Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

1152 messages starting Dec 01 10 and ending Nov 02 10
Date index | Thread index | Author index

김무성

which SQL injection detection rule is best when considering performance, false-positive, real attack 김무성 (Dec 01)
10G virtual network traffic 김무성 (Oct 21)

Ahmed Qaisi

I'm tired from snort!! Ahmed Qaisi (Oct 26)
Re: I'm tired from snort!! Ahmed Qaisi (Oct 26)

Alan Ptak

Re: SID Identification Alan Ptak (Oct 19)
Re: Is Snort susceptible to AET's? Alan Ptak (Oct 20)

Alejandro Cabrera Obed

URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Snort 2.9 + Debian Alejandro Cabrera Obed (Dec 16)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 29)
Snort Report or Base ??? Alejandro Cabrera Obed (Oct 28)
Rules for Snort 2.9.0.2 Alejandro Cabrera Obed (Dec 20)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)

alexandre suzuki

Just Analyzing tcpdump files according to defined rules. alexandre suzuki (Oct 06)

Alex Kirk

Re: GPL sid 2472 optimization. Alex Kirk (Oct 11)
Re: Possible FP 17363 Alex Kirk (Oct 25)
Re: snort-2.9.0 missing --enable-inline Alex Kirk (Oct 06)
Re: pcre high cpu usage Alex Kirk (Oct 19)
Re: pcre high cpu usage Alex Kirk (Oct 18)
Re: Problem with stream5 Alex Kirk (Nov 18)
Re: Are commas allowed in signature descriptions? Alex Kirk (Dec 09)
Re: FP 12634 Alex Kirk (Oct 13)
Re: FP? 1675 Alex Kirk (Oct 21)
Re: Issue while detecting patterns in a simple HTTP Page [Web client based] Alex Kirk (Nov 22)
Re: Are commas allowed in signature descriptions? Alex Kirk (Dec 08)
Re: FP on sig 17567 Alex Kirk (Nov 17)
Re: pcre high cpu usage Alex Kirk (Oct 19)
Re: [Spam] Re: Possible FP 17363 Alex Kirk (Oct 26)
Re: FP 17154 Alex Kirk (Oct 21)

Alex Tatistcheff

Re: Host Attribute Table Question Alex Tatistcheff (Nov 12)
Re: Ourmon Alex Tatistcheff (Dec 09)
Re: Snort 2.9.0 Now Available Alex Tatistcheff (Oct 04)

Andersen Klaus

Re: Snort 2.9 Setup Guide Andersen Klaus (Oct 20)

Andres Carrera

Ourmon Andres Carrera (Nov 18)
Re: [Snort-users] Ourmon Andres Carrera (Dec 08)

Andres Carrera Rivera

Snort Inline As an IPS Andres Carrera Rivera (Oct 01)
Re: Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)
Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)
Re: I need some opinions Andres Carrera Rivera (Dec 06)
Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
Re: Snort Inline As an IPS Andres Carrera Rivera (Oct 01)
Re: H-Snort / Hybrid Snort Andres Carrera Rivera (Nov 26)
Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 08)
Spade Drop Anomalies Andres Carrera Rivera (Oct 14)
Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
H-Snort / Hybrid Snort Andres Carrera Rivera (Nov 26)
Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 01)
Re: Snort Inline As an IPS Andres Carrera Rivera (Oct 01)

Andy Berryman

Host Attribute Table Question Andy Berryman (Nov 11)
Re: New Sig Doc is one giant file? Andy Berryman (Dec 07)
New Sig Doc is one giant file? Andy Berryman (Dec 06)
Building a host attribute table? Andy Berryman (Oct 13)
Is Snort susceptible to AET's? Andy Berryman (Oct 20)
FP on sig 17567 Andy Berryman (Nov 17)
Re: Host Attribute Table Question Andy Berryman (Nov 11)
Re: Changes in the latest rule packs Andy Berryman (Dec 06)

Anthony Rees

Re: OT: What tap would you recommend? Anthony Rees (Nov 05)
Re: How o views snort log from mysql Anthony Rees (Oct 30)

Atkins, Dwane P

Re: Snort recommendations Atkins, Dwane P (Nov 04)
Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
libdnet.1: cannot open shared object file: no such file or directory Atkins, Dwane P (Nov 09)
Re: Snorby and Snort Atkins, Dwane P (Nov 11)
Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Tweak mysql database Atkins, Dwane P (Dec 21)
Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Snorby and Snort Atkins, Dwane P (Nov 10)
Snort recommendations Atkins, Dwane P (Nov 04)

Azher Mughal

Re: Snort libmysql error Azher Mughal (Dec 15)
Snort libmysql error Azher Mughal (Dec 15)
Re: Snort 2.9.0.3 Now Available Azher Mughal (Dec 26)

Barney Pause

sfportscan not generating alerts or logs Barney Pause (Oct 06)

Barry Demers

I'm overwhelmed by all this, but determined. Perhaps a little direction? Barry Demers (Dec 17)

beenph

Re: payload logging, barnyard2 beenph (Oct 29)
Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 20)

Bhagya Bantwal

Re: 'compress_depth' Bhagya Bantwal (Oct 08)
Re: Snort instance crashes Bhagya Bantwal (Dec 30)
Re: Snort 2.9, barnyard2, and unknown record types Bhagya Bantwal (Nov 03)
Re: Bug with file_data pointer being set in 2.9.0? Bhagya Bantwal (Oct 27)
Re: HTTP Inspect and packet reassembly Bhagya Bantwal (Oct 29)

Bill Scherr IV

Re: [Snort-devel] I need some opinions Bill Scherr IV (Dec 06)

Billy Marshall

Re: Barnyard2 and multiple sensors Billy Marshall (Nov 02)
Re: Snort has different IPs than Wireshark Billy Marshall (Nov 30)
Snort has different IPs than Wireshark Billy Marshall (Nov 30)

Bobby Venal

SMTP content-type overflow rule question Bobby Venal (Dec 03)
upgrade question Bobby Venal (Oct 25)

Brad P

Re: Install Snort on Ubuntu with mysql and SnortReports Brad P (Nov 10)

Castle, Shane

Re: Snort 2.9.0 packages for RHEL? Castle, Shane (Oct 18)
Re: [Snort-devel] Snort.org has a new blog! Castle, Shane (Dec 14)
Re: Install Snort on Ubuntu with mysql and SnortReports Castle, Shane (Nov 10)
Re: Snort has different IPs than Wireshark Castle, Shane (Nov 30)
Re: Unsubscribe Tami.McGee () ftb ca gov Castle, Shane (Dec 29)
Re: Snort 2.9.0 packages for RHEL? Castle, Shane (Oct 18)
Any BASE honchos here? Castle, Shane (Nov 10)
Linux recommendations Castle, Shane (Nov 09)
Re: Snort with two instances Castle, Shane (Dec 22)
Re: snort 2.9.0.1 packages for RHEL5.x Castle, Shane (Nov 04)
Re: Best practices for very high volume install.. Castle, Shane (Dec 20)

Champ Clark III [Softwink]

Building wireless IDS systems... Champ Clark III [Softwink] (Nov 11)

Chan, Wilson

Updating sid-msg.map Chan, Wilson (Nov 15)

Chris Copeland

capturing on the wrong nic Chris Copeland (Oct 18)
Re: capturing on the wrong nic Chris Copeland (Oct 18)

Chris Stevens

FP? 1675 Chris Stevens (Oct 19)

Christopher A. Libby

Re: Holy Crap Christopher A. Libby (Oct 15)
1:17239 False Positive Christopher A. Libby (Oct 12)
False Positives on 1:17246 Christopher A. Libby (Oct 14)
Re: 1:17239 False Positive Christopher A. Libby (Oct 12)

CleBeer

Re: snort-2.9.0 missing --enable-inline CleBeer (Oct 06)

C. L. Martinez

Libpcap shipped with RHEL6 GA C. L. Martinez (Nov 12)

Crook, Parker

Re: New snort.conf Crook, Parker (Dec 30)
Re: Will this work - negated hosts? Crook, Parker (Oct 26)
New snort.conf Crook, Parker (Dec 29)
Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
Re: Building a host attribute table? Crook, Parker (Oct 13)
Re: Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. Crook, Parker (Nov 30)
Security Analogies Crook, Parker (Dec 17)
Re: Rule Migration Cheat Sheet? Crook, Parker (Dec 22)
Re: Best practices for very high volume install.. Crook, Parker (Dec 21)

Crusty Saint

Re: New Proposed Classification.config file setup Crusty Saint (Dec 28)

CunningPike

Suggested pcre addition to 1:6251 CunningPike (Nov 26)
Re: Linux recommendations CunningPike (Dec 20)

c.willie

Error in encode.c in Snort 2.9.0 on Ubuntu 10.04.1 LST c.willie (Oct 25)

Dan Dwelley

Using SNORT inline Dan Dwelley (Oct 29)

Danny Paul

Snort 2.9.0 ipvar unknown rule type Danny Paul (Oct 19)
Re: Snort 2.9.0 ipvar unknown rule type Danny Paul (Oct 19)
Re: Snort 2.9.0 ipvar unknown rule type Danny Paul (Oct 19)

Darren Spruell

Re: [Emerging-Sigs] [Snort-sigs] New Classification System Proposal Darren Spruell (Dec 24)

David C. Maple

Re: Snort with two instances David C. Maple (Dec 22)

David Gullett

Re: Snort 2.9 Setup Guide David Gullett (Oct 23)
Snort 2.9 Setup Guide David Gullett (Oct 18)

Dustin Webber

Snorby 2.0.0.pre Dustin Webber (Nov 29)
Re: Snort populates Mysql a lot Dustin Webber (Dec 23)
Snorby 2.0.0 Released Dustin Webber (Dec 05)
Re: Tweak mysql database Dustin Webber (Dec 21)

Edward Fjellskål

Re: Snort IPv6 database schema Edward Fjellskål (Nov 02)
Re: [Snort-users] Ourmon Edward Fjellskål (Dec 08)
Re: Snort 2.9.0.3 Now Available Edward Fjellskål (Dec 27)

egoitz

Re: Snort and multiple logging egoitz (Oct 06)
Re: Snort and multiple logging egoitz (Oct 06)
Snort and multiple logging egoitz (Oct 06)
Re: Snort and multiple logging egoitz (Oct 06)

elof

Re: Best script to pre-load signature metadata into a database elof (Oct 07)
Best script to pre-load signature metadata into a database elof (Oct 07)

Eoin Miller

Re: HTTP Inspect and packet reassembly Eoin Miller (Oct 28)
Re: HTTP Inspect and packet reassembly Eoin Miller (Oct 31)
Re: Snort 2.9.0.1 Now Available Eoin Miller (Nov 08)
Re: Linux recommendations Eoin Miller (Nov 09)
Re: Snort and multiple logging Eoin Miller (Oct 06)
Re: Barnyard2 and multiple sensors Eoin Miller (Oct 21)
Re: [Emerging-Sigs] Attack from .jp IPs Eoin Miller (Dec 07)
Re: New snort.conf Eoin Miller (Dec 29)
Re: [Snort-users] 2.9.0.1 performance issue Eoin Miller (Nov 18)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Eoin Miller (Dec 17)
FP's with sid:17239 - IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt Eoin Miller (Oct 12)
Re: Snort 2.9.0 Now Available Eoin Miller (Oct 04)
Re: Snort with two instances Eoin Miller (Dec 22)
Re: Rule Migration Cheat Sheet? Eoin Miller (Dec 22)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Eoin Miller (Oct 20)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Eoin Miller (Dec 17)
Re: compiling daq in old custom environment... Eoin Miller (Oct 05)
Re: Snort 2.9.0.1 Now Available Eoin Miller (Nov 08)
Re: OT: What tap would you recommend? Eoin Miller (Nov 26)
Re: OT: What tap would you recommend? Eoin Miller (Nov 05)

Eric L. Howard

Re: Using detection_filter instead of threshold Eric L. Howard (Oct 27)
Re: Stream5 confusion Eric L. Howard (Dec 28)
Re: Using detection_filter instead of threshold Eric L. Howard (Oct 27)

evejou

Question regarding distances after a byte_jump... evejou (Dec 16)
Re: Question regarding distances after a byte_jump... evejou (Dec 16)
Re: Question regarding distances after a byte_jump... evejou (Dec 16)

evilghost () packetmail net

Re: Snort populates Mysql a lot evilghost () packetmail net (Dec 23)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
Re: Snort instance crashes evilghost () packetmail net (Dec 30)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
Re: [Emerging-Sigs] congratulations to snort! for getting thesourceforge.net project of the month! evilghost () packetmail net (Dec 17)
Re: [Emerging-Sigs] Attack from .jp IPs evilghost () packetmail net (Dec 07)

Fábio Ferrão

Problem with stream5 Fábio Ferrão (Nov 18)

Fingle Nark

Re: PATCH: more compact ac-bnfa trans list Fingle Nark (Oct 28)
PATCH: more compact ac-bnfa trans list Fingle Nark (Oct 27)

firnsy

Re: unified2 processing firnsy (Nov 26)
Call for Snort 2.9.x U2 files containing type 110 records. firnsy (Nov 22)
Re: Snort 2.9, barnyard2, and unknown record types firnsy (Nov 03)

Florian Westphal

[PATCH 1/1] daq_nfq: fix cfg->timeout usage and remove extra select call Florian Westphal (Dec 17)
Re: [PATCH 1/1] daq_nfq: fix cfg->timeout usage and remove extra select call Florian Westphal (Dec 17)

Frank Eberle

2.9.0.1 performance issue Frank Eberle (Nov 18)

Frank Knobbe

SnortSam Loss and Re-Creation Frank Knobbe (Oct 03)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Frank Knobbe (Dec 27)

Giles Coochey

Re: Attack from .jp IPs Giles Coochey (Dec 07)

Gisle Vanem

Re: No bridging support with Daq? Gisle Vanem (Dec 16)

Greg Lane

SID Identification Greg Lane (Oct 19)

Gregory W. MacPherson

Re: [Emerging-Sigs] New Proposed Classification.config file setup Gregory W. MacPherson (Dec 28)

Gregory Zill

Re: Snort populates Mysql a lot Gregory Zill (Dec 23)

Guise McAllaster

Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. Guise McAllaster (Nov 29)

Hafez Kamal

[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal (Nov 11)
[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal (Nov 11)
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal (Nov 18)
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal (Nov 18)

Hayes, Bert (ISO)

Rule Migration Cheat Sheet? Hayes, Bert (ISO) (Dec 22)

hermit

Re: Linux recommendations hermit (Nov 10)

infosec posts

Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Rule 17494 infosec posts (Oct 01)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 infosec posts (Nov 03)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 infosec posts (Nov 03)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)

James Kaufman

Re: Snort 2.9.0.3 Now Available James Kaufman (Dec 28)

James Lay

Re: Fine tuning Snort James Lay (Oct 07)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more James Lay (Oct 05)
Re: New snort install ipvar issue James Lay (Dec 24)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day James Lay (Dec 30)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more James Lay (Oct 05)
Re: 1:17239 False Positive James Lay (Oct 12)
Re: Fine tuning Snort James Lay (Oct 08)
Re: Fine tuning Snort James Lay (Oct 08)
Fine tuning Snort James Lay (Oct 07)
Re: Fine tuning Snort James Lay (Oct 08)
Re: New snort install ipvar issue James Lay (Dec 24)
New snort install ipvar issue James Lay (Dec 24)
Re: Snort not logging all alerts in pcap (was Oddness with 16295) James Lay (Nov 15)
Re: Oddness with 16295 James Lay (Nov 10)
Snort 2.9.0 DCE RPC error [SOLVED] and more James Lay (Oct 05)
Re: New snort install ipvar issue James Lay (Dec 24)
Re: Fine tuning Snort James Lay (Oct 09)
Re: Fine tuning Snort James Lay (Oct 08)

James Thornton

Multiple Snort Instances - One Interface James Thornton (Oct 29)
Re: Multiple Snort Instances - One Interface James Thornton (Oct 29)

Jamie Riden

Re: Snort.org has a new blog! Jamie Riden (Dec 14)
Re: [Emerging-Sigs] Attack from .jp IPs Jamie Riden (Dec 08)
Re: Attack from .jp IPs Jamie Riden (Dec 07)

Jason Brvenik

Re: Duplicate downloaded rules Jason Brvenik (Oct 19)
Re: Using detection_filter instead of threshold Jason Brvenik (Oct 27)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more Jason Brvenik (Oct 05)
Re: Using detection_filter instead of threshold Jason Brvenik (Oct 27)
Re: OT: What tap would you recommend? Jason Brvenik (Nov 26)

Jason Haar

Re: Linux recommendations Jason Haar (Nov 09)
symbol error with 2.9.1 Jason Haar (Nov 26)
Re: symbol error with 2.9.1 Jason Haar (Nov 26)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Jason Haar (Oct 20)
Re: Barnyard2 and multiple sensors Jason Haar (Oct 21)
snort-2.9.0 on RHEL5 Jason Haar (Oct 07)
Re: Snort 2.9.0.1 Now Available Jason Haar (Nov 02)

Jason Wallace

Re: afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Oct 15)
Re: Suggested pcre addition to 1:6251 Jason Wallace (Nov 26)
Re: snort-2.9.0 missing --enable-inline Jason Wallace (Oct 06)
Re: Pulledpork next release? Jason Wallace (Oct 21)
Re: Starting Snort 2.9.0.1 Jason Wallace (Nov 04)
afpacket vs. NFQ Jason Wallace (Oct 12)
Re: afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Nov 02)
Re: No bridging support with Daq? Jason Wallace (Dec 16)
Re: No bridging support with Daq? Jason Wallace (Dec 16)
Re: [Emerging-Sigs] Attack from .jp IPs Jason Wallace (Dec 07)
Re: afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Oct 19)
Re: Updating sid-msg.map Jason Wallace (Nov 18)
snort-2.9.0 prereqs Jason Wallace (Oct 12)
afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Oct 13)
snort-2.9.0 and libpcap Jason Wallace (Oct 21)
Re: No bridging support with Daq? Jason Wallace (Dec 16)
Re: snort-2.9.0 prereqs Jason Wallace (Oct 14)
Re: [Emerging-Sigs] lots or rules loaded and snort performance Jason Wallace (Nov 05)
snort-2.9.0 missing --enable-inline Jason Wallace (Oct 06)

Jefferson, Shawn

Re: Snort recommendations Jefferson, Shawn (Nov 04)
Re: Best practices for very high volume install.. Jefferson, Shawn (Dec 21)
Re: Snort 2.8.6 performance Jefferson, Shawn (Oct 08)
Pulledpork next release? Jefferson, Shawn (Oct 21)
Snort 2.9.0.1 Rules? Jefferson, Shawn (Nov 02)
Re: Snort and multiple logging Jefferson, Shawn (Oct 06)
Re: Fine tuning Snort Jefferson, Shawn (Oct 08)
Snort 2.9.0 DAQ with MMAP pcap? Jefferson, Shawn (Oct 08)
Re: Snort 2.8.6 performance Jefferson, Shawn (Oct 08)
Re: Ourmon Jefferson, Shawn (Dec 08)
Re: OT: What tap would you recommend? Jefferson, Shawn (Nov 05)
Re: Rule 17494 Jefferson, Shawn (Oct 01)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jefferson, Shawn (Dec 20)
Re: Best practices for very high volume install.. Jefferson, Shawn (Dec 21)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jefferson, Shawn (Dec 21)
Rule 17494 Jefferson, Shawn (Oct 01)
Snort 2.8.6 performance Jefferson, Shawn (Oct 08)
Re: Pulledpork next release? Jefferson, Shawn (Oct 21)

Jeff Kell

Re: Rule 17494 Jeff Kell (Oct 01)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Jeff Kell (Oct 20)

Jim Hranicky

Re: flexresp3: Reset with TTL of 0 Jim Hranicky (Oct 26)
Re: Barnyard2 and multiple sensors Jim Hranicky (Oct 27)
Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)
Re: Barnyard2 and multiple sensors Jim Hranicky (Oct 28)
flexresp3: Reset with TTL of 0 Jim Hranicky (Oct 26)
Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)

Jimmy Tharel

so_rule problem Jimmy Tharel (Oct 01)

JJC

Re: Pulledpork next release? JJC (Oct 21)
Re: Snorby and Snort JJC (Nov 11)
Re: snort SID 119-15 JJC (Dec 16)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Nov 04)
Re: Reporting/stats from logs JJC (Oct 19)
Re: Rule 17494 JJC (Oct 01)
Re: 17494 Falsing on non IE6 systems JJC (Oct 27)
PulledPork 0.5.0 the Drowning Rat is now floating in the wild! JJC (Oct 21)
Re: Snort 2.9.0.1 Rules? JJC (Nov 02)
Re: Reporting/stats from logs JJC (Oct 19)
Re: FP 17246 JJC (Oct 14)
Re: Snorby and Snort JJC (Nov 11)
Re: Rule 17494 JJC (Oct 01)
Re: Barnyard2 and multiple sensors JJC (Oct 21)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Dec 10)

JJ Cummings

Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJ Cummings (Dec 12)
Re: !!Rolling back Snort rule files!! JJ Cummings (Oct 29)
Re: Disablesid not working JJ Cummings (Oct 14)
Re: !!Rolling back Snort rule files!! JJ Cummings (Oct 29)

J. L. Cabral

Snort instance crashes J. L. Cabral (Dec 30)
Re: Snort instance crashes J. L. Cabral (Dec 30)
Re: Snort populates Mysql a lot J. L. Cabral (Dec 30)
Snort with two instances J. L. Cabral (Dec 22)
Re: Snort 2.9 versions to choose J. L. Cabral (Dec 20)
Snort populates Mysql a lot J. L. Cabral (Dec 23)
Re: Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 30)
Re: Snort populates Mysql a lot J. L. Cabral (Dec 23)
Snort 2.9 versions to choose J. L. Cabral (Dec 20)
Get warnings in real-time J. L. Cabral (Dec 27)
Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 29)

Joel Esler

Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 21)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Joel Esler (Dec 17)
Re: Rules for Snort 2.9.0.2 Joel Esler (Dec 20)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
Re: FP's with sid:17239 - IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt Joel Esler (Oct 12)
Snort.org has a new blog! Joel Esler (Dec 14)
Re: Just Analyzing tcpdump files according to defined rules. Joel Esler (Oct 06)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: Download issues? Joel Esler (Oct 15)
Re: [Emerging-Sigs] Best way to achieve this. Joel Esler (Dec 02)
Re: Host Attribute Table Question Joel Esler (Nov 11)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
Re: [PATCH]: Add "iis_encode" parameter to manual for http_encode Joel Esler (Dec 21)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Joel Esler (Dec 21)
Re: snort prune open sessions Joel Esler (Dec 21)
Re: Possible FP 17363 Joel Esler (Oct 26)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: I need some opinions Joel Esler (Dec 06)
Re: URL to download VRT rules Joel Esler (Oct 28)
Re: !!Rolling back Snort rule files!! Joel Esler (Oct 29)
Re: !!Rolling back Snort rule files!! Joel Esler (Oct 29)
Re: Best script to pre-load signature metadata into a database Joel Esler (Oct 07)
Re: [Emerging-Sigs] (no subject) Joel Esler (Nov 29)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: capturing on the wrong nic Joel Esler (Oct 18)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 29)
Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Oinkmaster downloads intermittently failing Joel Esler (Nov 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: 1:17239 False Positive Joel Esler (Oct 12)
Re: OT: What tap would you recommend? Joel Esler (Nov 26)
Re: Snort 2.9.0.2 to be released Joel Esler (Dec 01)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Joel Esler (Dec 17)
Re: Dropped packets again Joel Esler (Nov 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: FP's with sid:17239 - IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt Joel Esler (Oct 12)
Re: Minor corrections to the 2.9.0.2 manual Joel Esler (Dec 17)
Re: dropped packets in Perfmonitor Joel Esler (Dec 01)
Re: Rule Migration Cheat Sheet? Joel Esler (Dec 22)
Re: Snort 2.9.0.2 to be released Joel Esler (Dec 05)
Re: Zero Kiwi Log Output But SSL Preprocessor Finds 84 Server Application Alerts Joel Esler (Dec 13)
Re: Pulledpork next release? Joel Esler (Oct 21)
Snort 2.9.0.2 to be released Joel Esler (Nov 30)
Re: [PATCH]: Add missing semi-colons to manual for a few options Joel Esler (Dec 21)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Nov 30)
Re: Oddness with 16295 Joel Esler (Nov 11)
Re: pcre high cpu usage Joel Esler (Oct 18)
Re: Undocumented parameters to the 'flow' option? Joel Esler (Dec 21)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 26)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 Joel Esler (Nov 03)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 22)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 29)
Re: snort Port Based Pattern Matching Memory Joel Esler (Dec 14)
Re: 17494 Falsing on non IE6 systems Joel Esler (Oct 27)
Re: SMTP content-type overflow rule question Joel Esler (Dec 03)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 28)
Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: Snort 2.9.0.3 is coming soon! Joel Esler (Dec 17)
Re: How do I automate reading multiple captures? Joel Esler (Dec 15)
Re: Binary File Processed Nicely but Alerts Not Showing Up in Kiwi Joel Esler (Dec 10)
Re: New snort.conf Joel Esler (Dec 30)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Joel Esler (Dec 05)
Re: Snort CVSweb broke? Joel Esler (Dec 21)
Re: Snort 2.9.0 Now Available Joel Esler (Oct 04)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 29)
Re: [Snort-devel] Snort.org has a new blog! Joel Esler (Dec 14)
Re: I need some opinions Joel Esler (Dec 06)
Re: Using detection_filter instead of threshold Joel Esler (Oct 28)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 Joel Esler (Nov 03)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Joel Esler (Dec 13)
Re: [Emerging-Sigs] Attack from .jp IPs Joel Esler (Dec 07)
Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: Snort 2.9.0.3 Now Available Joel Esler (Dec 28)
Re: 1:17239 False Positive Joel Esler (Oct 12)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: Barnyard2 and multiple sensors Joel Esler (Oct 20)
Re: How do I filter either Kiwi Syslog or Snort to stop this recurring Auth_Alert? Joel Esler (Dec 10)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: dropped packets in Perfmonitor Joel Esler (Dec 03)
Re: ERROR! daq_static library not found Joel Esler (Dec 07)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: snort Port Based Pattern Matching Memory Joel Esler (Dec 14)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 29)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: snort 2.8.6.1 frag3 policy linux Joel Esler (Dec 01)
Re: Oinkmaster downloads intermittently failing Joel Esler (Nov 26)
Re: Updating sid-msg.map Joel Esler (Nov 15)
Re: Snort 2.9.0.3 Now Available Joel Esler (Dec 28)
Re: [PATCH]: Re-word uricontent's description a bit more in the manual Joel Esler (Dec 21)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 28)
Fwd: gen-msg.map missing entries for ssl preprocessor? Joel Esler (Dec 23)
Re: Ddos? Joel Esler (Nov 05)
Snort.org was updated today, with new features! Joel Esler (Nov 03)
Re: Updating sid-msg.map Joel Esler (Nov 16)
Re: Snorby and Snort Joel Esler (Nov 10)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Rule Migration Cheat Sheet? Joel Esler (Dec 22)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Joel Esler (Dec 13)
Re: Oinkmaster downloads intermittently failing Joel Esler (Nov 26)
Re: congratulations to snort! for getting the sourceforge.net project of the month! Joel Esler (Dec 16)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Patch to running Snort on Solaris 10 SPARC Joel Esler (Dec 29)
New Proposed Classification.config file setup Joel Esler (Dec 23)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
I need some opinions Joel Esler (Dec 06)
Snort 2.9.0.3 is coming soon! Joel Esler (Dec 17)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 03)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 01)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 31)
Re: Ddos? Joel Esler (Nov 05)
Re: Snort 2.9 + Debian Joel Esler (Dec 16)
New OpenSource Community Manager Announcement Joel Esler (Nov 15)
Re: Snort populates Mysql a lot Joel Esler (Dec 23)
Re: Snort 2.9 versions to choose Joel Esler (Dec 20)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Fine tuning Snort Joel Esler (Oct 08)
Re: snort website contact (was: Re: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder) Joel Esler (Oct 05)
Re: Fwd: daq/snort 2.9.0 on Solaris sparc ? Joel Esler (Oct 06)
Re: Rate limiting alerts Joel Esler (Dec 09)
Re: New Proposed Classification.config file setup Joel Esler (Dec 23)
Re: Undocumented parameters to the 'flow' option? Joel Esler (Dec 17)
Re: URL to download VRT rules Joel Esler (Oct 28)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 02)
Re: [Emerging-Sigs] Multiple rule issues after upgrade Joel Esler (Dec 29)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
Re: Best practices for very high volume install.. Joel Esler (Dec 20)
Re: unclassified alerts Joel Esler (Dec 20)
Re: New snort.conf Joel Esler (Dec 29)
Re: Security Analogies Joel Esler (Dec 17)
Re: 17494 Falsing on non IE6 systems Joel Esler (Oct 27)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 26)
Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Joel Esler (Dec 05)
Re: Rule Migration Cheat Sheet? Joel Esler (Dec 22)
Re: Fine tuning Snort Joel Esler (Oct 09)
Re: Question regarding distances after a byte_jump... Joel Esler (Dec 16)
Re: sfportscan not generating alerts or logs Joel Esler (Oct 06)
Re: I need some opinions Joel Esler (Dec 06)
Re: Snort populates Mysql a lot Joel Esler (Dec 23)
Re: Tagged packets alerts Joel Esler (Dec 14)
Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 20)
Re: FP 17246 Joel Esler (Oct 14)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
ATTN: Snort Package Maintainers! Joel Esler (Dec 22)
Housekeeping Joel Esler (Dec 07)
Re: Snort as a Service on Ubuntu 9 Joel Esler (Dec 01)
Re: Rule 17494 Joel Esler (Oct 01)
Re: Rule 17494 Joel Esler (Oct 01)
Re: Snort.org has a new blog! Joel Esler (Dec 14)
Re: [PATCH]: Add "iis_encode" parameter to manual for http_encode Joel Esler (Dec 20)
Re: FP 17246 Joel Esler (Oct 14)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: Question regarding distances after a byte_jump... Joel Esler (Dec 16)
Re: FP 3:16663 Joel Esler (Oct 15)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: H-Snort / Hybrid Snort Joel Esler (Nov 26)

Joe Pampel

Re: Best practices for very high volume install.. Joe Pampel (Dec 20)
Re: OT: What tap would you recommend? Joe Pampel (Nov 05)

John Forristel

sfPortscan logfilein 2.9.0 John Forristel (Oct 19)

John Gay

Re: New snort install ipvar issue John Gay (Dec 24)
Re: Disabling Snort signatures with Oinkmster John Gay (Dec 29)
Re: New snort install ipvar issue John Gay (Dec 24)
Re: New snort install ipvar issue John Gay (Dec 24)

John Hally

Re: OT: What tap would you recommend? John Hally (Nov 05)

José R . Cristo Almaguer

Snort 2.9.0 José R . Cristo Almaguer (Oct 08)
Runing snort José R . Cristo Almaguer (Oct 08)
Starting Snort 2.9.0.1 José R . Cristo Almaguer (Nov 04)
'compress_depth' José R . Cristo Almaguer (Oct 08)

Josh Little

Re: False Positives on 1:17246 Josh Little (Oct 14)
Re: [Emerging-Sigs] Attack from .jp IPs Josh Little (Dec 07)
Re: Fine tuning Snort Josh Little (Oct 08)

Joshua.Kinard

Minor corrections to the 2.9.0.2 manual Joshua.Kinard (Dec 13)
Re: Minor corrections to the 2.9.0.2 manual Joshua.Kinard (Dec 17)
[PATCH]: Add missing semi-colons to manual for a few options Joshua.Kinard (Dec 21)
Snort CVSweb broke? Joshua.Kinard (Dec 21)
Re: Ip_proto's 'lsrre' parameter Joshua.Kinard (Oct 22)
Ip_proto's 'lsrre' parameter Joshua.Kinard (Oct 18)
Re: New Proposed Classification.config file setup Joshua.Kinard (Dec 23)
[PATCH]: Add "iis_encode" parameter to manual for http_encode Joshua.Kinard (Dec 20)
[PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joshua.Kinard (Dec 20)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 29)
Undocumented parameters to the 'flow' option? Joshua.Kinard (Dec 17)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 29)
Re: Undocumented parameters to the 'flow' option? Joshua.Kinard (Dec 21)
[PATCH]: Re-word uricontent's description a bit more in the manual Joshua.Kinard (Dec 21)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Joshua.Kinard (Dec 27)
Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 26)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Dec 08)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 29)

JS

Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified JS (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified JS (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified JS (Dec 17)

Jun Wan

Re: How o views snort log from mysql Jun Wan (Oct 30)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Nov 30)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 20)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day Jun Wan (Dec 31)
Re: ET rules in emerging.conf deactivated after updating via Oinkmaster&cron Jun Wan (Nov 29)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day Jun Wan (Dec 31)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 20)
Re: Barnyard2 and multiple sensors Jun Wan (Oct 27)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 25)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 02)
(no subject) Jun Wan (Nov 29)
issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Nov 30)
too many Alerts (129:12:0)---more than 7000 alerts /per day Jun Wan (Dec 29)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 19)
ET rules in emerging.conf deactivated after updating via Oinkmaster&cron Jun Wan (Nov 29)
pulledpork setup guide Jun Wan (Oct 24)
Re: [Emerging-Sigs] (no subject) Jun Wan (Nov 30)
Re: [Emerging-Sigs] Snort 2.9 compatibility with ET rules? Jun Wan (Oct 29)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 03)

Kelvie Wong

[RFC Feature PATCH]: 'drop' option for tagged packets. Kelvie Wong (Oct 25)
Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Nov 02)
[PATCHES] Fixes for daq_nfq Kelvie Wong (Oct 25)

Kevin Ross

Re: Linux recommendations Kevin Ross (Dec 07)
Re: Distributed Snort possibility? Kevin Ross (Dec 11)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Kevin Ross (Dec 17)
Re: More packet drops Kevin Ross (Dec 17)
Re: Readers of the VRT blog Kevin Ross (Dec 07)

Korodev

Re: Multiple Snort Instances - One Interface Korodev (Nov 10)

Kum Weng Luey

ERROR! daq_static library not found Kum Weng Luey (Dec 07)

Kungu Panda

Re: Tagged packets alerts Kungu Panda (Dec 14)
Tagged packets alerts Kungu Panda (Dec 14)
max flowbits fatal errors Kungu Panda (Oct 07)
Re: max flowbits fatal errors Kungu Panda (Oct 07)
gen-msg.map missing entries for ssl preprocessor? Kungu Panda (Dec 23)

L0rd Ch0de1m0rt

Re: [Emerging-Sigs] Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. L0rd Ch0de1m0rt (Nov 29)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
Using detection_filter instead of threshold L0rd Ch0de1m0rt (Oct 27)
Re: !!Rolling back Snort rule files!! L0rd Ch0de1m0rt (Oct 29)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
Question about the 'tag' keyword L0rd Ch0de1m0rt (Dec 04)
Re: HTTP Inspect and packet reassembly L0rd Ch0de1m0rt (Oct 29)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 04)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 03)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 01)
HTTP Inspect and packet reassembly L0rd Ch0de1m0rt (Oct 28)
Re: I need some opinions L0rd Ch0de1m0rt (Dec 06)
Re: [Spam] Re: Possible FP 17363 L0rd Ch0de1m0rt (Oct 26)
Re: 17494 Falsing on non IE6 systems L0rd Ch0de1m0rt (Oct 27)
Re: Using detection_filter instead of threshold L0rd Ch0de1m0rt (Oct 27)
Re: !!Rolling back Snort rule files!! L0rd Ch0de1m0rt (Oct 29)
Re: [Snort-users] 2.9.0.1 performance issue L0rd Ch0de1m0rt (Nov 18)
Re: Possible FP 12280? L0rd Ch0de1m0rt (Oct 22)
Re: I need some opinions L0rd Ch0de1m0rt (Dec 06)
Compiling snort without DAQ L0rd Ch0de1m0rt (Nov 03)
Re: [Emerging-Sigs] Multiple rule issues after upgrade L0rd Ch0de1m0rt (Dec 29)
Attack from .jp IPs L0rd Ch0de1m0rt (Dec 07)

Lai, Raymond

Unsubscribe Lai, Raymond (Oct 30)

Lawrence R. Hughes, Sr.

snort stream5 small_segments x bytes x Lawrence R. Hughes, Sr. (Dec 16)
Re: snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)
snort SID 119-15 Lawrence R. Hughes, Sr. (Dec 16)
snort rule 128-6 reporting but no description at VRT Lawrence R. Hughes, Sr. (Dec 14)
snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)
snort Port Based Pattern Matching Memory Lawrence R. Hughes, Sr. (Dec 14)
snort memory resident Lawrence R. Hughes, Sr. (Dec 14)
snort prune open sessions Lawrence R. Hughes, Sr. (Dec 21)
Re: snort Port Based Pattern Matching Memory Lawrence R. Hughes, Sr. (Dec 14)
dropped packets in Perfmonitor Lawrence R. Hughes, Sr. (Dec 01)
snort 2.8.6.1 frag3 policy linux Lawrence R. Hughes, Sr. (Dec 01)

Lay, James

Proxy question Lay, James (Nov 09)
Re: Updating sid-msg.map Lay, James (Nov 17)
Oddness with 16295 Lay, James (Nov 10)
Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
Duplicate downloaded rules Lay, James (Oct 19)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Dropped packets again Lay, James (Nov 26)
Re: 17494 Falsing on non IE6 systems Lay, James (Oct 27)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
FP 17246 Lay, James (Oct 14)
Possible 17154 FP? Lay, James (Oct 22)
Re: [Spam] Re: Excessive Read Requests Lay, James (Nov 02)
Re: Possible FP 17363 Lay, James (Oct 26)
Reporting/stats from logs Lay, James (Oct 19)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
Re: Duplicate downloaded rules Lay, James (Oct 19)
Possible FP 17363 Lay, James (Oct 25)
Confusion on Protocol Mismatch Lay, James (Dec 10)
FP 12634 Lay, James (Oct 12)
Duplicate sids (again) Lay, James (Dec 29)
FP 13628 Lay, James (Nov 08)
FATALs with snort-2.9.0.3 Lay, James (Dec 21)
Re: Duplicate downloaded rules Lay, James (Oct 19)
FP 17154 Lay, James (Oct 20)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Excessive Read Requests Lay, James (Nov 01)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: [Emerging-Sigs] Multiple rule issues after upgrade Lay, James (Dec 29)
Possible FP 12280? Lay, James (Oct 22)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: Excessive Read Requests Lay, James (Nov 01)
Possible 16295 FP Lay, James (Oct 25)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Stream5 confusion Lay, James (Dec 28)
Re: How do I filter either Kiwi Syslog or Snort to stop this recurring Auth_Alert? Lay, James (Dec 10)
Re: Duplicate downloaded rules Lay, James (Oct 20)
Snort not logging all alerts in pcap (was Oddness with 16295) Lay, James (Nov 11)
Multiple rule issues after upgrade Lay, James (Dec 29)
Re: Oddness with 16295 Lay, James (Nov 11)
Re: Stream5 confusion Lay, James (Dec 28)
Re: Snort with two instances Lay, James (Dec 22)
More packet drops Lay, James (Dec 15)
Re: FP 17246 Lay, James (Oct 14)
Re: Confusion on Protocol Mismatch Lay, James (Dec 10)

Leon Ward

Re: dropped packets in Perfmonitor Leon Ward (Dec 03)
Re: Snort 2.9.0.3 Now Available Leon Ward (Dec 27)

ll

about the sfportscan ll (Dec 06)

Luis

Fwd: daq/snort 2.9.0 on Solaris sparc ? Luis (Oct 06)
Fwd: daq/snort 2.9.0 on Solaris sparc ? Luis (Oct 06)
daq/snort 2.9.0 on Solaris sparc ? Luis (Oct 06)

Luis Daniel Lucio Quiroz

Re: Snort 2.9.0 Now Available Luis Daniel Lucio Quiroz (Oct 11)

Marcos Rodriguez

Re: Just Analyzing tcpdump files according to defined rules. Marcos Rodriguez (Oct 07)
Re: Snort 2.9.0 Now Available Marcos Rodriguez (Oct 04)

Martin Holste

Re: [Emerging-Sigs] New Proposed Classification.config file setup Martin Holste (Dec 28)
Re: [Emerging-Sigs] which SQL injection detection rule is best when considering performance, false-positive, real attack Martin Holste (Dec 07)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Martin Holste (Dec 26)
Re: [Emerging-Sigs] [Snort-devel] New Proposed Classification.config file setup Martin Holste (Dec 27)

Martin Roecker

Re: (snort_decoder) WARNING: IP dgm len > captured len! Martin Roecker (Oct 12)
(snort_decoder) WARNING: IP dgm len > captured len! Martin Roecker (Oct 12)

Martin Roesch

Re: Attack from .jp IPs Martin Roesch (Dec 07)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Martin Roesch (Dec 27)
Re: Is Snort susceptible to AET's? Martin Roesch (Oct 20)
Re: New Proposed Classification.config file setup Martin Roesch (Dec 23)

matan monitz

Re: HTTP Inspect and packet reassembly matan monitz (Oct 28)
Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
possible fp on 17297 matan monitz (Nov 16)
Re: possible fp on 17297 matan monitz (Nov 18)

Matthew Jonkman

Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 22)
Re: Are commas allowed in signature descriptions? Matthew Jonkman (Dec 17)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] Duplicate sids (again) Matthew Jonkman (Dec 29)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Matthew Jonkman (Nov 03)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Matthew Jonkman (Nov 03)
Re: Using detection_filter instead of threshold Matthew Jonkman (Oct 27)
Re: [Emerging-Sigs] New Classification System Proposal Matthew Jonkman (Dec 23)
Re: Best practices for very high volume install.. Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] Multiple rule issues after upgrade Matthew Jonkman (Dec 29)
Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Matthew Jonkman (Dec 23)

Matt Lenco

Re: Zero Kiwi Log Output But SSL Preprocessor Finds 84 Server Application Alerts Matt Lenco (Dec 13)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Error: Can't Initialize DAQ pcap (-1) bad dump file format Matt Lenco (Dec 20)
How do I filter either Kiwi Syslog or Snort to stop this recurring Auth_Alert? Matt Lenco (Dec 10)
Binary File Processed Nicely but Alerts Not Showing Up in Kiwi Matt Lenco (Dec 10)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
HTTP Headers Not Seen in SNORT Post-Processing Logs Though HTTP 443 is Exploited Matt Lenco (Dec 23)
How do I automate reading multiple captures? Matt Lenco (Dec 15)
Zero Kiwi Log Output But SSL Preprocessor Finds 84 Server Application Alerts Matt Lenco (Dec 13)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Analyzing SNORT output and Alerts in Kiwi Syslog Matt Lenco (Dec 22)
-pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)

Matt Olney

Re: Snort 2.8.6 performance Matt Olney (Oct 08)
Re: [Snort-users] 2.9.0.1 performance issue Matt Olney (Nov 18)
Re: Attack from .jp IPs Matt Olney (Dec 07)
Re: HTTP Inspect and packet reassembly Matt Olney (Oct 28)
Re: HTTP Inspect and packet reassembly Matt Olney (Oct 29)

Matt Watchinski

Re: Snort populates Mysql a lot Matt Watchinski (Dec 23)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day Matt Watchinski (Dec 30)
Re: gen-msg.map missing entries for ssl preprocessor? Matt Watchinski (Dec 23)

McGee.Tami

Unsubscribe Tami.McGee () ftb ca gov McGee.Tami (Dec 29)

Michael Altizer

Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 22)
Re: afpacket DAQ - large "Outstanding" number/percent Michael Altizer (Oct 14)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
Re: snort-2.9.0 and libpcap Michael Altizer (Oct 21)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
Re: afpacket DAQ - large "Outstanding" number/percent Michael Altizer (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
Re: Snort 2.9.0 Now Available Michael Altizer (Oct 08)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 18)
[PATCH] Add TX_RING support to AFPacket DAQ module Michael Altizer (Nov 02)
Re: snort-2.9.0 on RHEL5 Michael Altizer (Oct 07)

Michael Green

Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Michael Green (Oct 04)

Michael Lubinski

unclassified alerts Michael Lubinski (Dec 19)

Michael Steele

Re: Binary File Processed Nicely but Alerts Not Showing Up in Kiwi Michael Steele (Dec 10)

Miguel Alvarez

OT: What tap would you recommend? Miguel Alvarez (Nov 05)
Snort 2.9.0.0 segfaulting Miguel Alvarez (Oct 18)

Mike Cox

Re: [Emerging-Sigs] Attack from .jp IPs Mike Cox (Dec 07)

Mike Guiterman

RSVP for a Snort Community Pig Roast - November 12, 2010 Mike Guiterman (Oct 26)
Re: RSVP for a Snort Community Pig Roast - November 12, 2010 Mike Guiterman (Oct 26)

Mike Kun

Disablesid not working Mike Kun (Oct 14)
Rate limiting alerts Mike Kun (Dec 09)
Re: Snort and multiple logging Mike Kun (Oct 06)

Mike Lococo

Re: Barnyard2 and multiple sensors Mike Lococo (Oct 21)
Re: Readers of the VRT blog Mike Lococo (Dec 07)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Mike Lococo (Nov 08)
Re: Snort 2.9.0.1 Now Available Mike Lococo (Nov 02)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Mike Lococo (Oct 05)
Re: Barnyard2 and multiple sensors Mike Lococo (Oct 31)
Re: Snort 2.9.0.1 Now Available Mike Lococo (Nov 01)
DAQ and libpcap 1.1.1 vs 1.0.0 Mike Lococo (Nov 05)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Mike Lococo (Oct 20)
Re: Snort with two instances Mike Lococo (Dec 24)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Mike Lococo (Oct 04)
Re: Snort 2.9.0.1 Now Available Mike Lococo (Nov 02)

Miso Patel

Re: [Emerging-Sigs] Attack from .jp IPs Miso Patel (Dec 07)
Re: !!Rolling back Snort rule files!! Miso Patel (Oct 29)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Miso Patel (Nov 03)
!!Rolling back Snort rule files!! Miso Patel (Oct 29)

NA

Re: No bridging support with Daq? NA (Dec 16)
Re: No bridging support with Daq? NA (Dec 16)
No bridging support with Daq? NA (Dec 16)

Nerijus Krukauskas

Re: Holy Crap Nerijus Krukauskas (Oct 14)
Re: daq_static error on snort build Nerijus Krukauskas (Oct 07)
Re: Just Analyzing tcpdump files according to defined rules. Nerijus Krukauskas (Oct 06)

Nick Moore

Re: How o views snort log from mysql Nick Moore (Oct 30)
Re: Snort and multiple logging Nick Moore (Oct 06)
Re: Snort 2.9 + Debian Nick Moore (Dec 16)

Nigel Houghton

Re: [Snort-sigs] snort website contact (was: Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder) Nigel Houghton (Oct 05)
Re: Ddos? Nigel Houghton (Nov 05)
Re: New Sig Doc is one giant file? Nigel Houghton (Dec 07)
EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 04)
Re: [Snort-users] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 04)
Re: False Positives on 1:17246 Nigel Houghton (Oct 14)
Re: New Sig Doc is one giant file? Nigel Houghton (Dec 06)
Re: rules update schedule (was: Re: so_rule problem) Nigel Houghton (Oct 01)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 04)
Changes in the latest rule packs Nigel Houghton (Dec 03)
Re: Updating sid-msg.map Nigel Houghton (Nov 16)
Re: FP 17246 Nigel Houghton (Oct 14)
Re: so_rule problem Nigel Houghton (Oct 01)
Re: FP 17246 Nigel Houghton (Oct 14)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 04)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 Nigel Houghton (Nov 03)
Re: FP 13628 Nigel Houghton (Nov 09)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more Nigel Houghton (Oct 05)
Re: FP 17246 Nigel Houghton (Oct 14)
Re: so_rule problem Nigel Houghton (Oct 01)
Re: snort SID 119-15 Nigel Houghton (Dec 16)
Readers of the VRT blog Nigel Houghton (Dec 03)

Olivier Bilodeau

Snort 2.9.0 packages for RHEL? Olivier Bilodeau (Oct 18)

Patrick Mullen

Re: [PATCH] so_rules/src/Makefile Patrick Mullen (Oct 07)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-18 Patrick Mullen (Nov 18)

Paul Halliday

Are commas allowed in signature descriptions? Paul Halliday (Dec 08)
Re: Any BASE honchos here? Paul Halliday (Nov 10)
Re: OT: What tap would you recommend? Paul Halliday (Nov 26)
Re: [Emerging-Sigs] New Classification System Proposal Paul Halliday (Dec 23)
SQueRT 0.7b Released. Paul Halliday (Dec 24)
SQueRT 0.6 Released. Paul Halliday (Oct 15)

Pedro Marinho

Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)
Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)
lots or rules loaded and snort performance Pedro Marinho (Nov 05)

Pradeep Lamabam

payload logging, barnyard2 Pradeep Lamabam (Oct 29)
unified2 processing Pradeep Lamabam (Nov 26)

Ralf Spenneberg

Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Ralf Spenneberg (Oct 21)
Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 19)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 20)

Randal T. Rioux

Re: I'm tired from snort!! Randal T. Rioux (Oct 26)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 11)
Re: afpacket DAQ - large "Outstanding" number/percent Randal T. Rioux (Oct 13)
Re: Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. Randal T. Rioux (Nov 29)
Holy Crap Randal T. Rioux (Oct 14)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Randal T. Rioux (Oct 04)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 [solved] Randal T. Rioux (Oct 13)
OpenBSD 4.7 / Snort 2.9 -- libsf_engine.so missing Randal T. Rioux (Oct 15)
Re: Snort 2.9.0.2 to be released Randal T. Rioux (Dec 04)
Re: Unsubscribe Tami.McGee () ftb ca gov Randal T. Rioux (Dec 29)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 04)
Re: Linux recommendations Randal T. Rioux (Nov 09)
Re: OT: What tap would you recommend? Randal T. Rioux (Nov 26)
AIX Snort / libdnet Update Randal T. Rioux (Dec 25)
Re: Snort 2.9.0.1 Now Available Randal T. Rioux (Nov 03)
Re: Unsubscribe Tami.McGee () ftb ca gov Randal T. Rioux (Dec 29)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 Randal T. Rioux (Oct 10)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 11)
Re: [Emerging-Sigs] New Classification System Proposal Randal T. Rioux (Dec 23)
Re: RSVP for a Snort Community Pig Roast - November 12, 2010 Randal T. Rioux (Oct 26)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Randal T. Rioux (Dec 19)
Re: Snort 2.9.0.2 to be released Randal T. Rioux (Nov 30)
DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 Randal T. Rioux (Oct 10)

Ray Caparros

Re: How o views snort log from mysql Ray Caparros (Oct 30)
Re: How o views snort log from mysql Ray Caparros (Oct 30)
Re: OT: What tap would you recommend? Ray Caparros (Nov 05)

Research

Sourcefire VRT Certified Snort Rules Update 2010-10-26 Research (Oct 26)
Sourcefire VRT Certified Snort Rules Update 2010-11-18 Research (Nov 18)
Sourcefire VRT Certified Snort Rules Update 2010-11-04 Research (Nov 04)
Sourcefire VRT Certified Snort Rules Update 2010-11-23 Research (Nov 26)
Sourcefire VRT Certified Snort Rules Update 2010-12-14 Research (Dec 14)
Sourcefire VRT Certified Snort Rules Update 2010-10-12 Research (Oct 12)
Sourcefire VRT Certified Snort Rules Update 2010-12-09 Research (Dec 09)
Sourcefire VRT Certified Snort Rules Update 2010-11-02 Research (Nov 02)
Sourcefire VRT Certified Snort Rules Update 2010-10-05 Research (Oct 05)
Sourcefire VRT Certified Snort Rules Update 2010-10-28 Research (Oct 28)
Sourcefire VRT Certified Snort Rules Update 2010-12-20 Research (Dec 20)
Sourcefire VRT Certified Snort Rules Update 2010-11-09 Research (Nov 09)
Sourcefire VRT Certified Snort Rules Update 2010-12-02 Research (Dec 02)
Sourcefire VRT Certified Snort Rules Update 2010-12-22 Research (Dec 22)
Sourcefire VRT Certified Snort Rules Update 2010-11-02 Research (Nov 02)
Sourcefire VRT Certified Snort Rules Update 2010-11-18 Research (Nov 18)

Richard Bejtlich

Re: Readers of the VRT blog Richard Bejtlich (Dec 03)
Re: Snort recommendations Richard Bejtlich (Nov 07)
Re: Any BASE honchos here? Richard Bejtlich (Nov 10)

Richard Tyrrell

Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Oct 28)
Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Dec 14)

Rich Graves

Re: Snort 2.9, RHEL 5 and afpacket DAQ Rich Graves (Oct 20)
Re: Snort 2.9.0.1 Now Available Rich Graves (Nov 01)
Re: SMTP content-type overflow rule question Rich Graves (Dec 03)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Rich Graves (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Rich Graves (Oct 21)
Snort 2.9, barnyard2, and unknown record types Rich Graves (Nov 02)

rmkml

Re: FP on 17468 rmkml (Nov 03)
Re: possible fp on 17297 rmkml (Nov 16)
Re: Possible 16295 FP rmkml (Oct 25)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems rmkml (Nov 05)
Re: FP 17363 rmkml (Oct 29)
Re: Snort not logging all alerts in pcap (was Oddness with 16295) rmkml (Nov 13)
Re: Oddness with 16295 rmkml (Nov 10)
Re: FP 17246 rmkml (Oct 14)
Re: FP on 17468 rmkml (Nov 04)
Re: FP 13628 rmkml (Nov 08)
Re: Dropped packets again rmkml (Nov 26)
Re: Suggested pcre addition to 1:6251 rmkml (Nov 26)
Re: Possible FP 17363 rmkml (Oct 25)

Rob MacGregor

Re: Unsubscribe Tami.McGee () ftb ca gov Rob MacGregor (Dec 29)
Re: OT: What tap would you recommend? Rob MacGregor (Nov 05)

Ropetin Again

Re: OT: What tap would you recommend? Ropetin Again (Nov 05)

Ross Lawrie

Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Dec 06)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Dec 10)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)

Russ Combs

Re: Snort 2.9.0 Now Available Russ Combs (Oct 04)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Russ Combs (Nov 08)
Re: Libpcap shipped with RHEL6 GA Russ Combs (Nov 15)
Re: [PATCH 1/1] daq_nfq: fix cfg->timeout usage and remove extra select call Russ Combs (Dec 17)
Re: daq/snort 2.9.0 on Solaris sparc ? Russ Combs (Oct 06)
Re: symbol error with 2.9.1 Russ Combs (Nov 26)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 05)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 08)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 06)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Russ Combs (Nov 08)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: snort 2.9.0.2 packages for RHEL5.x Russ Combs (Dec 03)
Re: Snort 2.9.0 ipvar unknown rule type Russ Combs (Oct 19)
Re: [Snort-users] 2.9.0.1 performance issue Russ Combs (Nov 18)
Re: Installation problem Russ Combs (Oct 27)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Russ Combs (Nov 08)
Re: Excessive Read Requests Russ Combs (Nov 01)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Russ Combs (Oct 18)
Re: Snort 2.9.0.0 segfaulting Russ Combs (Oct 18)
Re: Snort 2.9.0 ipvar unknown rule type Russ Combs (Oct 19)
Re: compiling daq in old custom environment... Russ Combs (Oct 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 06)
Re: IPv6 Teredo tunneling crashing snort? Russ Combs (Dec 13)
Re: max flowbits fatal errors Russ Combs (Oct 14)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 03)
Re: Snort 2.9.0 ipvar unknown rule type Russ Combs (Nov 03)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Nov 02)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Russ Combs (Dec 17)
Re: snort-2.9.0 missing --enable-inline Russ Combs (Oct 06)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 [solved] Russ Combs (Oct 14)
Re: No bridging support with Daq? Russ Combs (Dec 16)
Re: capturing on the wrong nic Russ Combs (Oct 19)
Re: problem with Flexresp3 Russ Combs (Oct 07)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 05)
Re: flexresp3: Reset with TTL of 0 Russ Combs (Oct 26)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 04)
Re: Compiling snort without DAQ Russ Combs (Nov 03)
Re: Snort 2.9 + Debian Russ Combs (Dec 16)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
Re: snort-2.9.0 prereqs Russ Combs (Oct 14)
Re: No bridging support with Daq? Russ Combs (Dec 16)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Russ Combs (Nov 03)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 09)
Re: Snort 2.9.0.2 to be released Russ Combs (Dec 06)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 08)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 Russ Combs (Oct 10)
Re: symbol error with 2.9.1 Russ Combs (Nov 26)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 10)
Re: No bridging support with Daq? Russ Combs (Dec 16)
Re: max flowbits fatal errors Russ Combs (Oct 07)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Dec 09)
Re: 2.9.0.1 performance issue Russ Combs (Nov 18)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Russ Combs (Dec 17)
Re: Snort 2.9.0 DAQ with MMAP pcap? Russ Combs (Oct 08)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Russ Combs (Nov 03)
Re: snort-2.9.0 missing --enable-inline Russ Combs (Oct 06)
Re: PATCH: more compact ac-bnfa trans list Russ Combs (Oct 27)
Re: OpenBSD 4.7 / Snort 2.9 -- libsf_engine.so missing Russ Combs (Oct 15)
Re: daq_static error on snort build Russ Combs (Oct 07)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Russ Combs (Oct 20)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Oct 25)
Re: Error in encode.c in Snort 2.9.0 on Ubuntu 10.04.1 LST Russ Combs (Oct 25)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 Russ Combs (Nov 04)
Re: snort-2.9.0 missing --enable-inline Russ Combs (Oct 06)
Re: Building a host attribute table? Russ Combs (Oct 14)
Re: Snort 2.9.0.0 segfaulting [SEC=UNCLASSIFIED] Russ Combs (Oct 25)
Re: Excessive Read Requests Russ Combs (Nov 01)
Re: Snort has different IPs than Wireshark Russ Combs (Nov 30)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 09)
Re: upgrade question Russ Combs (Oct 25)
Re: Using SNORT inline Russ Combs (Nov 02)
Re: (snort_decoder) WARNING: IP dgm len > captured len! Russ Combs (Nov 03)

Russell Fulton

Re: Barnyard2 and multiple sensors Russell Fulton (Oct 28)
Re: Barnyard2 and multiple sensors Russell Fulton (Oct 20)
barnyard2 and bpf filters Russell Fulton (Nov 02)
Re: Barnyard2 and multiple sensors Russell Fulton (Oct 21)
Barnyard2 and multiple sensors Russell Fulton (Oct 20)
Re: Readers of the VRT blog Russell Fulton (Dec 06)

Ryan Jordan

Re: Minor corrections to the 2.9.0.2 manual Ryan Jordan (Dec 16)
Re: No bridging support with Daq? Ryan Jordan (Dec 17)
Re: Confusion on Protocol Mismatch Ryan Jordan (Dec 10)
Re: Issues with the Snort Manual (Patch) Ryan Jordan (Dec 08)
Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)
Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)
Re: snort rule 128-6 reporting but no description at VRT Ryan Jordan (Dec 14)
Re: IPv6 Teredo tunneling crashing snort? Ryan Jordan (Dec 13)
Re: No bridging support with Daq? Ryan Jordan (Dec 17)
Re: Snort 2.9.0 packages for RHEL? Ryan Jordan (Oct 18)

Salahudin Wan Khairuzzaman

Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 01)
Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 08)
Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 01)
Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 08)

Sandro guly Zaccarini

Re: Readers of the VRT blog Sandro guly Zaccarini (Dec 06)
Re: snort SID 119-15 Sandro guly Zaccarini (Dec 16)
Re: [Emerging-Sigs] Attack from .jp IPs Sandro guly Zaccarini (Dec 07)

ScottO

Re: Fine tuning Snort ScottO (Oct 08)
Re: payload logging, barnyard2 ScottO (Oct 29)

Seth Hall

Re: Snort 2.9, barnyard2, and unknown record types Seth Hall (Nov 03)

Snort Releases

Snort 2.9.0.3 Now Available Snort Releases (Dec 20)
Snort 2.9.0.1 Now Available Snort Releases (Nov 01)
Snort 2.9.0 Now Available Snort Releases (Oct 04)
Snort 2.9.0.2 Now Available Snort Releases (Dec 01)
Snort 2.9.0 Now Available Snort Releases (Oct 04)
Snort 2.9.0.2 Now Available Snort Releases (Dec 01)
Snort 2.9.0.1 Now Available Snort Releases (Nov 01)
Snort 2.9.0.3 Now Available Snort Releases (Dec 20)

snort user

orig_tcph in Packet structure snort user (Nov 19)

Stephan

Patch to running Snort on Solaris 10 SPARC Stephan (Dec 29)

Steve McChortle

Disabling GID3 rules Steve McChortle (Nov 03)
Re: [Emerging-Sigs] Attack from .jp IPs Steve McChortle (Dec 07)

Steven Sturges

Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 02)
Re: daq/snort 2.9.0 on Solaris sparc ? Steven Sturges (Oct 06)
Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 08)
Re: Anyones doomsday machine running low on IDS analyst tears? Steven Sturges (Oct 06)
Re: orig_tcph in Packet structure Steven Sturges (Nov 19)
Re: Ip_proto's 'lsrre' parameter Steven Sturges (Oct 21)
Re: Ip_proto's 'lsrre' parameter Steven Sturges (Oct 25)

Sujit Ghosal

Re: Issue while detecting patterns in a simple HTTP Page [Web client based] Sujit Ghosal (Nov 22)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 13)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 14)
Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 04)
Issue while detecting patterns in a simple HTTP Page [Web client based] Sujit Ghosal (Nov 22)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 13)

Terry Burton

[PATCH] so_rules/src/Makefile Terry Burton (Oct 05)

tgiles

daq_static error on snort build tgiles (Oct 07)
Re: daq_static error on snort build tgiles (Oct 07)

Tica

problem with Flexresp3 Tica (Oct 06)

Tomas Heredia

Re: pcre high cpu usage Tomas Heredia (Oct 19)
pcre high cpu usage Tomas Heredia (Oct 18)
PCRE Offloading Tomas Heredia (Oct 19)
Re: Rule 17494 Tomas Heredia (Oct 01)
Re: pcre high cpu usage Tomas Heredia (Oct 18)
Re: pcre high cpu usage Tomas Heredia (Oct 19)
Re: pcre high cpu usage Tomas Heredia (Oct 19)

Tom Le

Re: [Emerging-Sigs] Attack from .jp IPs Tom Le (Dec 07)

turki

Distributed Snort possibility? turki (Dec 11)

Ufi

IPv6 Teredo tunneling crashing snort? Ufi (Dec 13)
Re: IPv6 Teredo tunneling crashing snort? Ufi (Dec 13)

Victor Julien

Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Victor Julien (Dec 23)

vincent

Re: Snort libmysql error vincent (Dec 15)
Re: Snort 2.9.0.3 Now Available vincent (Dec 28)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 06)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 08)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 08)
Re: snort 2.9.0.1 packages for RHEL5.x vincent (Nov 04)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 08)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 04)
Re: Snort libmysql error vincent (Dec 15)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 09)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 08)
Re: Snort 2.9.0.3 Now Available vincent (Dec 27)
Re: Snort 2.9.0.3 Now Available vincent (Dec 29)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 09)
snort 2.9.0.1 packages for RHEL5.x vincent (Nov 04)
Re: Libpcap shipped with RHEL6 GA vincent (Nov 13)
Re: Snort 2.9.0.3 Now Available vincent (Dec 21)
snort 2.9.0.2 packages for RHEL5.x vincent (Dec 03)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
Re: Snort 2.9.0.3 Now Available vincent (Dec 26)

vishesh kumar

Re: Installation problem vishesh kumar (Oct 29)
Re: Installation problem vishesh kumar (Oct 26)
Re: Installation problem vishesh kumar (Oct 27)
How o views snort log from mysql vishesh kumar (Oct 30)
Installation problem vishesh kumar (Oct 26)
Re: How o views snort log from mysql vishesh kumar (Oct 30)
Re: Installation problem vishesh kumar (Oct 27)

waldo kitty

Re: [Snort-sigs] snort website contact waldo kitty (Oct 05)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
FP 17363 waldo kitty (Oct 28)
Re: Updating sid-msg.map waldo kitty (Nov 16)
Re: compiling daq in old custom environment... waldo kitty (Oct 05)
Re: Just Analyzing tcpdump files according to defined rules. waldo kitty (Oct 07)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more waldo kitty (Oct 05)
Re: !!Rolling back Snort rule files!! waldo kitty (Oct 29)
Re: compiling daq in old custom environment... waldo kitty (Oct 05)
Re: snort-2.9.0 on RHEL5 waldo kitty (Oct 07)
Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 30)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
FP 3:16663 waldo kitty (Oct 14)
Re: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder waldo kitty (Oct 04)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
Re: compiling daq in old custom environment... waldo kitty (Oct 05)
Re: Issue while detecting patterns in a simple HTTP Page [Web client based] waldo kitty (Nov 22)
Re: Updating sid-msg.map waldo kitty (Nov 17)
Re: [Snort-users] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder waldo kitty (Oct 04)
Re: Snort 2.9.0 ipvar unknown rule type waldo kitty (Oct 19)
Re: about the sfportscan waldo kitty (Dec 07)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available waldo kitty (Nov 03)
Re: Just Analyzing tcpdump files according to defined rules. waldo kitty (Oct 07)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 29)
Re: Fine tuning Snort waldo kitty (Oct 08)
snort website contact (was: Re: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder) waldo kitty (Oct 05)
Re: Rule 17494 waldo kitty (Oct 01)
congratulations to snort! for getting the sourceforge.net project of the month! waldo kitty (Dec 16)
Re: so_rule problem waldo kitty (Oct 01)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder waldo kitty (Oct 04)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: Snort 2.9.0.3 Now Available waldo kitty (Dec 26)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available waldo kitty (Nov 03)
Re: Fine tuning Snort waldo kitty (Oct 07)
Re: Rule 17494 waldo kitty (Oct 01)
Re: Snort 2.8.6 performance waldo kitty (Oct 08)
Re: FP 17363 waldo kitty (Oct 29)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: I need some opinions waldo kitty (Dec 06)
Re: !!Rolling back Snort rule files!! waldo kitty (Oct 29)
Re: Disabling Snort signatures with Oinkmster waldo kitty (Dec 30)
rules update schedule (was: Re: so_rule problem) waldo kitty (Oct 01)
compiling daq in old custom environment... waldo kitty (Oct 05)
Re: Updating sid-msg.map waldo kitty (Nov 17)
Re: Snort 2.9.0.3 Now Available waldo kitty (Dec 27)
PSNG_ICMP_PORTSWEEP waldo kitty (Oct 08)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available waldo kitty (Nov 03)
Re: 1:17239 False Positive waldo kitty (Oct 12)
Re: Fine tuning Snort waldo kitty (Oct 07)
Re: Are commas allowed in signature descriptions? waldo kitty (Dec 08)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 waldo kitty (Nov 03)
Re: Linux recommendations waldo kitty (Nov 09)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more waldo kitty (Oct 05)

Weir, Jason

FP on 5803 Weir, Jason (Oct 14)
Re: Possible FP 17363 Weir, Jason (Oct 26)
Any plans to update 11951? Weir, Jason (Oct 13)
Re: FP on 17468 Weir, Jason (Nov 04)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: Duplicate downloaded rules Weir, Jason (Oct 19)
Re: !!Rolling back Snort rule files!! Weir, Jason (Oct 29)
Re: Possible FP 17363 Weir, Jason (Oct 26)
Re: Oinkmaster downloads intermittently failing Weir, Jason (Nov 26)
Oinkmaster downloads intermittently failing Weir, Jason (Nov 26)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: Duplicate downloaded rules Weir, Jason (Oct 19)
Re: URL to download VRT rules Weir, Jason (Oct 29)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: Best practices for very high volume install.. Weir, Jason (Dec 21)
Re: FP 17246 Weir, Jason (Oct 14)
17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: Linux recommendations Weir, Jason (Nov 09)
FP on 17468 Weir, Jason (Nov 03)
Re: FP 12634 Weir, Jason (Oct 13)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Nov 01)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: Ddos? Weir, Jason (Nov 05)
Re: [Spam] Re: Possible FP 17363 Weir, Jason (Oct 26)
Re: Disabling Snort signatures with Oinkmster Weir, Jason (Dec 29)
Re: Duplicate downloaded rules Weir, Jason (Oct 19)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: Will this work - negated hosts? Weir, Jason (Oct 26)
Ddos? Weir, Jason (Nov 05)
Re: FP 17246 Weir, Jason (Oct 14)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: Oinkmaster downloads intermittently failing Weir, Jason (Nov 26)
Re: FP 17246 Weir, Jason (Oct 14)
Re: FP 17246 Weir, Jason (Oct 14)
Re: Will this work - negated hosts? Weir, Jason (Oct 26)
Download issues? Weir, Jason (Oct 15)
Re: !!Rolling back Snort rule files!! Weir, Jason (Oct 29)
Re: FP 12634 Weir, Jason (Oct 12)
Re: SID Identification Weir, Jason (Oct 19)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Will this work - negated hosts? Weir, Jason (Oct 26)
Re: [Emerging-Sigs] Duplicate sids (again) Weir, Jason (Dec 29)
Re: FP 17246 Weir, Jason (Oct 14)
Re: Confusion on Protocol Mismatch Weir, Jason (Dec 10)

Will Metcalf

Re: Multiple Snort Instances - One Interface Will Metcalf (Nov 01)
Bug with file_data pointer being set in 2.9.0? Will Metcalf (Oct 21)
Re: Bug with file_data pointer being set in 2.9.0? Will Metcalf (Oct 27)
Re: Snort Inline As an IPS Will Metcalf (Oct 01)
Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
GPL sid 2472 optimization. Will Metcalf (Oct 11)
Re: Bug with file_data pointer being set in 2.9.0? Will Metcalf (Oct 22)
Re: Anyones doomsday machine running low on IDS analyst tears? Will Metcalf (Oct 06)
Re: afpacket vs. NFQ Will Metcalf (Oct 12)
Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
Anyones doomsday machine running low on IDS analyst tears? Will Metcalf (Oct 06)
Re: ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) Will Metcalf (Oct 22)
Re: Snort Inline As an IPS Will Metcalf (Oct 01)
Re: Anyones doomsday machine running low on IDS analyst tears? Will Metcalf (Oct 07)
One of the 2483 unnamed Interocitor parts... Will Metcalf (Oct 14)

Wil Schultz

Best practices for very high volume install.. Wil Schultz (Dec 20)

Yun Zheng Hu

Re: HTTP Inspect and packet reassembly Yun Zheng Hu (Oct 28)
Re: HTTP Inspect and packet reassembly Yun Zheng Hu (Oct 29)
Snort IPv6 database schema Yun Zheng Hu (Nov 02)

Previous period

Next period