Snort mailing list archives

Re: Snort-users Digest, Vol 72, Issue 37

From: Dennis Circolone <djcircolone () gmail com>
Date: Fri, 18 May 2012 14:48:47 -0500

Thanks for the information but it didn't really address the error I was
getting. I added screen shots with the errors to my original email , were
you able to see the error or are you telling me not to use base because
there is no fix?

On Fri, May 18, 2012 at 1:10 PM,
<snort-users-request () lists sourceforge net>wrote:

Send Snort-users mailing list submissions to
       snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
       https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
       snort-users-request () lists sourceforge net

You can reach the person managing the list at
       snort-users-owner () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


When responding, please don't respond with the entire Digest.  Please trim
your response.

Today's Topics:

  1. Re: php, base issue (Greg Williams)


----------------------------------------------------------------------

Message: 1
Date: Fri, 18 May 2012 12:10:47 -0600
From: Greg Williams <alphawebfx () gmail com>
Subject: Re: [Snort-users] php, base issue
To: Doug Burks <doug.burks () gmail com>
Cc: "snort-users () lists sourceforge net"
       <snort-users () lists sourceforge net>,    Dennis Circolone
       <djcircolone () gmail com>
Message-ID:
       <CAH1YzBQFPVKCOpUkwYkfaZUzjFrX78v5fw2j3dda1i58aC+iLQ () mail gmail com

Content-Type: text/plain; charset="iso-8859-1"

Thanks Doug.  I'll probably try it again after you guys rebuild it with
12.04.  I could have also been my hard drives.  They died about a month
after I tested Security Onion.  I would like to test further at some point.
 Thanks for the link though.  I'll remember it when I go through testing
again.

On Fri, May 18, 2012 at 12:05 PM, Doug Burks <doug.burks () gmail com> wrote:

Hi Greg,

We'd be glad to help you troubleshoot any performance issues you're

having

with Security Onion over on our mailing list:
http://groups.google.com/group/security-onion

Thanks,
Doug

On Fri, May 18, 2012 at 1:56 PM, Greg Williams <alphawebfx () gmail com
wrote:

I tried it and was a little disappointed in how slow it was running for
me.  I only gave it about 15 minutes, but I was definitely losing more
packets than my custom install.  Maybe it's better now. ~400-500 MBps
sustained.


On Fri, May 18, 2012 at 11:53 AM, Rick Chisholm <chavez243 () gmail com

wrote:

FWIW - you can always take a look at Security Onion - it has a bunch of
Snort front-ends you can play with.

First we had ACID and it went ker-splat, then BASE, which is dying on
the vine. Not sure what the next move is, all I know is that I need a
functional front-end and for right now that's Snorby.


On Fri, May 18, 2012 at 1:46 PM, Greg Williams <alphawebfx () gmail com

wrote:

Well said! I 100% agree. Even though I have alerts forwarding via
syslog to other destinations like Splunk, there is just something

about

BASE that trumps everything else.  I've tried many other apps as well
including Snorby and Sguil.



On May 18, 2012, at 11:36 AM, Ron Sinclair <unixfool () gmail com>

wrote:


I hear such statements all the time.  Would be nice if someone took
BASE and revamped (but not whole-hog) it.

I've been using BASE for almost 10 years, even after using both Sguil
and Snorby.  There's something about BASE that Snorby just can't
match...just my opinion.  I do check Snorby from time to time to

assess any

new features.  Last I checked, it still had a long way to go, so I

kept

using BASE.  Sguil...I don't know, since I never force myself to spend
enough time to better utilize it.  I usually just get frustrated and

wipe

it out.

BASE seems less maintenance intensive than either Sguil and Snorby.  I
don't want to have to learn Ruby/Rails to use Snorby.  I didn't

really have

to understand all that much about PHP to begin using BASE, and I

already

had a good knowledge of MySQL, Snort, and Apache (and a multitude of

other

things).  I'll be using BASE for another 10 years, or until something

else

(that isn't Sguil or Snorby) is released. If that doesn't happen,

I'll go

straight to the raw logs and begin using correlation scripts and

tools.


On Fri, May 18, 2012 at 1:06 PM, Rick Chisholm <chavez243 () gmail com

wrote:

Hi Dennis:

BASE is getting pretty long in the tooth, does not appear to be
actively developed and as PHP advances, is slowly breaking. It is

advisable

to switch to something like Snorby, Sguil etc.

 On Fri, May 18, 2012 at 12:37 PM, Dennis Circolone <
djcircolone () gmail com> wrote:

 Hello,
I have configured snort-2.9.2.2 on an opensuse 12.1 box, everything
is working great except for the portscan traffic stays at 0% after

an NMAP

test and when I select source ports link or dest ports link I

recieve an

error.Does anyone know how I can resolve this issue?


 Basic Analysis and Security Engine (BASE)

    - Today's alerts: unique<

http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+

listing<

http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1>
Source

IP<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
Destination

IP<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
 -

Last 24 Hours alerts: unique<

http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+

listing<

http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1>
Source

IP<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
Destination

IP<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
 -

Last 72 Hours alerts: unique<

http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+

listing<

http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1>
Source

IP<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
Destination

IP<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
 -

Most recent 15 Alerts: any protocol<

http://10.2.7.170/base/base_qry_main.php?new=1&caller=last_any&num_result_rows=-1&submit=Last%20Any

TCP<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&caller=last_tcp&num_result_rows=-1&submit=Last%20TCP

UDP<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&caller=last_udp&num_result_rows=-1&submit=Last%20UDP

ICMP<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&caller=last_icmp&num_result_rows=-1&submit=Last%20ICMP>
-

Last Source Ports: any protocol<

http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=-1&sort_order=last_d

TCP<

http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=6&sort_order=last_d

UDP<

http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=17&sort_order=last_d>
-

Last Destination Ports: any protocol<

http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=-1&sort_order=last_d

TCP<

http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=6&sort_order=last_d

UDP<

http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=17&sort_order=last_d>
-

Most Frequent Source Ports: any protocol<

http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=-1&sort_order=occur_d

TCP<

http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=6&sort_order=occur_d

UDP<

http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=17&sort_order=occur_d>
-

Most Frequent Destination Ports: any protocol<

http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=-1&sort_order=occur_d

TCP<

http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=6&sort_order=occur_d

UDP<

http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=17&sort_order=occur_d>
-

Most frequent 15 Addresses: Source<

http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=1&sort_order=occur_d

Destination<

http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=2&sort_order=occur_d>
-

Most recent 15 Unique Alerts<

http://10.2.7.170/base/base_stat_alerts.php?caller=last_alerts&sort_order=last_d>
-

Most frequent 5 Unique Alerts<

http://10.2.7.170/base/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d

 *Queried on *: Fri May 18, 2012 16:34:43
*Database:* snort@localhost    (*Schema Version:* 107)
*Time Window:* [2012-05-18 11:05:19] - [2012-05-18 11:06:55]
 *Search <http://10.2.7.170/base/base_qry_main.php?new=1>*
*Graph Alert Data <http://10.2.7.170/base/base_graph_main.php>*
Graph Alert Detection Time<

http://10.2.7.170/base/base_stat_time.php>


------------------------------
  *Sensors/Total:* 1 <http://10.2.7.170/base/base_stat_sensor.php>

2
*Unique Alerts:* 1 <http://10.2.7.170/base/base_stat_alerts.php>
*Categories: *1<

http://10.2.7.170/base/base_stat_class.php?sort_order=class_a>

*Total Number of Alerts:* 48<

http://10.2.7.170/base/base_qry_main.php?&num_result_rows=-1&submit=Query+DB&current_view=-1


   - Src IP addrs: 13<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1>

   - Dest. IP addrs: 1<

http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2>

   - Unique IP links 13 <

http://10.2.7.170/base/base_stat_iplink.php>

   -

   Source Ports: 2<

http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=-1>

   -
      - TCP ( 0<

http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=6>)  UDP

      ( 2<

http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=17>

      )
   - Dest Ports: 2<

http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=-1>

   -
      - TCP ( 0<

http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=6>)  UDP

      ( 2<

http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=17>

      )

*Traffic Profile by Protocol*  TCP (0%)<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB

   UDP (100%)<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&num_result_rows=-1&sort_order=time_d&submit=Query+DB

     ICMP (0%)<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&num_result_rows=-1&sort_order=time_d&submit=Query+DB


------------------------------
  Portscan Traffic (0%)<

http://10.2.7.170/base/base_qry_main.php?new=1&layer4=RawIP&num_result_rows=-1&sort_order=time_d&submit=Query+DB



  Basic Analysis and Security Engine (BASE)
  Home <http://10.2.7.170/base/base_main.php>  |   Search<

http://10.2.7.170/base/base_qry_main.php?new=1>


  [ Back <http://10.2.7.170/base/base_main.php?back=1&;> ]

/srv/www/htdocs/base/includes/base_cache.inc.php:556: ERROR:
$number_sensors_array is NOT an array!


/srv/www/htdocs/base/includes/base_cache.inc.php:564: ERROR:
$number_sensors_array is either NULL or empty!

 *Queried on* : Fri May 18, 2012 16:36:23      Meta Criteria *   any
*   IP Criteria *   any *   Layer 4 Criteria *   none * Payload
Criteria *   any *

*No Alerts were found.*

         <<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_a

 Port ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_a

 Sensor ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_a

 Occurrences ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_a

Unique Alerts ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_a

 Src. Addr. ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_a

 Dest. Addr. ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_a

 First ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_d

<<

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_a

 Last ><

http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_d

     ACTION
{ action }ADD to AG (by ID)ADD to AG (by Name)Create AG (by

Name)Delete

alert(s)Email alert(s) (full)Email alert(s) (summary)Email alert(s)
(csv)Archive alert(s) (copy)Archive alert(s) (move)

------------------------------------------------------------------------------

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the

latest

Snort news!




--
Rick Chisholm
http://parallel42.ca
http://appliedusers.ca
=========================
"There is no faith which has never yet been broken, except that of a
truly faithful dog." - Konrad Lorenz

------------------------------------------------------------------------------

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!



--
Rick Chisholm
http://parallel42.ca
http://appliedusers.ca
=========================
"There is no faith which has never yet been broken, except that of a
truly faithful dog." - Konrad Lorenz

------------------------------------------------------------------------------

Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.

Discussions

will include endpoint security, mobile security and the latest in

malware

threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




--
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012

-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest, Vol 72, Issue 37
*******************************************

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snort-users Digest, Vol 72, Issue 37 Dennis Circolone (May 18)