an alert. Ideas? Brad Rothwell INL/ICP Cyber Security Matt Kettler <mkettler () evi-inc com> Sent by: snort-users-admin () lists sourceforge net 03/02/2005 02:43 PM To Brad W Rothwell <ROTHBW () inel gov>, snort-users () lists sourceforge net cc Subject Re: [Snort-users] uricontent questions At 02:54 PM 3/2/2005, Brad W Rothwell wrote:All, I recently installed snort 2.3.0. Myunderstanding is that I canuse uricontent to search for strings as they appearin the browser addresslocation bar. For example, if the address locationis<http://foo.com/>http://foo.com the following ruleshould alert.alert tcp any any <> $HTTP_SERVERS any (msg: "foofound";uricontent:"foo"; nocase;) I have http_inspect set to the following preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ profile all ports { 80 8080 8180 }oversize_dir_length 500 flow_depth 0The rule does not alert. Am I missing something.what is HTTP_SERVERS set to? The above rule will only alert if the server for foo.com is actualy a part of that net range.-------------------------------------------------------SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now.http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users--=_alternative 0080FA4187256FB8_= Content-Type: text/html; charset="US-ASCII" <br><font size=2 face="sans-serif">I changed it to a more generic form. </font> <br><font size=2><tt>alert tcp any any <> any any (msg: "foo found"; <br> uricontent:"foo"; nocase;)</tt></font> <br><font size=2><tt>and it still does not trip an alert. Ideas?</tt></font> <br> <br><font size=2 face="sans-serif">Brad Rothwell<br> INL/ICP Cyber Security<br> </font> <br> <br> <br> <table width=100%> <tr valign=top> <td width=40%><font size=1 face="sans-serif"><b>Matt Kettler <mkettler () evi-inc com></b> </font> <br><font size=1 face="sans-serif">Sent by: snort-users-admin () lists sourceforge net</font> <p><font size=1 face="sans-serif">03/02/2005 02:43 PM</font> <td width=59%> <table width=100%> <tr valign=top> <td> <div align=right><font size=1 face="sans-serif">To</font></div> <td><font size=1 face="sans-serif">Brad W Rothwell <ROTHBW () inel gov>, snort-users () lists sourceforge net</font> <tr valign=top> <td> <div align=right><font size=1 face="sans-serif">cc</font></div> <td> <tr valign=top> <td> <div align=right><font size=1 face="sans-serif">Subject</font></div> <td><font size=1 face="sans-serif">Re: [Snort-users] uricontent questions</font></table> <br> <table> <tr valign=top> <td> <td></table> <br></table> <br> <br> <br><font size=2><tt>At 02:54 PM 3/2/2005, Brad W Rothwell wrote:<br> >All, I recently installed snort 2.3.0. My understanding is that I can <br> >use uricontent to search for strings as they appear in the browser address <br> >location bar. For example, if the address location is <br> ><http://foo.com/>http://foo.com the following rule should alert.<br> ><br> >alert tcp any any <> $HTTP_SERVERS any (msg: "foo found"; <br> >uricontent:"foo"; nocase;)<br> ><br> >I have http_inspect set to the following<br> >preprocessor http_inspect: global \<br> > iis_unicode_map unicode.map 1252<br> ><br> >preprocessor http_inspect_server: server default \<br> > profile all ports { 80 8080 8180 } oversize_dir_length 500 flow_depth 0<br> ><br> >The rule does not alert. Am I missing something.<br> <br> <br> what is HTTP_SERVERS set to? The above rule will only alert if the server <br> for foo.com is actualy a part of that net range.<br> <br> <br> <br> <br> <br>-------------------------------------------------------<br>SF email is sponsored by - The IT Product Guide<br> Read honest & candid reviews on hundreds of IT Products from real users.<br> Discover which products truly live up to the hype. Start reading now.<br>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click<br>_______________________________________________<br> Snort-users mailing list<br> Snort-users () lists sourceforge net<br> Go to this URL to change user options or unsubscribe:<br>https://lists.sourceforge.net/lists/listinfo/snort-users<br>Snort-users list archive:<br>http://www.geocrawler.com/redir-sf.php3?list=snort-users<br></tt></font> <br> --=_alternative 0080FA4187256FB8_=-- --__--__-- Message: 5 Date: Thu, 03 Mar 2005 00:30:32 +0100 From: Laurent Haond <lhaond () bearstech com> To: snort-users () lists sourceforge net Subject: Re: [Snort-users] snort-inline and iptables INPUT chain Big Thanks for your help Will ! Will Metcalf a écrit :Nothing is showing up in your alert logs? Is itjust ssh or does thishappen with all connections? Try the following....No alert, no dump. It happen for all TCP connections ( tested http as well) It work for udp/icmp (dns queries / ping works ) With advanced firewall rules, forwarded tcp/udp/icmp/whatever connections were OK. but nothing works from lan to the snort box ... (didn't try from internet to the snort box)iptables -F INPUT iptables -F OUPUT iptables -F FORWARD iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -j QUEUE iptables -A FORWARD -j QUEUE iptables -A OUPUT -j QUEUE in your snort.conf set checksum mode to none. config checksum_mode: none Regards, WillAdding "config checksum_mode: none" did the job, now it works. (BTW with or without the iptables -A INPUT -i lo -j ACCEPT rule ) I relauched my complete set of firewall rules/ internet connections and it's still working ;-) ( I've some alert about lo / 127.0.01 but they will be easy to avoid bypassing the queue..) "Googling" on this config directive, i think i could have found it by my self (there is some threads on this list about ssh/tcp issue and this directive), so i'm sorry if i've mafe you lose your time... Let me, please, ask you some more questions : why are forwarded checksum ok, but some ssh replies corrupted ? Is this an issue from kernel / iptables / snort ? (i'm using 2.4.27 kernel / iptables 1.2.11 ... going to upgrade to 1.3.x soon) Thanks Regards Laurent ps:sorry for my bad english... --__--__-- Message: 6 Reply-To: <spamtrap () winsnort com> From: "Michael Steele" <michaels () winsnort com> To: "'Snort Users Postings'" <snort-users () lists sourceforge net> Subject: RE: [Snort-users] Demarc Certified Open Signatures Date: Wed, 2 Mar 2005 16:05:07 -0800 Remember this one thing; If not for the dedication of pre-Sourcefire contributions from others, Snort would not be where it is today, and this goes for Sourcefire. This is only the beginning. Does it seem inconceivable that in the future Snort builds might be treated the same as the rules are. If it's OK to do this with the rules, then where does it stop... Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org-----Original Message----- From: snort-users-admin () lists sourceforge net[mailto:snort-users-admin () lists sourceforge net] On Behalf Of BobKonigsbergSent: Wednesday, March 02, 2005 2:31 PM To: 'Bamm Visscher'; 'Demarc Security' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Demarc Certified OpenSignaturesI don't think that's the key point here. This hasalready happened withNessus and Snort - that is, people are makingmoney off of their opensource work, and not giving credit OR cash back to thedevelopers.It's kind of sad where a few folks spoil it, butboth organizations aretrying hard to stick to their roots - whilegetting what's due them.Bob -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of BammVisscher Sent: Wednesday, March 02, 2005 2:19 PM To: Demarc Security Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Demarc Certified OpenSignaturesShouldn't a reputable company, who is supposedlycommitted to theopensource community ensure that the copyright notices forthe rules files stayintact? Bammkkkk On Wed, 2 Mar 2005 10:09:11 -0800 (PST), DemarcSecurity<snort_ml () demarc org> wrote:Since our inception in 2001, Demarc has beencommitted to promotingsecure Internet use by providing free versionsof our products for usersat home.We believe that because we use Open Sourcetechnology such as Linuxand Snort, that we should give back to thesecurity community as awhole. We have continued to fulfill thiscommitment, most recentlywith the release of our Sentarus HomeAdminEdition, which allowspeople to deploy some of our latest securitytechnology in their homelab environments at no cost.In addition to our Sentarus and PureSecureproducts, our customershave also benefited from the expertise of ourThreat Research Teamwhich has, to date, been tasked with verifyingrule stream updates andeducating customers on the detailed workings ofSnort technology. Inlight of some upcoming changes, we're nowexpanding our research teamand formally announcing our new "Certified OpenSignatures" program.Our Certified Open Signatures program, whichwill be universallyavailable to the entire community, is founded onthese two principles:1) Like the Snort program itself, thelatest rule signatures shouldalways be available for free becausestrong computer and networksecurity are in everyone's bestinterests.2) The best way for a company to serve acommunity project is toremain true to the original goals ofthat project and refrainfrom charging for vital components thathave always beencommunity-driven and free. We make this announcement now, as we haverecently received noticefrom Sourcefire that, as of next week, earlyaccess to all futureSnort signatures they create will be based on asubscription model.The Sourcefire license changes as they werepresented to us are:- All rule updates will be a minimum of fivedays older than thoseSourcefire sells to their customers, andyou will be required toregister to receive them or to wait forthe next major Snortrelease. - To receive the latest rules any sooner,you will have to paySourcefire a rule subscription fee. We sincerely respect the efforts of theSourcefire Snort developmentgroup along with the numerous others who createdthe base technologyand rulesets that have made Snort a householdname in the securitycommunity. However, one of the greatestbenefits of using Snort isthe community review process which will now besubject to an imposedarbitrary delay.At Demarc, our commitment to the securitycommunity is simple:- Demarc will maintainhttp://snort.demarc.com/ as a communityportalfor Snort signatures and Snort-basedtechnology. (This site ismeant to augment and not replace snort.orgor the snort-sigsmailing list.) - Demarc will produce and revise rules, aswell as collaborate withactive groups to bring together the bestrules from all communitysources. User sites such as BleedingSnort have been at theforefront of new signature development andwe view these groups'contributions as invaluable. Our goal isto work with thesegroups and to serve as the trusted sourcefor certified,production level rulesets. - Demarc's Threat Research Team willcontinue to provide the latestcutting-edge and Demarc Certified rules,making them immediatelyavailable for public download andcontribution.- Demarc will not charge for the download,use, or modification ofrules hosted on this site. Our community portal at http://snort.demarc.com/will continuallyevolve over the next several weeks to offer morefeatures, includingdirect user interaction. Our community portalwill also become the newhome for the SPADE statistical packet anomalydetection project andSnortSnarf, two projects originally managed bySiliconDefense andsubsequently transferred to Demarc.We welcome your support on these projectsthrough signature review andsubmissions, and, as with all communityprojects, your feedback isalways welcome to help make it better. Sincerely, Ashlyn Reznik Demarc Threat Research Team Email: areznik () demarc com http://www.demarc.com/products/-- sguil - The Analyst Console for NSM http://sguil.sf.net-------------------------------------------------------SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of ITProducts from real users.Discover which products truly live up to the hype.Start reading now.http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users-------------------------------------------------------SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of ITProducts from real users.Discover which products truly live up to the hype.Start reading now.http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users--__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge nethttps://lists.sourceforge.net/lists/listinfo/snort-usersEnd of Snort-users Digest__________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------- End Original Message -------- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Sourcefire Tactics - New Licensing, (continued)
- Re: Sourcefire Tactics - New Licensing Kevin Johnson (Mar 04)
- RE: Demarc Certified Open Signatures Eric Hines (Mar 04)
- Re: Demarc Certified Open Signatures Guillaume Arcas (Mar 04)
- RE: Demarc Certified Open Signatures Esler, Joel CNTR/Sytex (Mar 04)
- RE: Demarc Certified Open Signatures Eric Hines (Mar 03)
- RE: Demarc Certified Open Signatures Frank Knobbe (Mar 05)
- RE: Demarc Certified Open Signatures Jose Maria Lopez Hernandez (Mar 03)
- Re: Demarc Certified Open Signatures Demarc Security (Mar 02)
- RE: Demarc Certified Open Signatures Paul Schmehl (Mar 04)