****SPAM(5.3)**** help

[jiangzhw2008 <jiangzhw2008 () yeah net>]

在2009-07-16?02:41:56，snort-users-request () lists sourceforge net?写道：
> Send?Snort-users?mailing?list?submissions?to
>       snort-users () lists sourceforge net
>
> To?subscribe?or?unsubscribe?via?the?World?Wide?Web,?visit
>       https://lists.sourceforge.net/lists/listinfo/snort-users
> or,?via?email,?send?a?message?with?subject?or?body?'help'?to
>       snort-users-request () lists sourceforge net
>
> You?can?reach?the?person?managing?the?list?at
>       snort-users-owner () lists sourceforge net
>
> When?replying,?please?edit?your?Subject?line?so?it?is?more?specific
> than?"Re:?Contents?of?Snort-users?digest..."
>
>
> Today's?Topics:
>
> ???1.?Joel?Esler?Speaking?in?Augusta?Georgia?-?Tonight?(Mike?Guiterman)
> ???2.?Speaking?tonight?at?the?CSRA?Snort?Users?Group?(Joel?Esler)
> ???3.?Re:?Web?UI?(JJ?Cummings)
> ???4.?Re:?Web?UI?(Russell?Fulton)
> ???5.?Re:?Web?UI?(Joel?Esler)
> ???6.?Re:?New?netbios?rules??(craig?bowser)
>
>
> ----------------------------------------------------------------------
>
> Message:?1
> Date:?Tue,?14?Jul?2009?16:28:46?-0400
> From:?Mike?Guiterman?<mguiterman () sourcefire com>
> Subject:?[Snort-users]?Joel?Esler?Speaking?in?Augusta?Georgia?-
>       Tonight
> To:?Snort?Users?List?<snort-users () lists sourceforge net>,
>       emerging-sigs () emergingthreats net
> Message-ID:
>       <9ff4f37d0907141328v23c4727exa49e70fc8212ff63 () mail gmail com>
> Content-Type:?text/plain;?charset="iso-8859-1"
>
> Hi?all,
>
> Sorry?for?the?late?notice,?Sourcefire's?Joel?Esler?speaking?tonight?at?the
> CSRA?Snort?Users?group?in?Augusta,?Georgia?at?6:30pm.??If?you?are?in?the
> area,?and?would?like?to?attend,?the?meeting?will?be?held?in?downtown
> Augusta,?please?contact?Joel?Esler?@?joel.esler?[at]?sourcefire.com?for
> directions.
>
> Regards,
>
> Mike
> --------------?next?part?--------------
> An?HTML?attachment?was?scrubbed...
>
> ------------------------------
>
> Message:?2
> Date:?Tue,?14?Jul?2009?16:35:56?-0400
> From:?Joel?Esler?<jesler () sourcefire com>
> Subject:?[Snort-users]?Speaking?tonight?at?the?CSRA?Snort?Users?Group
> To:?Snort?Users?<snort-users () lists sourceforge net>
> Message-ID:
>       <314cf0830907141335t612d134exf68ba9e300910fd7 () mail gmail com>
> Content-Type:?text/plain;?charset="iso-8859-1"
>
> Wanted?to?let?you?all?know,?and?sorry?that?it's?on?short?notice,?but?I?will
> be?speaking?tonight?at?the?CSRA?(Augusta,?Georgia?and?surrounding?area)
> Snort?Users?Group.
>
> The?meeting?is?being?held?in?downtown?Augusta,?Georgia,?so?if?you?are?the
> area?and?would?like?to?attend,?I?plan?to?start?around?6:30-6:45,?several?of
> us?will?probably?go?to?dinner?afterwards.??All?are?invited.
>
> If?you?are?interested?in?coming,?like?I?said,?I?know?it's?short?notice,
> email?me?for?directions.??(The?location?has?asked?that?their?address?isn't
> posted.)??Thanks!
>
> Joel?Esler
> SOURCEfire
> --------------?next?part?--------------
> An?HTML?attachment?was?scrubbed...
>
> ------------------------------
>
> Message:?3
> Date:?Tue,?14?Jul?2009?14:50:00?-0600
> From:?JJ?Cummings?<cummingsj () gmail com>
> Subject:?Re:?[Snort-users]?Web?UI
> To:?"Burks,?Doug"?<doug.burks () morris com>
> Cc:?SElgram () verifpoint com, Snort?Users?List
>       <snort-users () lists sourceforge net>
> Message-ID:
>       <1c79c7b70907141350x58e1a01fn723f8fbaa66bf49d () mail gmail com>
> Content-Type:?text/plain;?charset="windows-1252"
>
> There?is?also?Snorby?(google?will?help?you?there),?I?have?been?playing?with
> it?a?bit?lately..?it's?still?BETA?/?Brand?new..
>
> you?can?also?always?go?the?route?of?syslog?etc...
>
> On?Tue,?Jul?14,?2009?at?1:57?PM,?Burks,?Doug?<doug.burks () morris com>?wrote:
>
> > ??Hi?Scott,
> >
> > ?ACID?should?not?be?used?anymore.??BASE?is?definitely?more?current.
> >
> > ?A?brand?new?web?front-end?called?Snorby?(http://www.snorby.org/)?just
> > ?appeared.??It's?still?in?Beta?and?may?not?be?ready?for?production?use.
> >
> > ?If?you?don't?require?a?web?front-end,?I?would?recommend?looking?at?Sguil?(
> > ?http://sguil.sourceforge.net/).??It?can?be?installed?very?quickly?and
> > ?easily?using?NSMnow?(http://www.securixlive.com/nsmnow/index.php).??If
> > ?you'd?like?to?try?Sguil?from?a?LiveCD?environment,?please?take?a?look?at?my
> > ?Security?Onion?LiveCD?(http://securityonion.blogspot.com/).
> >
> > ?Thanks,
> > ?Doug?Burks
> >
> > ??------------------------------
> > ??*From:*?Scott?Elgram?[mailto:SElgram () VerifPoint com]
> > ?*Sent:*?Tuesday,?July?14,?2009?2:38?PM
> > ?*To:*?'Snort?Users?List'
> > ?*Subject:*?[Snort-users]?Web?UI
> >
> > ??Hello,
> >
> > ?????????????I?am?looking?to?setup?a?new?SNORT?IDS.??I?set?one?up?a?while
> > ?back?with?ACID?as?my?UI,?I?liked?it?very?much?but?now?I?m?looking?to?build?a
> > ?brand?new?one?and?it?would?seem?that?many?things?have?changed?sense?I?did
> > ?this?last.??Most?notably,?it?looks?like?the?ACID?project?has?been?dropped.
> > ?Is?ACID?still?a?good?web?based?UI?for?SNORT?or?is?there?a?better?one?these
> > ?days???I?d?also?appreciate?your?opinion?on?BASE?which?looks?pretty?much?like
> > ?ACID?but?seems?to?be?more?current.
> >
> >
> >
> > ?-Scott
> >
> >
> >
> >
> > ?------------------------------------------------------------------------------
> > ?Enter?the?BlackBerry?Developer?Challenge
> > ?This?is?your?chance?to?win?up?to?$100,000?in?prizes!?For?a?limited?time,
> > ?vendors?submitting?new?applications?to?BlackBerry?App?World(TM)?will?have
> > ?the?opportunity?to?enter?the?BlackBerry?Developer?Challenge.?See?full?prize
> > ?details?at:?http://p.sf.net/sfu/Challenge
> > ?_______________________________________________
> > ?Snort-users?mailing?list
> > ?Snort-users () lists sourceforge net
> > ?Go?to?this?URL?to?change?user?options?or?unsubscribe:
> > ?https://lists.sourceforge.net/lists/listinfo/snort-users
> > ?Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list?archive:
> > ?http://www.geocrawler.com/redir-sf.php3?list=snort-users
> --------------?next?part?--------------
> An?HTML?attachment?was?scrubbed...
>
> ------------------------------
>
> Message:?4
> Date:?Wed,?15?Jul?2009?14:42:13?+1200
> From:?Russell?Fulton?<r.fulton () auckland ac nz>
> Subject:?Re:?[Snort-users]?Web?UI
> To:?Joel?Esler?<jesler () sourcefire com>
> Cc:?"SElgram () verifpoint com"?<SElgram () verifpoint com>,   Snort?Users
>       List?<snort-users () lists sourceforge net>
> Message-ID:?<ED79CCB0-B556-4B7F-A1F8-9E6F40580B3A () auckland ac nz>
> Content-Type:?text/plain;?charset=US-ASCII;?format=flowed;?delsp=yes
>
>
> On?15/07/2009,?at?8:01?AM,?Joel?Esler?wrote:
>
> > ?It's?much?better?than?ACID?ever?was.
> >
> > ?It's?the?biggest?web?gui?there?is?for?Snort.?With?over?20k?users.
>
> Anyone?have?a?feeling?for?how?many?events?it?will?handle?in?the??
> database???Last?time?I?looked?(a?long?time?ago)?it?would?go?very?soggy??
> if?I?tried?to?keep?more?than?a?weeks?worth?of?alerts?in?the?DB.???My??
> current?(Placid?*)?system?works?fine?with?about?6?million?events.??But??
> has?very?limited?functionality.
>
> R
>
> *?Phil?(Denault)?Loaths?ACID??:)
>
>
>
> ------------------------------
>
> Message:?5
> Date:?Wed,?15?Jul?2009?01:27:02?-0400
> From:?Joel?Esler?<jesler () sourcefire com>
> Subject:?Re:?[Snort-users]?Web?UI
> To:?Russell?Fulton?<r.fulton () auckland ac nz>
> Cc:?"SElgram () verifpoint com"?<SElgram () verifpoint com>,   Snort?Users
>       List?<snort-users () lists sourceforge net>
> Message-ID:?<F210085A-80AF-4F90-9096-F33CCCF984D6 () sourcefire com>
> Content-Type:?text/plain;      charset=us-ascii;       format=flowed;  delsp=yes
>
> I've?seen?systems?with?14?million?events?on?a?very?powerful?machine.
>
> --
> Sent?from?my?iPhone
>
> On?Jul?14,?2009,?at?10:42?PM,?Russell?Fulton?<r.fulton () auckland ac nz>??
> wrote:
>
> > ?On?15/07/2009,?at?8:01?AM,?Joel?Esler?wrote:
> >
> > > ?It's?much?better?than?ACID?ever?was.
> > >
> > > ?It's?the?biggest?web?gui?there?is?for?Snort.?With?over?20k?users.
> >
> > ?Anyone?have?a?feeling?for?how?many?events?it?will?handle?in?the??
> > ?database???Last?time?I?looked?(a?long?time?ago)?it?would?go?very??
> > ?soggy?if?I?tried?to?keep?more?than?a?weeks?worth?of?alerts?in?the??
> > ?DB.???My?current?(Placid?*)?system?works?fine?with?about?6?million??
> > ?events.??But?has?very?limited?functionality.
> >
> > ?R
> >
> > ?*?Phil?(Denault)?Loaths?ACID??:)
>
>
>
> ------------------------------
>
> Message:?6
> Date:?Wed,?15?Jul?2009?14:41:48?-0400
> From:?craig?bowser?<reswob10 () gmail com>
> Subject:?Re:?[Snort-users]?New?netbios?rules?
> To:?Snort?<snort-users () lists sourceforge net>
> Message-ID:
>       <cfec1a3a0907151141y17abe160i642cbabeb16c31d5 () mail gmail com>
> Content-Type:?text/plain;?charset="iso-8859-1"
>
> I?just?got?the?same?problem?as?jlay?<jlay () slave-tothe-box net>.??I've?had
> v2.8.4.1?running?just?fine?for?a?while,?but?today?I?updated?the?rules?(both
> from?Snort?and?from?Emerging?threats)?and?performed?an?'apt-get?upgrade'?and
> suddenly?I'm?getting?this?error.??I?don't?have?either?"preprocessor?dcerpc2"
> or?"?preprocessor?dcerpc_server:?default"?in?my?snort.conf?and?the?entry?for
> dce/rpc?is?as?follows:
>
> #?Per?Step?#2,?set?the?following?to?load?the?dcerpc?preprocessor
> #?dynamicpreprocessor?file?<full?path?to?libsf_dcerpc_preproc.so>
> #?or?use?commandline?option
> #?--dynamic-preprocessor-lib?<full?path?to?libsf_dcerpc_preproc.so>
>
> preprocessor?dcerpc:?\
> ????autodetect?\
> ????max_frag_size?3000?\
> ????memcap?100000
>
> So?it?appears?to?be?enabled.
>
> However,?I?looked?for?libsf_dcerpc_preproc.so,?but?that?file?is?not
> present.??Do?I?need?to?create?one???The?README.dcerpc?file?does?not?say?how
> to?format?such?a?file.
>
> OTOH,?did?I?screw?up?something?updating?the?rules?
>
> Thanks.
>
> Craig?Bowser
>
>
>
> On?Tue,?Jun?16,?2009?at?10:45?AM,?Griffin,?Chris?Andrew?(Chris)?<
> cg58 () alcatel-lucent com>?wrote:
>
> > ?I'm?having?the?same?problem
> >
> > ?+++++++++++++++++++++++++++++++++++++++++++++++++++
> > ?Initializing?rule?chains...
> > ?ERROR:?Warning:?/etc/snort/rules/netbios.rules(24)?=>?Unknown?keyword?'
> > ?dce_iface'?in?rule!
> > ?Fatal?Error,?Quitting..
> >
> > ?and?I?found?this?post:
> >
> >
> > ?https://forums.snort.org/forums/snort-newbies/topics/snort-error-when-starting-snort-unknown-keyword-dce_iface
> >
> > ?I?can't?find?"preprocessor?dcerpc_server:?default"?in?snort.conf?to
> > ?disable,?but?I?think?it's?because?my?snort.conf?is?old.??I'm?going?to?try
> > ?and?upgrade?my?snort.conf?to?the?latest?version?(v2.8.4.1).??If?you?haven't
> > ?upgraded?your?snort.conf?in?a?while?I?may?suggest?you?try?the?same.
> >
> >
> >
> >
> > ?________________________________
> >
> > ?From:?Joel?Esler?[mailto:jesler () sourcefire com]
> > ?Sent:?Tuesday,?June?16,?2009?10:31?AM
> > ?To:?jlay () slave-tothe-box net
> > ?Cc:?Snort
> > ?Subject:?Re:?[Snort-users]?New?netbios?rules?
> >
> >
> >
> > ?On?Jun?16,?2009,?at?10:17?AM,?jlay () slave-tothe-box net?wrote:
> >
> >
> > ????????After?updating?this?morning?I?see:
> >
> > ????????Jun?16?08:12:25?10.21.10.2?snort[7899]:?FATAL?ERROR:?Warning:
> > ????????/usr/local/etc/snort/rules/netbios.rules(24)?=>?Unknown?keyword?'
> > ????????dce_iface'?in?rule!
> >
> > ????????Version?is:
> >
> > ????????Version?2.8.4.1?(Build?38)
> >
> > ????????Do?I?need?to?update?snort???Thanks.
> >
> >
> > ?No,?but?you?do?need?to?enable?the?dce/rpc2?preprocesor?in?your?snort.conf
> >
> >
> > ?--
> > ?joel?esler?|?Sourcefire?|?gtalk:?jesler () sourcefire com?|?302-223-5974
> > ?[m]
> >
> >
> >
> > ?------------------------------------------------------------------------------
> > ?Crystal?Reports?-?New?Free?Runtime?and?30?Day?Trial
> > ?Check?out?the?new?simplified?licensing?option?that?enables?unlimited
> > ?royalty-free?distribution?of?the?report?engine?for?externally?facing
> > ?server?and?web?deployment.
> > ?http://p.sf.net/sfu/businessobjects
> > ?_______________________________________________
> > ?Snort-users?mailing?list
> > ?Snort-users () lists sourceforge net
> > ?Go?to?this?URL?to?change?user?options?or?unsubscribe:
> > ?https://lists.sourceforge.net/lists/listinfo/snort-users
> > ?Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list?archive:
> > ?http://www.geocrawler.com/redir-sf.php3?list=snort-users
> --------------?next?part?--------------
> An?HTML?attachment?was?scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Enter?the?BlackBerry?Developer?Challenge??
> This?is?your?chance?to?win?up?to?$100,000?in?prizes!?For?a?limited?time,?
> vendors?submitting?new?applications?to?BlackBerry?App?World(TM)?will?have
> the?opportunity?to?enter?the?BlackBerry?Developer?Challenge.?See?full?prize??
> details?at:?http://p.sf.net/sfu/Challenge
>
> ------------------------------
>
> _______________________________________________
> Snort-users?mailing?list
> Snort-users () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End?of?Snort-users?Digest,?Vol?38,?Issue?13
> *******************************************
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users