Snort: by date
657 messages
starting Oct 02 11 and
ending Dec 30 11
Date index |
Thread index |
Author index
Sunday, 02 October
Re: how to disable an so_rule JJ Cummings
Re: [Snort-Users] Re: Some questions about strem5 preprocessor Matt Watchinski
Monday, 03 October
Re: [Snort-Users] Re: Some questions about strem5 preprocessor carlopmart
Layer2resets functionality in snort 2.9 snort user
Re: Installing only so_rules with pulledpork JJC
Re: Installing only so_rules with pulledpork JJC
Avoid logging sensitive data James Lay
Re: Layer2resets functionality in snort 2.9 snort user
segfault in stream5 Brett Edgar
Re: segfault in stream5 snort user
Tuesday, 04 October
No packets are captured on Debian6 in mode 1 or 2 Nelo Belda
Re: Avoid logging sensitive data Adam Hogan
Re: No packets are captured on Debian6 in mode 1 or 2 Nelo Belda
Re: Avoid logging sensitive data James Lay
detect SSTP tunnel rmkml
Re: segfault in stream5 Brett Edgar
Re: segfault in stream5 Brett Edgar
Re: segfault in stream5 Joel Esler
Logging: alert vs drop with PulledPork using VRT & ET rules NA
Re: Logging: alert vs drop with PulledPork using VRT & ET rules JJ Cummings
How to check the trace file by using snort rule Qinwen Hu
Sourcefire VRT Certified Snort Rules Update 2011-10-04 Research
Re: How to check the trace file by using snort rule Kevin Ross
Fwd: segfault in Snort 2.9.1 on reload Dave Corsello
Re: segfault in stream5 snort user
Re: segfault in stream5 snort user
Wednesday, 05 October
Re: Logging: alert vs drop with PulledPork using VRT & ET rules NA
Re: segfault in stream5 Russ Combs
Re: Logging: alert vs drop with PulledPork using VRT & ET rules JJC
Rule 13573 question Lay, James
Lotsa 13974 Lay, James
Re: detect SSTP tunnel Joel Esler
Timestamp Format in alert_fast Mode Jason D. McCormick
Re: Timestamp Format in alert_fast Mode Russ Combs
Re: Timestamp Format in alert_fast Mode Jason D. McCormick
Re: Lotsa 13974 Alex Kirk
Re: Lotsa 13974 Lay, James
Re: Rule 13573 question Alex Kirk
Re: Lotsa 13974 Alex Kirk
BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Jefferson, Shawn
Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking NA
Re: detect SSTP tunnel rmkml
Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Jason Wallace
Re: BOTNET-CNC Dropper Win32.Cefyns.A outbound connection triggered by domain parking Joel Esler
Thursday, 06 October
Cannot access securixlive.com Marty Pikor
Re: [Snort-Users] Snort.org Blog: Snort 2.9.1 HTTP and SMTP logging features Jason
Re: [Snort-Users] Snort.org Blog: Snort 2.9.1 HTTP and SMTP logging features Jason
Re: Snort.org Blog: Snort 2.9.1 HTTP and SMTP logging features Jason Haar
Snort Wget Failure (can't resolve www.snort.org) Todd Booth
Re: Cannot access securixlive.com Paul Halliday
Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler
Re: Snort Wget Failure (can't resolve www.snort.org) Carney, Megan
Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler
Re: Snort Wget Failure (can't resolve www.snort.org) Negin Nickparsa
Re: Snort Wget Failure (can't resolve www.snort.org) Brandon Hall
snort 2.9.1 segfault and general protection error Salvador, Mario
Re: snort 2.9.1 segfault and general protection error carlopmart
snort 2.9.1 segfault and general protection error Salvador, Mario
Understanding byte_test Lay, James
Re: snort 2.9.1 segfault and general protection error Joel Esler
Sourcefire VRT Certified Snort Rules Update 2011-10-06 Research
Re: Understanding byte_test rmkml
Re: Snort Wget Failure (can't resolve > www.snort.org) Willst Mail
Re: Snort Wget Failure (can't resolve > www.snort.org) Joel Esler
Re: Snort Wget Failure (can't resolve > www.snort.org) JJ Cummings
Snort 2.9.1 Now Available Snort Releases
Snort 2.9.1.1 Now Available Snort Releases
Snort 2.9.1.1 Now Available Snort Releases
[BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Joshua.Kinard
Friday, 07 October
'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard
Snort 2.9.1.1 ERROR - SF_REPUTATION Edward Fjellskål
Re: Snort 2.9.1.1 ERROR - SF_REPUTATION Russ Combs
Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs
Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs
gen-msg.map duplicate entries Eric Olsen
Re: gen-msg.map duplicate entries Ryan Jordan
Re: Snort 2.9.1.1 ERROR - SF_REPUTATION Edward Fjellskål
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler
Compiling with --enable-sourcefire = ??? Eoin Miller
Wireshnork - A snort plugin for Wireshark - Volunteers needed Guillaume Arcas
Re: Compiling with --enable-sourcefire = ??? Joel Esler
Re: Compiling with --enable-sourcefire = ??? Russ Combs
Re: Wireshnork - A snort plugin for Wireshark - Volunteers needed Pablo
Re: Wireshnork - A snort plugin for Wireshark - Volunteers needed Guillaume Arcas
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard
Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Joshua.Kinard
Re: Problem with using 2 sensors Mike Boeckeler
Snort.conf issues Qinwen Hu
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard
Re: Problem with using 2 sensors James Lay
Saturday, 08 October
Re: Problem with using 2 sensors Kevin Ross
Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs
Re: Snort.conf issues Russ Combs
Re: Problem with using 2 sensors Mike Boeckeler
Re: Problem with using 2 sensors James Lay
Re: Problem with using 2 sensors Kevin Ross
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Steven Sturges
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joel Esler
Re: Problem with using 2 sensors Joel Esler
clarification between barnyard2 and snort MLP SCADA
Re: clarification between barnyard2 and snort Joel Esler
Monday, 10 October
PCRE Performance vincent
Re: PCRE Performance waldo kitty
Re: PCRE Performance Jamie Riden
Re: PCRE Performance vincent
Re: PCRE Performance Jason Wallace
Re: PCRE Performance vincent
A bunch of FP's with Skype? (ET rules) NA
Re: A bunch of FP's with Skype? (ET rules) Jeff Kell
Tuesday, 11 October
Sourcefire VRT Certified Snort Rules Update 2011-10-11 Research
noise on new http_inspect 120:8 John York
Re: [PATCH][RESEND]: Use uint8_t for protocol in some Stream5functions Russ Combs
Re: noise on new http_inspect 120:8 Joel Esler
Wednesday, 12 October
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Joshua.Kinard
Re: [Snort-Users] help me about snortsp 3.0.b3 Kevin Ross
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Jason Brvenik
Re: 'only_stream' (and other alternate decode buffers) do not write out data to the logs Jason Brvenik
Re: [Snort-Users] help me about snortsp 3.0.b3 Joel Esler
Is it dangerous to tweak http_inspect defaults Mike Lococo
Re: Is it dangerous to tweak http_inspect defaults Joel Esler
Re: Is it dangerous to tweak http_inspect defaults Mike Lococo
Re: Is it dangerous to tweak http_inspect defaults Joel Esler
Running snort 2.9.1.1 on a host with low memory carlopmart
Snort Rule Format Example motahareh dehghan chachkamy
Re: Snort Rule Format Example Joel Esler
Re: Snort Rule Format Example JJ Cummings
Re: Snort Rule Format Example Martin Holste
Thursday, 13 October
snort 2.9.1.1 Build 83 packages for RHEL5.x and RHEL6.x vincent
Re: Snort Rule Format Example Joel Esler
Faulting application snort.exe eltra1n
Snortreport remote command execution vuln Lay, James
Negated IP Ranges Brandon Phelps
Need to find running snort rule version ccie 6862
Re: Need to find running snort rule version Nigel Houghton
Re: Need to find running snort rule version James Lay
Odd Byte Tests in BLACKLIST DNS request for known malware domain rules Christopher Granger
Re: Odd Byte Tests in BLACKLIST DNS request for known malware domain rules Christopher Granger
Re: Odd Byte Tests in BLACKLIST DNS request for known malware domain rules Christopher Granger
Friday, 14 October
Bug - Segmentation fault with empty HOME_NET elof
EOL Policy Out of Date Mike Lococo
Re: A bunch of FP's with Skype? (ET rules) Matthew Jonkman
Re: EOL Policy Out of Date Joel Esler
Re: EOL Policy Out of Date Mike Lococo
Re: Negated IP Ranges Joel Esler
Re: Odd Byte Tests in BLACKLIST DNS request for known malware domain rules Christopher Granger
Saturday, 15 October
Re: Odd Byte Tests in BLACKLIST DNS request for known malware domain rules Joel Esler
Sunday, 16 October
Base not reporting "Portscan Traffic" Mike Boeckeler
Monday, 17 October
Potential Improvements related to PCRE library and usage. snort user
Re: Potential Improvements related to PCRE library and usage. Joel Esler
Tuesday, 18 October
Sourcefire VRT Certified Snort Rules Update 2011-10-18 Research
The VRT is looking for more good test environments. Joel Esler
afpacket with three interfaces carlopmart
High PatMatch eltra1n
Re: afpacket with three interfaces Michael Altizer
missing pcaps for alerts John Ives
Re: missing pcaps for alerts Joel Esler
Re: High PatMatch Joel Esler
Re: missing pcaps for alerts John Ives
Re: afpacket with three interfaces Jason Haar
Wednesday, 19 October
Re: High PatMatch rmkml
Re: afpacket with three interfaces carlopmart
Snort 2.9.1.1 sfportscan syntax changed? Cees
Weird double logging problem Peter Bates
Re: Weird double logging problem Jason Wallace
Re: Weird double logging problem Peter Bates
Re: missing pcaps for alerts Joel Esler
Re: Weird double logging problem Peter Bates
Re: Weird double logging problem Joel Esler
Re: Snort 2.9.1.1 sfportscan syntax changed? Joel Esler
[HITB-Announce] HITB Magazine Issue #7 HITB Magazine
Re: missing pcaps for alerts John Ives
Thursday, 20 October
Re: Snort 2.9.1.1 sfportscan syntax changed? Cees
Compact Snort Configuration Pratik Kumawat
Rules not hit on 2.9.1.1 sensor Peter Bates
Re: Rules not hit on 2.9.1.1 sensor Peter Bates
Re: Rules not hit on 2.9.1.1 sensor Martin Holste
Re: Rules not hit on 2.9.1.1 sensor Peter Bates
Re: Rules not hit on 2.9.1.1 sensor Martin Holste
Re: Rules not hit on 2.9.1.1 sensor Peter Bates
Re: Rules not hit on 2.9.1.1 sensor Joel Esler
Re: Compact Snort Configuration Joel Esler
Re: missing pcaps for alerts Eoin Miller
Re: missing pcaps for alerts Joel Esler
Re: [Snort-Users] HELP_SNORT Joel Esler
snortsam on 2.9.1? Jeff Kell
Re: Rules not hit on 2.9.1.1 sensor Martin Holste
Re: snortsam on 2.9.1? Luis Daniel Lucio Quiroz
Snort 2.9.1.2 Now Available Snort Releases
Re: Snort 2.9.1.2 Now Available Eoin Miller
Re: Snort 2.9.1.2 Now Available Ryan Jordan
Re: Snort 2.9.1.2 Now Available Ryan Jordan
Sourcefire VRT Certified Snort Rules Update 2011-10-20 Research
Re: Base not reporting "Portscan Traffic" Mike Boeckeler
Re: [Snort-Users] HELP_SNORT waldo kitty
Re: [Snort-Users] HELP_SNORT Joel Esler
Re: [Snort-Users] HELP_SNORT JJ Cummings
Re: [Snort-Users] HELP_SNORT Joel Esler
error compiling daq-0.5 naurin
Friday, 21 October
Re: Rules not hit on 2.9.1.1 sensor Peter Bates
SID 17458 matching EICAR rather than intended vuln. Jeff Jarmoc
Re: error compiling daq-0.5 Joel Esler
Re: SID 17458 matching EICAR rather than intended vuln. Joel Esler
file_data pointer Eoin Miller
Re: file_data pointer Joel Esler
Saturday, 22 October
SERVER ADDRESSES Pratik Kumawat
Sunday, 23 October
Re: SERVER ADDRESSES Joel Esler
Re: HI Joel Esler
Monday, 24 October
snort 2.9.1.2 uild 84 packages for RHEL5.x and RHEL6.x vincent
Tuesday, 25 October
sid:19559 BAD-TRAFFIC SSH brute force login attempt False Positive Thibaut PIRONNEAU
Fine tuning portscan Lay, James
Re: Fine tuning portscan Joel Esler
Re: Fine tuning portscan JJC
Re: sid:19559 BAD-TRAFFIC SSH brute force login attempt False Positive Alex Kirk
Snort 2.9.1.2 unknown preprocessor Document Retention
Re: Snort 2.9.1.2 unknown preprocessor Joel Esler
(no subject) cnuddep
Re: Fine tuning portscan Lay, James
Re: missing pcaps for alerts John Ives
Re: missing pcaps for alerts Joel Esler
Wednesday, 26 October
Re: [Snort-Users] BAD-TRAFFIC small or zero-sized tcp window Kevin Ross
2.9.1.2 rebuild problems John York
Re: [Snort-Users] BAD-TRAFFIC small or zero-sized tcp window Kevin Ross
Thursday, 27 October
Email Tracking Code Signature Simeon Bush
Sourcefire VRT Certified Snort Rules Update 2011-10-27 Research
Friday, 28 October
Snort 2.9.2 Beta Now Available Snort Releases
Snort 2.9.2 Beta Now Available Snort Releases
Saturday, 29 October
Host attribute table validation / usage Enrico Papi
Create error "daq_nfq.la" on debian6/ubuntu11.10 64bit Pascal Holthaus
Sunday, 30 October
Re: Create error "daq_nfq.la" on debian6/ubuntu11.10 64bit Martin Holste
Monday, 31 October
Re: Host attribute table validation / usage Joel Esler
Ubuntu 11.04 / 10 rulesset Marcin Nawrocki
Re: Ubuntu 11.04 / 10 rulesset Mike Lococo
Re: Ubuntu 11.04 / 10 rulesset Joel Esler
Re: Email Tracking Code Signature Lay, James
Re: Ubuntu 11.04 / 10 rulesset Nick Moore
Re: Ubuntu 11.04 / 10 rulesset Mike Lococo
Re: Ubuntu 11.04 / 10 rulesset Joel Esler
Re: Create error "daq_nfq.la" on debian6/ubuntu11.10 64bit Russ Combs
Tuesday, 01 November
Fwd: [snorby] VRT/ET/Local rule look-ups by assigned sid range. (#138) Will Metcalf
Re: [snorby] VRT/ET/Local rule look-ups by assigned sid range. (#138) Joel Esler
Re: Fwd: [snorby] VRT/ET/Local rule look-ups by assigned sid range. (#138) JJC
Re: Ubuntu 11.04 / 10 rulesset Randal T. Rioux
Re: Ubuntu 11.04 / 10 rulesset Joel Esler
Wednesday, 02 November
Access to the flow's SYN and SYN-ACK packet ndritsos
Capturing packets with daemonlogger using GMT as a timestamp carlopmart
Sourcefire VRT Certified Snort Rules Update 2011-11-02 Research
VRT: Say Hello to the file-identify category Joel Esler
Detecting TCP session without data after three-way handshake Willst Mail
Thursday, 03 November
CrossCompiling Snort Pratik Kumawat
snort error Pawan Lal
Re: Detecting TCP session without data after three-way handshake Edward Fjellskål
Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Context IS - Disclosure
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Bad Horse
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Martin Holste
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures JJ Cummings
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Bad Horse
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Context IS - Disclosure
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Jamie Riden
Re: Context: Malware Blog Post on Dark Comet RAT with Snort Signatures Martin Holste
Re: Detecting TCP session without data after three-wayhandshake Jason Haar
Friday, 04 November
Re: Detecting TCP session without data after three-wayhandshake Giles Coochey
Re: Detecting TCP session without data after three-wayhandshake Martin Holste
Re: Detecting TCP session without data after three-wayhandshake Seth Hall
Rule Lay, James
New Rules Heads Up Gibson, Nathan J. (HSC)
Re: New Rules Heads Up Joel Esler
Re: New Rules Heads Up Joel Esler
Re: New Rules Heads Up Gregory Zill
Re: New Rules Heads Up Joel Esler
Re: Rule rmkml
Re: New Rules Heads Up Lay, James
Re: Rule Joel Esler
Sourcefire VRT Certified Snort Rules Update 2011-11-04 Research
Re: Rule Lay, James
Re: Capturing packets with daemonlogger using GMT as a timestamp Richard Bejtlich
Saturday, 05 November
Several problems with snort 2.9.1.2 under OpenBSD 5.0 carlopmart
Re: [Snort-Users] Several problems with snort 2.9.1.2 under OpenBSD 5.0 Joel Esler
Re: [Snort-Users] Several problems with snort 2.9.1.2 under OpenBSD 5.0 Joel Esler
Re: Several problems with snort 2.9.1.2 under OpenBSD 5.0 Randal T. Rioux
Monday, 07 November
Sourcefire VRT Certified Snort Rules Update 2011-11-07 Research
Tuesday, 08 November
Question on http_inspect Owen Blandford
Re: Question on http_inspect Lay, James
Sourcefire VRT Certified Snort Rules Update 2011-11-08 Research
test Paul Wong
Wednesday, 09 November
Stream5 and Frag3 preprocessors Pablo Cantos
Slow Start Times (5 minutes +) Eoin Miller
Thursday, 10 November
IDS Mode - hierarchical order Marcin Nawrocki
Re: Slow Start Times (5 minutes +) JJC
Re: Slow Start Times (5 minutes +) Eoin Miller
Regarding snort.conf HOME_NET and EXTERNAL_NET Brandon Phelps
Sourcefire VRT Certified Snort Rules Update 2011-11-10 Research
Friday, 11 November
Pulledpork error Peter Bates
Re: Regarding snort.conf HOME_NET and EXTERNAL_NET Adam Hogan
Data link type error Qinwen Hu
Looking for an alternative to BASE Michael Steele
Re: Looking for an alternative to BASE carlopmart
Re: Looking for an alternative to BASE Richard Bejtlich
Re: Looking for an alternative to BASE Michael Steele
Saturday, 12 November
Re: Looking for an alternative to BASE Michael Steele
Re: Looking for an alternative to BASE Michael Steele
Re: Looking for an alternative to BASE carlopmart
Re: Looking for an alternative to BASE Dewhirst, Rob
Re: Looking for an alternative to BASE James Lay
Re: Looking for an alternative to BASE Michael Steele
Sunday, 13 November
snort not logging full output to syslog Rajeev Sinha
Re: snort not logging full output to syslog Joel Esler
Re: snort not logging full output to syslog Rajeev Sinha
[PATCH] Add non-IP layer 3 detection via new 'ether_type' keyword and 'eth' protocol Joshua Kinard
Monday, 14 November
Snort too verbose Rick Chisholm
undescribed alerts Rick Chisholm
Re: undescribed alerts JJC
Re: undescribed alerts Scott Runnels
Re: undescribed alerts JJC
Re: Snort too verbose Joel Esler
Re: Snort too verbose Rick Chisholm
Re: undescribed alerts Rick Chisholm
Re: Snort too verbose Joel Esler
Re: Snort too verbose Rick Chisholm
Question for the Guru's John Liss
Re: Snort too verbose Joel Esler
Re: Question for the Guru's Joel Esler
Re: Question for the Guru's carlopmart
Re: Question for the Guru's NA
Re: Question for the Guru's carlopmart
A question about disable sids with pulledpork carlopmart
Re: A question about disable sids with pulledpork JJ Cummings
how to configure dual-nic-setup-using-portscan Pawan Lal
Re: Question for the Guru's John Liss
Re: Question for the Guru's NA
Re: Question for the Guru's John Liss
Dynamic preprocessor or plugins accessing sonrt configurations snort user
Re: A question about disable sids with pulledpork carlopmart
Re: A question about disable sids with pulledpork Lay, James
Re: A question about disable sids with pulledpork carlopmart
Re: A question about disable sids with pulledpork JJ Cummings
Snort Inline mode!! Pratik Kumawat
Tuesday, 15 November
Re: A question about disable sids with pulledpork carlopmart
Re: Snort Inline mode!! NA
Sourcefire VRT Certified Snort Rules Update 2011-11-15 Research
ssp_ssl preprocessor vincent
SSL DoS Signatures Gibson, Nathan J. (HSC)
snort wireless card "ERROR: Can't start DAQ (-1) - ê!î☺!" codeforfun
Re: snort wireless card "ERROR: Can't start DAQ (-1) - ê!î???!" codeforfun
Re: [Snort-users] snort wireless card "ERROR: Can't start DAQ (-1) - ê!î???!" acv
Snort: Cannot decode data link type Qinwen Hu
Snort: cannot decode data link type Qinwen Hu
Wednesday, 16 November
Re: how to configure dual-nic-setup-using-portscan Nick Moore
Re: Snort Inline mode!! NA
New IDS best practise Michael Maymann
HTTP over 443/TCP Eoin Miller
Re: Question for the Guru's John Liss
any rule for BIND 9 Resolver DoS? Jason Haar
Thursday, 17 November
Re: New IDS best practise Mark W. Jeanmougin
Re: any rule for BIND 9 Resolver DoS? Joel Esler
Re: Question for the Guru's Joel Esler
Re: New IDS best practise Kevin Ross
Re: New IDS best practise Martin Holste
Detecting last bind vulnerability? rmkml
Re: Detecting last bind vulnerability? Lay, James
Re: New IDS best practise Joel Esler
Re: New IDS best practise Martin Holste
Re: New IDS best practise beenph
Re: New IDS best practise Dustin Webber
Re: New IDS best practise Martin Holste
Re: New IDS best practise beenph
Friday, 18 November
Snort on OpenBSD 5.0 amd64 ML mail
Re: Snort on OpenBSD 5.0 amd64 carlopmart
Re: Snort on OpenBSD 5.0 amd64 ML mail
Re: Snort on OpenBSD 5.0 amd64 carlopmart
Displaying few packets before a matched packet Arvind S Raj
Re: Displaying few packets before a matched packet Martin Holste
Brief Description of Rule Sets Bill Pickens
Re: Brief Description of Rule Sets Joel Esler
Re: Displaying few packets before a matched packet carlopmart
Port agnostic application layer protocol identification and parsing Miso Patel
Re: Displaying few packets before a matched packet Martin Holste
Re: Port agnostic application layer protocol identification and parsing Bennett Todd
Saturday, 19 November
Some packets logging packet data James Lay
Sunday, 20 November
Weevely PHP Backdoor - Rule Proposal Anestis Bechtsoudis
Re: Weevely PHP Backdoor - Rule Proposal Martin Holste
Re: Weevely PHP Backdoor - Rule Proposal Anestis Bechtsoudis
Re: Weevely PHP Backdoor - Rule Proposal Martin Holste
Re: Weevely PHP Backdoor - Rule Proposal Joel Esler
Re: [PATCH] Add non-IP layer 3 detection via new 'ether_type' keyword and 'eth' protocol Joshua Kinard
Fast-pattern matcher does not honor ignore_data in the SMTP Preprocessor Joshua Kinard
Monday, 21 November
snort error Pawan Lal
Re: snort wireless card "ERROR: Can't start DAQ (-1) - ê!î???!" codeforfun
how to update snort codeforfun
Re: how to update snort Joel Esler
Re: how to update snort codeforfun
path to dynamic rules libraries Windows codeforfun
Re: path to dynamic rules libraries Windows Joel Esler
Re: path to dynamic rules libraries Windows codeforfun
Re: path to dynamic rules libraries Windows Joel Esler
Tuesday, 22 November
Re: Brief Description of Rule Sets Enrico
PulledPork puts empty snort.rules file in rules dir codeforfun
PulledPork puts empty snort.rules file in rules dir codeforfun
Re: Brief Description of Rule Sets Joel Esler
Re: PulledPork puts empty snort.rules file in rules dir JJC
Snort EOL Policy Joel Esler
Wednesday, 23 November
Barnyard2 creating lots of tcpdump files Peter Bates
What does snort pcaps include -->/var/log/snort/ amN0P
Re: Barnyard2 creating lots of tcpdump files beenph
Re: Some alerts not logging packet data James Lay
OpenSource RFMON driver WinXp codeforfun
Monday, 28 November
[PATCH] Null p->eh in DecodeEthPkt if discarding packet Joshua Kinard
Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Joel Esler
Re: Fast-pattern matcher does not honor ignore_data in the SMTP Preprocessor Joel Esler
Re: [PATCH] Add non-IP layer 3 detection via new 'ether_type' keyword and 'eth' protocol Joel Esler
Re: Fast-pattern matcher does not honor ignore_data in the SMTP Preprocessor Joel Esler
Re: Fast-pattern matcher does not honor ignore_data in the SMTP Preprocessor Joshua Kinard
Snort-Inline-1interface Juan Carlos
Snort 2.9.2 RC Now Available Snort Releases
Snort 2.9.2 RC Now Available Snort Releases
Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Ryan Jordan
Sourcefire VRT Certified Snort Rules Update 2011-11-28 Research
Snort 2.8.6.1 EOL Reminder Joel Esler
Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Joshua Kinard
Tuesday, 29 November
best signatures set ahmad reza noroozi
Re: HTTP over 443/TCP Joel Esler
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011 Dragos Ruiu
Wednesday, 30 November
Re: Some alerts not logging packet data James Lay
How to best do DB *and* syslog logging? Miguel Alvarez
Re: How to best do DB *and* syslog logging? Joel Esler
Re: How to best do DB *and* syslog logging? Eoin Miller
Re: How to best do DB *and* syslog logging? beenph
Re: How to best do DB *and* syslog logging? Martin Holste
Re: How to best do DB *and* syslog logging? Dustin Webber
Re: Snort-users Digest, Vol 66, Issue 25 Matthew Meersman
Re: How to best do DB *and* syslog logging? Miguel Alvarez
Thursday, 01 December
Sourcefire VRT Certified Snort Rules Update 2011-12-01 Research
performance improvement with pcre v8.20 + jit ? rmkml
Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder L0rd Ch0de1m0rt
Re: [Snort-users] performance improvement with pcre v8.20 + jit ? Joel Esler
Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Jefferson, Shawn
Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder L0rd Ch0de1m0rt
Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Joel Esler
Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Matthew Jonkman
Re: How to best do DB *and* syslog logging? beenph
Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Mike Lococo
Re: [Emerging-Sigs] [Snort-users] Snort 2.8.6.1 EOL Reminder Joel Esler
Wayne Chang is out of the office Wayne Chang
Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Jeff Kell
Friday, 02 December
Re: [Emerging-Sigs] [Snort-users] Snort 2.8.6.1 EOL Reminder Joel Esler
2.9.1.2/2.9.2 and Active Response Jim Hranicky
Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Nathan
Re: [Snort-sigs] [Emerging-Sigs] Snort 2.8.6.1 EOL Reminder Matthew Jonkman
Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Joel Esler
Re: [Emerging-Sigs] [Snort-Sigs] Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Joel Esler
Re: [Snort-Sigs] Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Matthew Jonkman
Re: Wayne Chang is out of the office Randal T. Rioux
Saturday, 03 December
ProFTPD FreeBSD FTPD remote root exploit rules Ozan UÇAR
Sunday, 04 December
Question about Inline mode Albert E. Whale
GRE Rule vmpc vmpc
Re: GRE Rule PS
Re: Question about Inline mode NA
Re: Question about Inline mode Albert E. Whale
Re: Question about Inline mode Michael Altizer
(no subject) Daugherty Bryan
Monday, 05 December
Re: GRE Rule Dina Bruzek
Amazon EC2 Snort Image Raphael Lechner
Amazon EC2 Snort Image Raphael Lechner
Re: (no subject) Joel Esler
Re: GRE Rule Joel Esler
Reputation Preprocessor Shlomi Musseri
Re: Wayne Chang is out of the office Castle, Shane
Re: Question about Inline mode John Liss
Re: Wayne Chang is out of the office Martin Holste
Tuesday, 06 December
Latest snort.conf Weir, Jason
Snort Manual - --enable-mpls missing Weir, Jason
Re: Latest snort.conf Joel Esler
Re: Latest snort.conf Weir, Jason
Re: Snort Manual - --enable-mpls missing Eoin Miller
Re: Snort Manual - --enable-mpls missing Weir, Jason
Re: Snort Manual - --enable-mpls missing Joel Esler
Re: Latest snort.conf Joel Esler
Re: Latest snort.conf Weir, Jason
Re: Latest snort.conf Joel Esler
Re: Latest snort.conf Weir, Jason
Re: Latest snort.conf Joel Esler
Re: Latest snort.conf Weir, Jason
sid:13272; rule is not so good Miso Patel
Re: GRE Rule Bad Horse
Re: sid:13272; rule is not so good Joel Esler
Re: sid:13272; rule is not so good rmkml
Re: sid:13272; rule is not so good Miso Patel
Re: sid:13272; rule is not so good rmkml
Re: Latest snort.conf Joel Esler
Re: Latest snort.conf Weir, Jason
Re: sid:13272; rule is not so good Miso Patel
Re: sid:13272; rule is not so good Joel Esler
Re: sid:13272; rule is not so good rmkml
Re: sid:13272; rule is not so good Will Metcalf
Wednesday, 07 December
2.9.2-rc segfaults Jim Hranicky
Re: 2.9.2-rc segfaults Russ Combs
Re: 2.9.2-rc segfaults Jim Hranicky
Sourcefire VRT Certified Snort Rules Update 2011-12-07 Research
Reputation Preprocessor Shlomi Musseri
Re: Reputation Preprocessor Joel Esler
[HITB-Announce] HITB2012AMS Call For Papers Now Open Hafez Kamal
Thursday, 08 December
broke snort. file_data_ports Michael Scheidell
Re: Sourcefire VRT Certified Snort Rules Update 2011-12-07 Michael Scheidell
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Weir, Jason
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Weir, Jason
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell
Re: broke snort. file_data_ports Nigel Houghton
Re: broke snort. file_data_ports Michael Scheidell
Re: broke snort. file_data_ports Nigel Houghton
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Nigel Houghton
Re: Sourcefire VRT Certified Snort Rules Update 2011-12-07 Geoffrey Sanders
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler
Re: Sourcefire VRT Certified Snort Rules Update 2011-12-07 Michael Scheidell
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Michael Scheidell
Re: Sourcefire VRT Certified Snort Rules Update2011-12-07 Joel Esler
Friday, 09 December
update via oinkmaster PAURON, GUILLAUME (GUILLAUME)
Re: update via oinkmaster JJC
Re: update via oinkmaster Joel Esler
Re: update via oinkmaster PAURON, GUILLAUME (GUILLAUME)
Re: update via oinkmaster Joel Esler
Re: update via oinkmaster PAURON, GUILLAUME (GUILLAUME)
Re: update via oinkmaster Joel Esler
Re: update via oinkmaster PAURON, GUILLAUME (GUILLAUME)
Re: update via oinkmaster Joel Esler
Re: update via oinkmaster JJC
how to block attacker in switch? st4rtx
i have a broblem in pulledpork st4rtx
Saturday, 10 December
Re: i have a broblem in pulledpork Joel Esler
Re: how to block attacker in switch? Joel Esler
Re: [Emerging-Sigs] Rule 18773 Joel Esler
Re: i have a broblem in pulledpork JJ Cummings
snort not record alert troxlinux
Newbie question: reject rule for IPv6 K b
Re: Newbie question: reject rule for IPv6 JJ Cummings
Sunday, 11 December
Re: Newbie question: reject rule for IPv6 K b
Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen
Re: Need help to detect BOTNET-CNC Palevo bot DNS attack James Lay
Re: Newbie question: reject rule for IPv6 K b
Monday, 12 December
Re: Newbie question: reject rule for IPv6 K b
Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Jason Haar
Re: Need help to detect BOTNET-CNC Palevo bot DNSattack babu dheen
Re: Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen
Re: Need help to detect BOTNET-CNC Palevo bot DNS attack babu dheen
overloaded system after upgrading Yossi Asayag
overloaded system after upgrading Yossi Asayag
I wanna log packets to database of which the ip_src is my own pc, but failed. Kinka
Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Martin Holste
Re: Need help to detect BOTNET-CNC Palevo bot DNS attack Kevin Ross
RE : overloaded system after upgrading rmkml () yahoo fr
Re: [Emerging-Sigs] Rule 18773 Lay, James
Re: Reputation Preprocessor Hui Cao
automatically generate and email a daily report? MLP SCADA
Re: automatically generate and email a daily report? Lay, James
Tuesday, 13 December
Re: Need help to detect BOTNET-CNC Palevo bot DNSattack babu dheen
Re: RE : overloaded system after upgrading Yossi Asayag
RE : Re: RE : overloaded system after upgrading rmkml () yahoo fr
Re: RE : Re: RE : overloaded system after upgrading Yossi Asayag
[Stats] Get dropped packets count while snort runing (/proc/xxxx search) Thibault - Gonfreecs -
Get dropped packets count while snort runing (/proc/xxxx search) tito toto
Re: automatically generate and email a daily report? Martin Holste
Re: Need help to detect BOTNET-CNC Palevo bot DNSattack Martin Holste
Re: [Stats] Get dropped packets count while snort runing (/proc/xxxx search) Joel Esler
RE : Re: RE : Re: RE : overloaded system after upgrading rmkml () yahoo fr
Re: [Stats] Get dropped packets count while snort runing (/proc/xxxx search) Jefferson, Shawn
Sourcefire VRT Certified Snort Rules Update 2011-12-13 Research
pppoe Виктор Захаров
Re: [Stats] Get dropped packets count while snort runing (/proc/xxxx search) Joel Esler
Hogger Mike Kun
Re: Hogger Jefferson, Shawn
Re: Hogger Joel Esler
Wednesday, 14 December
Re: [Stats] Get dropped packets count while snort runing (/proc/xxxx search) Thibault SOC
Re: Hogger Edward Fjellskål
RE : Re: RE : Re: RE : Re: RE : overloaded system after upgrading rmkml () yahoo fr
Re: [Stats] Get dropped packets count while snort runing (/proc/xxxx search) Thibault SOC
Snort 2.9.2 Now Available Snort Releases
Snort 2.9.2 Now Available Snort Releases
Error Building Snort 2.9.1.2 on FreeBSD, Fix preinstall flex Robert Z
Thursday, 15 December
FreeBSD 9 or 8.x to install snort 2.9.2 carlopmart
Snort.conf examples page to be updated? Weir, Jason
Re: FreeBSD 9 or 8.x to install snort 2.9.2 Russ Combs
Re: FreeBSD 9 or 8.x to install snort 2.9.2 carlopmart
Re: Snort.conf examples page to be updated? Joel Esler
Re: Snort.conf examples page to be updated? Weir, Jason
lex is insufficient? (daq 0.6.2) tgiles
Re: lex is insufficient? (daq 0.6.2) Michael Altizer
Friday, 16 December
Re: [Snort-users] lex is insufficient? (daq 0.6.2) tgiles
Re: lex is insufficient? (daq 0.6.2) Michael Altizer
Problem About running Snort Agbede Bunmi Michael
AUTO: Mark J Payette is out of the office. (returning 01/03/2012) mpayette
Snort uses 90% of CPU babu dheen
Saturday, 17 December
Re: Error Building Snort 2.9.1.2 on FreeBSD, Fix preinstall flex Ryan Steinmetz
Re: Snort uses 90% of CPU Yossi Asayag
Sunday, 18 December
Re: RE : Re: RE : Re: RE : Re: RE : overloaded system after upgrading rmkml
Input daq/patch for reading from daemonlogger output files Bjørnar Ness
Could not stat dynamic module path "/usr/lib64/snort_dynamicrule" Shane
Monday, 19 December
disable frag3 Azfar Hashmi
Re: Could not stat dynamic module path "/usr/lib64/snort_dynamicrule" Jefferson Diego Gomes Rosa
Re: disable frag3 Joel Esler
Re: Could not stat dynamic module path"/usr/lib64/snort_dynamicrule" Lay, James
Sourcefire VRT Certified Snort Rules Update 2011-12-19 Research
Re: disable frag3 Azfar Hashmi
Fwd: Re: disable frag3 Azfar Hashmi
Tuesday, 20 December
Re: Fwd: Re: disable frag3 Joel Esler
Wednesday, 21 December
about ParseSnortConf function in 2.9.2 || configuration file parsing based on policy id why? mitesh jadia
rules update on 2.8 hermit
Re: rules update on 2.8 Nick Moore
Re: rules update on 2.8 hermit
Re: rules update on 2.8 Joel Esler
Cross compiling dynamic preprocessors cannot resolve _dpd Ron Brash
Re: rules update on 2.8 Nick Moore
DCERCP2 support for byte_extract not implemented? Joshua Kinard
Thursday, 22 December
Re: rules update on 2.8 Jason Haar
Friday, 23 December
Re: Fwd: Re: disable frag3 Azfar Hashmi
Re: Fwd: Re: disable frag3 Joel Esler
UDP packet size limit Document Retention
Re: UDP packet size limit Russ Combs
RE : UDP packet size limit rmkml () yahoo fr
RE : UDP packet size limit rmkml () yahoo fr
Saturday, 24 December
byte_jump + Stream5, should it work? Shaiming Hsiung
can't log send out packets hzmiaowang
Re: byte_jump + Stream5, should it work? rmkml
Re: Cross compiling dynamic preprocessors cannot resolve _dpd Jason Wallace
Re: Cross compiling dynamic preprocessors cannot resolve _dpd Joel Esler
Re: byte_jump + Stream5, should it work? Joel Esler
Re: can't log send out packets Joel Esler
Monday, 26 December
[PATCH] Add a better example for pcre in the manual Joshua Kinard
Re: [PATCH] Add non-IP layer 3 detection via new 'ether_type' keyword and 'eth' protocol Joshua Kinard
[PATCH] Remove the variable modifiers section in the manual. Joshua Kinard
Snort /var/log/snort/tcpdump<> amN0P
[PATCH] Add 'mask' parameter to byte_jump and byte_extract Joshua Kinard
Re: Snort /var/log/snort/tcpdump<> Eoin Miller
Tuesday, 27 December
Re: byte_jump + Stream5, should it work? Shaiming Hsiung
Re: Snort /var/log/snort/tcpdump<> Amit B
Re: byte_jump + Stream5, should it work? rmkml
Re: [Snort-users] byte_jump + Stream5, should it work? rmkml
snort.conf in 2.9.2 and VRT tarball Miguel Alvarez
Wednesday, 28 December
Snort Return/Response packets Thibault SOC
Re: Snort Return/Response packets Alex Kirk
Re: Snort Return/Response packets Thibault SOC
Sourcefire VRT Certified Snort Rules Update 2011-12-27 Research
Changes made to the Snort.conf Joel Esler
snort seminars in germany ? macbroadcast
Re: [Snort-Sigs] Changes made to the Snort.conf Miguel Alvarez
Snort Manual - 3.5.21 urilen Eoin Miller
Re: can't log send out packets hzmiaowang
Thursday, 29 December
Re: Technical queries Joel Esler
Re: [Snort-Sigs] Changes made to the Snort.conf Joel Esler
Friday, 30 December
Snort daq / nfq / "content: " not working... Jesko Mägle
Pulled Pork - Error 500 when fetching Jomana Malone
Re: Technical queries Sandip Bankewar
FW: Technical queries Sandip Bankewar
fast pattern matcher and http_cookie? Eoin Miller
Re: snort.conf in 2.9.2 and VRT tarball Joel Esler
Re: snort.conf in 2.9.2 and VRT tarball Miguel Alvarez