Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

1238 messages starting Feb 22 13 and ending Mar 15 13
Date index | Thread index | Author index

.

newbie question about pass and alert directive . (Feb 22)

abed mohammad kamaluddin

Huge performance drop for Snort-2.9.4 abed mohammad kamaluddin (Feb 07)
Re: Optimized implementation of AC and AC_Q pattern matching algorithms abed mohammad kamaluddin (Jan 26)
Re: Huge performance drop for Snort-2.9.4 abed mohammad kamaluddin (Feb 08)
Re: Optimized implementation of AC and AC_Q pattern matching algorithms abed mohammad kamaluddin (Jan 26)
Optimized implementation of AC and AC_Q pattern matching algorithms abed mohammad kamaluddin (Jan 25)
Re: Optimized implementation of AC and AC_Q pattern matching algorithms abed mohammad kamaluddin (Jan 28)

Agent Smith

(no subject) Agent Smith (Jan 30)

Aisling Brennan

Reverse shell Aisling Brennan (Mar 25)
Monitor the transfer of files on Skype or other messaging software. Aisling Brennan (Mar 05)
Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Aisling Brennan (Jan 18)
Need help: a custom snort signature that will detect attachments (inbound + outbound) Aisling Brennan (Jan 25)
Any signtures snort or emerging for these threats? Aisling Brennan (Mar 28)
UDP on port 6667 Aisling Brennan (Mar 07)
Reverse shell connections Aisling Brennan (Mar 23)
Safe browsing and proxies Aisling Brennan (Mar 05)
Is it possible their is a signature that will show connected users to certain servers via terminal services? Aisling Brennan (Jan 18)
Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Aisling Brennan (Jan 26)

Alejandro Cabrera Obed

Snort distributions Alejandro Cabrera Obed (Mar 05)
Re: Snort distributions Alejandro Cabrera Obed (Mar 06)
Re: Snort distributions Alejandro Cabrera Obed (Mar 06)

Alex Adamos

Re: Snort 2.9.4 and libsf_engine.so Alex Adamos (Jan 19)
Re: Hash function for ip 4-tuple Alex Adamos (Feb 04)
Re: DPX starter kit installation Alex Adamos (Jan 22)
Re: Problem with acquiring traffic Alex Adamos (Feb 23)
Re: Snort 2.9.4 and libsf_engine.so Alex Adamos (Jan 19)
DPX linker error Alex Adamos (Feb 05)
Re: DPX starter kit installation Alex Adamos (Jan 22)
DPX starter kit installation Alex Adamos (Jan 21)
Re: Dynamic Preprocessor- packets from established flows Alex Adamos (Jan 31)
Re: DPX starter kit installation Alex Adamos (Jan 22)
Re: 'make' Snort to compile my own preprocessor Alex Adamos (Jan 15)
Hash function for ip 4-tuple Alex Adamos (Feb 02)
DPX starter kit installation‏ Alex Adamos (Jan 21)
Re: DPX starter kit installation Alex Adamos (Jan 22)
Re: DPX linker error Alex Adamos (Feb 05)
Re: Problem with acquiring traffic Alex Adamos (Feb 23)
Re: DPX linker error Alex Adamos (Feb 07)
Snort 2.9.4 and libsf_engine.so Alex Adamos (Jan 19)
Problem with acquiring traffic Alex Adamos (Feb 23)
Dynamic Preprocessor- packets from established flows Alex Adamos (Jan 29)
Re: Dynamic Preprocessor- packets from established flows Alex Adamos (Jan 31)
'make' Snort to compile my own preprocessor Alex Adamos (Jan 15)
DPX linker error Alex Adamos (Feb 07)
Re: Problem with acquiring traffic Alex Adamos (Feb 25)

Alexander Grüner

Errors after upgrade to 2.9.4.1 Alexander Grüner (Mar 13)
Re: Errors after upgrade to 2.9.4.1 Alexander Grüner (Mar 14)

alex dina

Fw: Snort Rules alex dina (Feb 14)
(no subject) alex dina (Mar 25)
Re: Fw: Snort Rules alex dina (Feb 15)

Alex Kirk

Re: Pcap filename from --pcap-dir? Alex Kirk (Jan 07)
Re: Question About Threshholds Alex Kirk (Mar 20)
Re: Snort Alert[1:16482:8] Alex Kirk (Mar 26)

Alex McDonnell

Re: malware-cnc.rules Alex McDonnell (Feb 11)
Re: Fw: Snort Rules Alex McDonnell (Feb 15)

ali hamza

Re: 403 error :( ali hamza (Mar 19)
403 error :( ali hamza (Mar 18)
snort.conf has been deleted ali hamza (Mar 10)
ERROR: parser.c(5302) ali hamza (Mar 27)
best suited linux distro for snort? ali hamza (Mar 26)

Alistair Thomson

UNSUBSCRIBE Alistair Thomson (Jan 28)

Amtul Saboor

SNORT PARALLELIZATION SECURITY ISSUES Amtul Saboor (Feb 26)

Andrea Modesto Rossi

Snort, SCADA and DigitalBond Andrea Modesto Rossi (Mar 05)

Andre DiMino

Pcap filename from --pcap-dir? Andre DiMino (Jan 05)

Andy

Re: Restart snort inline without traffic loss? Andy (Feb 07)
Use dyndns to ignore my ip Andy (Feb 15)
Re: Restart snort inline without traffic loss? Andy (Feb 08)
Re: Restart snort inline without traffic loss? Andy (Feb 08)
Re: Restart snort inline without traffic loss? Andy (Feb 06)
Restart snort inline without traffic loss? Andy (Feb 05)
Re: Restart snort inline without traffic loss? Andy (Feb 08)

Andy Richards

Re: Rules across tcp headers & http headers/payload Andy Richards (Mar 05)
Rules across tcp headers & http headers/payload Andy Richards (Mar 04)

annie.st-germain

Options installed in the snort binary annie.st-germain (Mar 20)

Antonin

Re: Java vulnerability detection Antonin (Jan 22)
Java vulnerability detection Antonin (Jan 22)

ARUN PUSHKAR

Re: SNORT Installed properly But not Logging alerts ARUN PUSHKAR (Feb 21)
SNORT Installed properly But not Logging alerts ARUN PUSHKAR (Feb 20)
SNORT-2.9.4 Installed properly but NOT Logging ALERTS ARUN PUSHKAR (Feb 20)

Asiri Rathnayake

Re: Snort Pattern alghoritm Asiri Rathnayake (Mar 08)
Potential vulnerabilities of some Snort regexes Asiri Rathnayake (Jan 16)

Avery Rozar

Re: Snort Processes randonly dies Avery Rozar (Mar 04)
Re: Snort Processes randonly dies Avery Rozar (Mar 04)
Re: Snort doesn't write unified2 files as expected Avery Rozar (Mar 01)
Re: Snort Processes randonly dies Avery Rozar (Mar 01)
Re: Snort as a predefined PID Avery Rozar (Mar 04)
Snort as a predefined PID Avery Rozar (Mar 04)
Snort Processes randonly dies Avery Rozar (Mar 01)

Ayodele Okeowo

Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 21)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 13)
Re: Snort log: Source MAC address record Ayodele Okeowo (Mar 11)
Using Snort in Virtual Machines with PF_RING Ayodele Okeowo (Mar 13)
Re: Snort and my VLANs Ayodele Okeowo (Feb 15)
Re: Using Snort in Virtual Machines with PF_RING Ayodele Okeowo (Mar 13)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
Snort log: Source MAC address record Ayodele Okeowo (Mar 11)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 13)
Re: Snort and my VLANs Ayodele Okeowo (Feb 15)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
Re: Integrating ClamAv into Snort Ayodele Okeowo (Feb 12)

balaji patnala

Re: SNORT openflow balaji patnala (Jan 12)

Balasubramaniam Natarajan

Re: Snort on proxy (outbound alerts) Balasubramaniam Natarajan (Jan 18)
Re: Snort on proxy (outbound alerts) Balasubramaniam Natarajan (Jan 18)
Re: [Snort-sigs] Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Balasubramaniam Natarajan (Jan 19)

Bảo Gió

help snort 2.9.4 Bảo Gió (Mar 17)

Barry Weymes

More APT1 info that needs to be made into snort rules Barry Weymes (Mar 04)

beenph

Re: Snort and Barnyard2 beenph (Feb 07)
Re: Snort, Barnyard2 and Snorby alert classification mismatch beenph (Jan 16)
Re: Barnyard2 - Phantom cid/sid? beenph (Jan 24)
Re: Barnyard2 database failures beenph (Jan 02)
Re: Snort and Barnyard2 beenph (Feb 06)
Re: Syslog Help beenph (Mar 20)
Re: Snort Barnyard2 and Snorby alert classification beenph (Jan 19)
Re: Barnyard2 database failures beenph (Jan 06)
Re: Barnyard2 - Phantom cid/sid? beenph (Jan 24)
Re: Barnyard2 database failures beenph (Jan 04)
Re: Snort 2.9.4.0 on CentOS 5.8 beenph (Feb 21)
Re: Output: CSV and interface beenph (Mar 27)
Re: sid-msg.map beenph (Mar 14)
Re: Syslog Help beenph (Mar 19)
Re: Pcap filename from --pcap-dir? beenph (Jan 05)
Re: Pcap filename from --pcap-dir? beenph (Jan 05)
Re: Snort, Barnyard2 and Snorby alert classification mismatch beenph (Jan 16)
Re: Unified2 extra data beenph (Jan 03)

Bennett Todd

Re: deny default outbound (was Reverse shell) Bennett Todd (Mar 25)
Re: deny default outbound (was Reverse shell) Bennett Todd (Mar 25)

Ben Weber

Front-end Ben Weber (Feb 28)

Bhagya Bantwal

Re: Unified2 logging bug in snort 2.9.4 (Build 40) Bhagya Bantwal (Mar 13)
Re: Huge performance drop for Snort-2.9.4 Bhagya Bantwal (Feb 07)
Re: Hash function for ip 4-tuple Bhagya Bantwal (Feb 04)
Re: Snort only working on one side of traffic and no flow Bhagya Bantwal (Mar 15)
Re: Bug in stream5 global - prune_log_max <bytes> Bhagya Bantwal (Mar 13)

Bjoern Meier

Re: Fwd: Bjoern Meier (Jan 30)

Bobby Hinzman

Trying to understand file.exe flowbit Bobby Hinzman (Jan 11)

Bouchra Badri

Problem showing traffic on BASE Bouchra Badri (Feb 20)
Problem with Barnyard sending stuff to Mysql Bouchra Badri (Feb 18)

Brad Tilley

Re: unified2_extra_data Brad Tilley (Jan 11)
unified2_extra_data Brad Tilley (Jan 10)
Re: Patch to have unified2 outputs for multiple snort instances Brad Tilley (Feb 15)

Brad Turnbough

Fwd: Brad Turnbough (Jan 29)

Castle, Shane

Re: Rule set for non-intrusive events? Castle, Shane (Jan 09)
Re: Snort Alert[1:16482:8] Castle, Shane (Mar 26)
Re: deny default outbound (was Reverse shell) Castle, Shane (Mar 25)
Re: ICMP rule triggered by UDP packet Castle, Shane (Feb 05)
Re: Reverse shell Castle, Shane (Mar 25)

Chamila Garusinghe

Re: message Chamila Garusinghe (Mar 12)

Chinmay Mahata

Re: Snort Chinmay Mahata (Feb 05)
Non-root user for DAQ nfq Chinmay Mahata (Mar 18)
Re: [Snort-users] Restart snort inline without traffic loss? Chinmay Mahata (Feb 06)

Christopher Granger

Re: [Emerging-Sigs] Mandiant APT1 Report Christopher Granger (Feb 20)

Clement Chen

global threshold does not work on certain file-identity rules Clement Chen (Feb 20)

C. L. Martinez

Re: Rule download fails C. L. Martinez (Feb 25)
Re: Exists some problem to download rules?? C. L. Martinez (Mar 06)
Re: Exists some problem to download rules?? C. L. Martinez (Mar 06)
Errors updating snort rules this morning C. L. Martinez (Feb 25)
Daemonlogger is not available C. L. Martinez (Feb 21)
Exists some problem to download rules?? C. L. Martinez (Mar 06)

Craig Merchant

Re: CPU Affinity Craig Merchant (Jan 26)
Identify outbound SSH connections Craig Merchant (Jan 08)
Custom variables in rules and snort.conf Craig Merchant (Jan 14)
Best practices for setting HOME_NET Craig Merchant (Jan 10)
CPU Affinity Craig Merchant (Jan 25)

Dan Rossiter

Pulledpork Returning 403 on snortrules-snapshot Dan Rossiter (Feb 03)

Dave Corsello

Re: Barnyard2 database failures Dave Corsello (Jan 02)

David Cottam

Snort rules: TOR Servers David Cottam (Feb 07)
Snort rules: Anonymous Proxy David Cottam (Feb 07)

david molina

Snort 2.9.3 Error when starting Barnyard2 david molina (Feb 14)
Snort 2.9.3 Error when starting Barnyard2 david molina (Feb 14)
Snort Question david molina (Feb 13)

Dennis Lau

Enquiry Sourcefire VRT Rules Update Dennis Lau (Jan 19)

Dheeraj Gupta

Downloading Snort Rules - Registered User : Weird Behavior Dheeraj Gupta (Feb 14)
Compiling your own SO Rules Dheeraj Gupta (Jan 15)

Dhruv Desai

Re: DAQ installation error Dhruv Desai (Feb 12)
DAQ installation error Dhruv Desai (Feb 10)

Dmitry Korzhevin

Blocking ip's with snort blacklist Dmitry Korzhevin (Mar 26)
Re: Blocking ip's with snort blacklist Dmitry Korzhevin (Mar 26)

Document Retention

Default Snort Rules Document Retention (Feb 25)

Doug Burks

Re: Snort distributions Doug Burks (Mar 06)
Re: best suited linux distro for snort? Doug Burks (Mar 26)
Re: Front-end Doug Burks (Feb 28)
Re: New install questions. Doug Burks (Mar 06)

Dustin Webber

Re: Snort and IM Dustin Webber (Feb 18)
Re: Snort and IM Dustin Webber (Feb 18)
Re: Snort and IM Dustin Webber (Feb 18)
Re: SNORT Installed properly But not Logging alerts Dustin Webber (Feb 20)
Re: Snort and IM Dustin Webber (Feb 18)

Dustin Willis Webber

Re: Front-end Dustin Willis Webber (Feb 28)

Eddie Harari

DAQ documentation and DPDK Eddie Harari (Feb 26)

Edward Fjellskål

Re: Pcap filename from --pcap-dir? Edward Fjellskål (Jan 05)

elof

Unified2 logging bug in snort 2.9.4 (Build 40) elof (Mar 13)
Bad performance x 2 when using net.bpf.zerocopy_enable=1 on FreeBSD 9.1 elof (Feb 19)
Re: [Snort-devel] Bad performance x 2 when using net.bpf.zerocopy_enable=1 on FreeBSD 9.1 elof (Feb 20)
Re: Unified2 logging bug in snort 2.9.4 (Build 40) elof (Mar 15)
Bug in stream5 global - prune_log_max <bytes> elof (Mar 13)
Re: Snort alert file missing? elof (Mar 28)
Re: Bad performance x 2 when using net.bpf.zerocopy_enable=1 on FreeBSD 9.1 elof (Feb 21)
Re: Unified2 logging bug in snort elof (Mar 23)
Re: Unified2 logging bug in snort elof (Mar 19)
stream5 and track_icmp elof (Mar 13)
Recommended daq pcap bpf buffer size? elof (Feb 19)

Eoin Miller

Re: Rule set for non-intrusive events? Eoin Miller (Jan 09)
Barnyard2 - Phantom cid/sid? Eoin Miller (Jan 24)
Re: Barnyard2 - Phantom cid/sid? Eoin Miller (Jan 24)

Eric G

Re: Fwd: Eric G (Jan 29)
BPF filter syntax Eric G (Feb 28)
Re: NIDS in the Cloud (was: Snort on Amazon EC2) Eric G (Jan 26)

Erik D. Sciortino

Re: Snort not collecting data after installing pulledpork and running rules update Erik D. Sciortino (Feb 13)
Re: Snort not collecting data after installing pulledpork and running rules update Erik D. Sciortino (Feb 13)
Snort not collecting data after installing pulledpork and running rules update Erik D. Sciortino (Feb 12)
New install of Snort on Windows 2008 Erik D. Sciortino (Feb 06)
Re: Snort not collecting data after installing pulledpork and running rules update Erik D. Sciortino (Feb 13)
Re: New install of Snort on Windows 2008 Erik D. Sciortino (Feb 06)
Re: Snort not collecting data after installing pulledpork and running rules update Erik D. Sciortino (Feb 13)
Whitelisting Erik D. Sciortino (Feb 07)

Federico Carbonell

Snort Barnyard2 and Snorby alert classification Federico Carbonell (Jan 19)

GABRIEL OLADIPUPO

How To Use Snort As An IDS GABRIEL OLADIPUPO (Mar 04)

Gaißer , Carmen

malware-cnc.rules Gaißer , Carmen (Feb 11)

Giles Coochey

Re: Way to generate alerts? Giles Coochey (Jan 17)

giulia603 () virgilio it

Creating a PostgreSQL database for snort on Debian system giulia603 () virgilio it (Jan 21)

Greg Martin

Snort Greg Martin (Mar 29)

Gregory Pendergast

Re: botnets Gregory Pendergast (Mar 24)
Problem with sensitive-data:email addresses rule Gregory Pendergast (Mar 30)

Gregory S Thomas

Re: Bug in stream5 global - prune_log_max <bytes> Gregory S Thomas (Mar 13)
stream5 prune_log_max fix Gregory S Thomas (Feb 19)
config files for 2.9.4.1 Gregory S Thomas (Mar 12)

Gregory W. MacPherson

Re: New install questions. Gregory W. MacPherson (Mar 11)
Re: best suited linux distro for snort? Gregory W. MacPherson (Mar 26)

Greg Taylor-Broun

Snort on Amazon EC2 Greg Taylor-Broun (Jan 25)

Greg Williams

Re: Snort with Kiwi Sys Log Greg Williams (Mar 11)
Re: New install questions. Greg Williams (Mar 07)
Re: New install questions. Greg Williams (Mar 06)
Re: Real Time Alert and Variables Greg Williams (Jan 27)
Re: Real Time Alert and Variables Greg Williams (Jan 27)
Re: Real Time Alert and Variables Greg Williams (Jan 27)
Re: Recommended hardware for running snort in packet logging mode on home network proxy? Greg Williams (Mar 23)

Guido Hungerbuehler

Patch to have unified2 outputs for multiple snort instances Guido Hungerbuehler (Feb 14)
Rule download fails Guido Hungerbuehler (Feb 25)

Hafez Kamal

[HITB-Announce] #HITB2013AMS FINAL CALL for Paper Submissions Hafez Kamal (Jan 31)
[HITB-Announce] REMINDER: #HITB2013AMS Call for Papers Closes 8th Feb Hafez Kamal (Jan 21)

Hamid Ghanbari

snort rules to detect user and software trespass Hamid Ghanbari (Feb 20)

hanx hi

Snort, Barnyard2 and Snorby alert classification mismatch hanx hi (Jan 16)
Re: Snort, Barnyard2 and Snorby alert classification mismatch hanx hi (Jan 16)

Harley H

Snort only working on one side of traffic and no flow Harley H (Mar 14)

Heine Lysemose

Re: HTTP Filtering using Snort Heine Lysemose (Jan 14)
Re: help snort 2.9.4 Heine Lysemose (Mar 18)
Re: Test traffic Heine Lysemose (Feb 19)
Re: Way to generate alerts? Heine Lysemose (Jan 10)
Re: general questions Heine Lysemose (Mar 29)
Re: New install questions. Heine Lysemose (Mar 06)
Re: 403 error :( Heine Lysemose (Mar 18)
Re: Restart snort inline without traffic loss? Heine Lysemose (Feb 05)
Re: Snort distributions Heine Lysemose (Mar 05)

Henrique Santos

Problem accessing telnet data Henrique Santos (Jan 09)

honeybadger

Rule port question honeybadger (Jan 02)
Using a var in the conf and local rules honeybadger (Feb 25)

HORNER, LARRY J

Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address: HORNER, LARRY J (Feb 27)

Howie

Install Howie (Feb 13)

Hui Cao

Re: Optimized implementation of AC and AC_Q pattern matching algorithms Hui Cao (Jan 26)
Re: Snort Processes randonly dies Hui Cao (Mar 04)
Re: Value of max_gzip_mem listed in documentation Hui Cao (Jan 23)
Re: [Snort-devel] DAQ complaint. Unable to build snort snort-2.9.4 Hui Cao (Jan 25)
Re: DPX starter kit installation Hui Cao (Jan 22)
Re: Snort Processes randonly dies Hui Cao (Mar 04)
Re: [PATCH] DAQ IPFW module packet injection fix Hui Cao (Feb 26)
Re: Snort Processes randonly dies Hui Cao (Mar 01)
Re: About make command error Hui Cao (Mar 01)
Re: DPX starter kit installation Hui Cao (Jan 22)

immanuel

Snort Block rules download for IPS mode immanuel (Jan 23)
Re: Snort Block rules download for IPS mode immanuel (Jan 27)
Snort 2.9.4 installation in inline mode immanuel (Jan 09)

jacki buddy

Fwd: jacki buddy (Jan 13)

Jaime Nebrera

Re: Snort distributions Jaime Nebrera (Mar 07)
Re: Snort distributions Jaime Nebrera (Mar 06)
Re: Does Snort support country blocking Jaime Nebrera (Mar 06)
Re: Snort distributions Jaime Nebrera (Mar 06)

James

DNS Query for .su TLD (Soviet Union) James (Mar 04)

James Lay

Re: Rule assist James Lay (Mar 12)
Re: MiniDuke sigs? James Lay (Mar 01)
Re: Snort Alert[1:16482:8] James Lay (Mar 26)
Rule assist James Lay (Mar 12)
Re: Quick and dirty James Lay (Jan 30)
Funky packets James Lay (Mar 05)
Re: Still trying to build this box James Lay (Mar 12)
Good Snort Writing Post James Lay (Feb 19)
MiniDuke sigs? James Lay (Mar 01)
Mandiant APT1 Report James Lay (Feb 19)
Re: Snort and IM James Lay (Feb 18)
Re: Quick and dirty James Lay (Jan 30)
Re: no IDS logs from snort James Lay (Mar 07)
Quick and dirty James Lay (Jan 30)
Re: Quick and dirty James Lay (Jan 30)
Re: help add rule while snort is running James Lay (Mar 01)

Jamie Riden

Re: Snort rule for a pattern match? Jamie Riden (Mar 26)
Re: UNSUBSCRIBE Jamie Riden (Jan 28)
Re: Reverse shell Jamie Riden (Mar 25)
Re: IPS packet reject handling doesn't work as expected Jamie Riden (Jan 26)

Jason

Re: Install Snort 2.9 on Mac OSX (Lion) Jason (Feb 11)
Re: question for snort flow established Jason (Mar 18)
Re: Persistent problems with rule updates for Registerd Users Jason (Jan 03)

Jason Haar

NIDS in the Cloud (was: Snort on Amazon EC2) Jason Haar (Jan 25)

Jason Ish

Re: SNORT openflow Jason Ish (Jan 13)

Jason Wallace

Re: newbie question about pass and alert directive Jason Wallace (Feb 22)
Re: Snort on proxy (outbound alerts) Jason Wallace (Jan 18)
Re: Snort on proxy (outbound alerts) Jason Wallace (Jan 18)
Re: Test traffic Jason Wallace (Feb 19)
Re: Snort on proxy (outbound alerts) Jason Wallace (Jan 18)

Jefferson, Shawn

Re: Integrating ClamAv into Snort Jefferson, Shawn (Feb 12)
Re: Use dyndns to ignore my ip Jefferson, Shawn (Feb 15)
Re: Integrating ClamAv into Snort Jefferson, Shawn (Feb 12)
Re: Virtual Machines and Hypervisors Jefferson, Shawn (Jan 29)

Jeff Jarmoc

Re: Fwd: Jeff Jarmoc (Jan 29)

Jeff Kell

Re: Public Blacklist usage? Jeff Kell (Feb 25)
Re: Persistent problems with rule updates for Registerd Users Jeff Kell (Jan 04)
Re: Persistent problems with rule updates for Registerd Users Jeff Kell (Jan 03)
Re: Persistent problems with rule updates for Registerd Users Jeff Kell (Jan 04)

Jeffrey Stebelton

Quick question about byte_test Jeffrey Stebelton (Feb 12)

Jeremy Golden

Help With Assignment Jeremy Golden (Feb 20)
Snort Noob Question Jeremy Golden (Feb 14)
Snort Question Jeremy Golden (Feb 28)
Creating Your Own Snort Rule? Jeremy Golden (Mar 12)
Snort with Kiwi Sys Log Jeremy Golden (Mar 11)

Jeremy Hoel

Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: Integrating ClamAv into Snort Jeremy Hoel (Feb 12)
Re: Restart snort inline without traffic loss? Jeremy Hoel (Feb 08)
Re: rule creation Jeremy Hoel (Mar 13)
Re: Creating Your Own Snort Rule? Jeremy Hoel (Mar 12)
Re: Blocking ip's with snort blacklist Jeremy Hoel (Mar 26)
Re: Logging - A easy way ? Jeremy Hoel (Mar 25)
Re: Testing Snort Jeremy Hoel (Jan 31)
Re: Rule question.. SID 1:1000103 Jeremy Hoel (Mar 13)
Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
Re: general questions Jeremy Hoel (Mar 30)
Re: sid-msg.map Jeremy Hoel (Mar 14)
Re: general questions Jeremy Hoel (Mar 29)
Re: Whitelisting Jeremy Hoel (Feb 07)
Re: BASE 100% TCP ? Jeremy Hoel (Mar 12)
Re: general questions Jeremy Hoel (Mar 29)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: best suited distro for snort? Jeremy Hoel (Mar 27)
Re: Logging - A easy way ? Jeremy Hoel (Mar 27)
Re: Snort and SQL on PFsense Jeremy Hoel (Feb 01)
Re: Testing Snort Jeremy Hoel (Jan 30)
Re: Pass rules - no effect/not working Jeremy Hoel (Jan 27)
Re: Testing Snort Jeremy Hoel (Jan 30)
Re: best suited linux distro for snort? Jeremy Hoel (Mar 26)
Rule question.. SID 1:1000103 Jeremy Hoel (Mar 13)
Re: Snort and SQL on PFsense Jeremy Hoel (Jan 31)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: best suited linux distro for snort? Jeremy Hoel (Mar 26)
Re: general questions Jeremy Hoel (Mar 29)
Re: Need help with byte_test Jeremy Hoel (Feb 12)
Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
Re: Best practices for setting HOME_NET Jeremy Hoel (Jan 11)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: Snort and SQL database Jeremy Hoel (Feb 01)
Re: Real Time Alert and Variables Jeremy Hoel (Feb 07)
Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
Re: Testing Snort Jeremy Hoel (Jan 30)
Re: Snort and SQL database Jeremy Hoel (Feb 01)
Re: Logging - A easy way ? Jeremy Hoel (Mar 25)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: Snort and Proxmox Jeremy Hoel (Jan 28)
Re: Logging - A easy way ? Jeremy Hoel (Mar 26)

Jeronimo L. Cabral

Snort sending mail with alerts in real-time Jeronimo L. Cabral (Mar 05)

Jessica B

Install Snort 2.9 on Mac OSX (Lion) Jessica B (Feb 11)

J. H

Re: Snort on proxy (outbound alerts) J. H (Jan 18)

Jim Turner

Re: Still trying to build this box Jim Turner (Mar 12)
Re: Still trying to build this box Jim Turner (Mar 12)
Error app-detect.rules (18) Unknown ClassType: Jim Turner (Mar 11)
Re: Still trying to build this box Jim Turner (Mar 12)
startup error on with blacklist rules Jim Turner (Mar 11)
Re: Error app-detect.rules (18) Unknown ClassType: Jim Turner (Mar 11)
Still trying to build this box Jim Turner (Mar 12)
PCAP and Snort for Windows Jim Turner (Mar 12)
Error initializing rule chains Jim Turner (Mar 09)
Re: startup error on with blacklist rules Jim Turner (Mar 11)

JJC

Re: Writing a "not" snort rule JJC (Mar 19)
Re: rule creation JJC (Mar 13)
Re: Testing Snort functionality, or, how do I know if Snort really works? JJC (Mar 06)
Re: About Snort Inline JJC (Mar 19)
Re: Testing Snort JJC (Jan 31)
Re: problems in snort installing. JJC (Mar 18)
Re: Snort not collecting data after installing pulledpork and running rules update JJC (Feb 12)
Re: Does Snort support country blocking JJC (Mar 06)
Re: Does Snort support country blocking JJC (Mar 06)
Re: Testing Snort functionality, or, how do I know if Snort really works? JJC (Mar 06)
Re: Rule port question JJC (Jan 02)
Re: Does Snort support country blocking JJC (Mar 06)
Re: Using pulled pork to change rule state from alert to drop for a policy type JJC (Mar 25)
Re: PulledPork New Snort Categories JJC (Mar 07)
Re: UDP on port 6667 JJC (Mar 07)
Re: problems in snort installing. JJC (Mar 19)

JJ Cummings

Re: rule creation JJ Cummings (Mar 13)
Re: Snort and IM JJ Cummings (Feb 18)
Re: Pulledpork Returning 403 on snortrules-snapshot JJ Cummings (Feb 03)
Re: question for snort flow established JJ Cummings (Mar 18)
Re: PulledPork not processing JJ Cummings (Feb 10)
Re: PulledPork not processing JJ Cummings (Feb 10)
Re: Using a var in the conf and local rules JJ Cummings (Feb 25)

J MCN

snort logging issue J MCN (Feb 13)

Joao Daniel Neves

Re: Logging - A easy way ? Joao Daniel Neves (Mar 26)
Re: Logging - A easy way ? Joao Daniel Neves (Mar 27)
Logging - A easy way ? Joao Daniel Neves (Mar 25)
Re: BASE 100% TCP ? Joao Daniel Neves (Mar 13)
Re: Logging - A easy way ? Joao Daniel Neves (Mar 25)
BASE 100% TCP ? Joao Daniel Neves (Mar 12)

Joel Esler

Re: Blocking ip's with snort blacklist Joel Esler (Mar 26)
Re: Unable to access Ruleset of 21 March Joel Esler (Mar 24)
Re: problems in snort installing. Joel Esler (Mar 19)
Re: Snort not collecting data after installing pulledpork and running rules update Joel Esler (Feb 12)
Re: (no subject) Joel Esler (Jan 12)
Re: Is Ipv6 Support in Snort Complete ? Joel Esler (Mar 13)
Re: Pulledpork Returning 403 on snortrules-snapshot Joel Esler (Feb 03)
Re: Blocking ip's with snort blacklist Joel Esler (Mar 26)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 04)
Re: Error app-detect.rules (18) Unknown ClassType: Joel Esler (Mar 12)
Snort.org Blog: The Sourcefire VRT Community ruleset is live! Joel Esler (Mar 27)
Re: PulledPork not processing Joel Esler (Feb 10)
Re: Exists some problem to download rules?? Joel Esler (Mar 06)
Re: Best practices for setting HOME_NET Joel Esler (Jan 11)
Re: Daemonlogger is not available Joel Esler (Feb 21)
Re: Add Data Into New Tables Joel Esler (Mar 05)
Re: Snort and buffering of packets Joel Esler (Jan 19)
Re: Snort 2.9.4 and libsf_engine.so Joel Esler (Jan 19)
Re: Integrating ClamAv into Snort Joel Esler (Feb 12)
Re: var or ipvar? Joel Esler (Jan 28)
Re: botnets Joel Esler (Mar 22)
Re: Rule download fails Joel Esler (Feb 25)
Re: Fwd: Joel Esler (Jan 29)
Re: snort ip change breaks detection Joel Esler (Feb 28)
Re: var or ipvar? Joel Esler (Jan 28)
Re: 403 error :( Joel Esler (Mar 19)
Re: snort and http_inspect Joel Esler (Feb 27)
Re: Snort Block rules download for IPS mode Joel Esler (Jan 24)
Re: Hardware Requirement for Snort NIDS/NIPS Engine Joel Esler (Mar 18)
Re: Snort rule for a pattern match? Joel Esler (Mar 27)
Re: Recent changes to SNORT 2.9.4.0 rulesets regarding PCRE syntax. Joel Esler (Feb 21)
Re: problems in snort installing. Joel Esler (Mar 19)
Re: Need help with byte_test Joel Esler (Feb 12)
Re: Snort rules problem Joel Esler (Mar 08)
Re: Integrating ClamAv into Snort Joel Esler (Feb 13)
Re: Downloading Snort Rules - Registered User : Weird Behavior Joel Esler (Feb 14)
Re: PCAP and Snort for Windows Joel Esler (Mar 12)
Re: startup error on with blacklist rules Joel Esler (Mar 11)
Re: Way to generate alerts? Joel Esler (Jan 17)
Re: New install of Snort on Windows 2008 Joel Esler (Feb 06)
Re: Community Ruleset Clarification Joel Esler (Mar 30)
Re: Java vulnerability detection Joel Esler (Jan 22)
Re: Snort Rules Joel Esler (Mar 24)
Re: best suited linux distro for snort? Joel Esler (Mar 26)
Re: Unknown ClassType: trojan-activity Joel Esler (Jan 14)
Re: Default Snort Rules Joel Esler (Feb 25)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 04)
Re: stream5 and track_icmp Joel Esler (Mar 16)
Re: snort and http_inspect Joel Esler (Feb 26)
Re: Exists some problem to download rules?? Joel Esler (Mar 06)
Re: New install questions. Joel Esler (Mar 06)
Re: sid-msg.map Joel Esler (Mar 19)
Re: incorrect FDDI test in decode.c leads to reading uninitialized fields Joel Esler (Jan 15)
Re: Snort on proxy (outbound alerts) Joel Esler (Jan 18)
Re: Segmentation Fault After Rule Update Joel Esler (Mar 14)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 04)
Re: Custom variables in rules and snort.conf Joel Esler (Jan 14)
Re: Using pulled pork to change rule state from alert to drop for a policy type Joel Esler (Mar 24)
Re: Snort rules: Anonymous Proxy Joel Esler (Feb 09)
Re: Snort rules: TOR Servers Joel Esler (Feb 07)
Re: Snort and IM Joel Esler (Feb 18)
Re: Mandiant APT1 Report Joel Esler (Feb 19)
Re: Quick and dirty Joel Esler (Jan 30)
Re: PP and community rules Joel Esler (Mar 28)
Re: Recent changes to SNORT 2.9.4.0 rulesets regarding PCRE syntax. Joel Esler (Feb 20)
Re: Snort not collecting data after installing pulledpork and running rules update Joel Esler (Feb 13)
Re: Exists some problem to download rules?? Joel Esler (Mar 06)
Re: best suited linux distro for snort? Joel Esler (Mar 26)
Re: (no subject) Joel Esler (Jan 30)
Re: Public Blacklist usage? Joel Esler (Feb 25)
Re: Front-end Joel Esler (Mar 01)
Re: Need help in snort rule Joel Esler (Jan 30)
Re: 403 Error when attempting to pull rules using Pulled-Pork Joel Esler (Feb 20)
Re: PulledPork New Snort Categories Joel Esler (Mar 07)
Re: config files for 2.9.4.1 Joel Esler (Mar 12)
Re: CPU and RAM planning tool Joel Esler (Mar 10)
Re: Assistance registering on snort.org - confirmation mail was refused by my server Joel Esler (Feb 22)
Re: Enquiry Sourcefire VRT Rules Update Joel Esler (Jan 21)
Re: Integrating ClamAv into Snort Joel Esler (Feb 13)
Re: problems in snort installing. Joel Esler (Mar 19)
Re: Snort, SCADA and DigitalBond Joel Esler (Mar 05)
Re: More APT1 info that needs to be made into snort rules Joel Esler (Mar 04)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 04)
Re: Syslog Help Joel Esler (Mar 18)
Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Joel Esler (Jan 17)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 04)
Re: Optimized implementation of AC and AC_Q pattern matching algorithms Joel Esler (Jan 26)
Re: Daemonlogger is not available Joel Esler (Feb 21)
Re: Using a var in the conf and local rules Joel Esler (Feb 25)
Re: Unknown ClassType: trojan-activity Joel Esler (Jan 14)
Re: Updates Joel Esler (Feb 10)
Re: Monitor the transfer of files on Skype or other messaging software. Joel Esler (Mar 05)
Re: Automatically decoding of Teredo traffic Joel Esler (Mar 20)
Re: Fw: problems in snort installing. Joel Esler (Mar 19)
Re: Snort and my VLANs Joel Esler (Feb 15)
Re: Rule assist Joel Esler (Mar 12)
Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
Re: Need help with byte_test Joel Esler (Feb 12)
Re: Trying to understand file.exe flowbit Joel Esler (Jan 11)
Re: [Emerging-Sigs] Touched by a proxy: thoughts on urilen? Joel Esler (Feb 25)
Re: Integrating ClamAv into Snort Joel Esler (Feb 12)
Re: PulledPork not processing Joel Esler (Feb 10)
Re: Rule Snort Ping Flood Joel Esler (Mar 11)
Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
Re: Snort rule for a pattern match? Joel Esler (Mar 26)
Re: Testing Snort Joel Esler (Jan 30)
Re: Best practices for setting HOME_NET Joel Esler (Jan 11)
Re: MiniDuke sigs? Joel Esler (Mar 01)
Re: Barnyard2 schema Joel Esler (Feb 04)
Re: Fw: problems in snort installing. Joel Esler (Mar 19)
Re: Database sizing and tuning Joel Esler (Jan 11)
Re: Error Joel Esler (Feb 26)
Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
Re: Restart snort inline without traffic loss? Joel Esler (Feb 08)
Re: BPF filter syntax Joel Esler (Mar 01)
Re: Restart snort inline without traffic loss? Joel Esler (Feb 07)
Re: Help with a rule Joel Esler (Jan 19)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 03)
Re: Using a var in the conf and local rules Joel Esler (Feb 25)
Re: Snort alert file missing? Joel Esler (Mar 28)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 03)
Re: problems in snort installing. Joel Esler (Mar 19)
Snort.org Blog: VRT Rule License Change v2.0 Joel Esler (Mar 22)
Re: Easy way to output alert and Hex+ASCII pcap data? Joel Esler (Mar 18)
Re: HA feature available for Snort NIDS/NIPS Engine Joel Esler (Mar 18)
Re: [Emerging-Sigs] http preprocessor issue (help!) Joel Esler (Feb 10)
Re: Snort not collecting data after installing pulledpork and running rules update Joel Esler (Feb 13)
Re: Need help: a custom snort signature that will detect attachments (inbound + outbound) Joel Esler (Jan 25)
Vendor Disclosure and plugging Joel Esler (Mar 06)
Re: var or ipvar? Joel Esler (Jan 28)
Re: Automatically decoding of Teredo traffic Joel Esler (Mar 26)
Re: Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz Joel Esler (Mar 22)
Re: no IDS logs from snort Joel Esler (Mar 11)
Re: [Emerging-Sigs] http preprocessor issue (help!) Joel Esler (Feb 10)
Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Joel Esler (Jan 16)
Re: Segmentation Fault After Rule Update Joel Esler (Mar 14)
Re: question for snort flow established Joel Esler (Mar 18)
Re: Alarm rule specific to a network session Joel Esler (Mar 22)
Re: question for snort flow established Joel Esler (Mar 18)
Re: Public Blacklist usage? Joel Esler (Feb 25)
Re: Testing Snort Joel Esler (Jan 30)
Re: [Emerging-Sigs] http preprocessor issue (help!) Joel Esler (Feb 10)
Re: Snort distributions Joel Esler (Mar 06)
Re: IPS packet reject handling doesn't work as expected Joel Esler (Jan 26)
Re: Snort and buffering of packets Joel Esler (Jan 24)
Re: Running Snort from User Account Joel Esler (Mar 04)
Re: Mis-Matching traffic with PCRE Rules Joel Esler (Mar 08)
Re: Real Time Alert and Variables Joel Esler (Feb 06)
Re: Best practices for setting HOME_NET Joel Esler (Jan 11)
Re: Explanation of Rule 1:19189:4 Joel Esler (Jan 29)
Re: Persistent problems with rule updates for Registerd Users Joel Esler (Jan 04)
Re: Snort doesn't write unified2 files as expected Joel Esler (Mar 01)
Re: Virtual Machines and Hypervisors Joel Esler (Jan 29)
Re: snort.conf has been deleted Joel Esler (Mar 11)
Re: bug in sfutil/sfrt.c Joel Esler (Mar 15)
Re: 403 Error when attempting to pull rules using Pulled-Pork Joel Esler (Feb 20)

Joe Seanor

Upgraded snort.conf and no bpf? Joe Seanor (Jan 05)

John Ives

Re: Rule set for non-intrusive events? John Ives (Jan 09)

John Michael Kane

Recommended hardware for running snort in packet logging mode on home network proxy? John Michael Kane (Mar 22)

Johnny Venter

Re: Problem with output file Johnny Venter (Feb 22)
sid-msg.map Johnny Venter (Mar 14)

johnny.venter

Re: sid-msg.map johnny.venter (Mar 19)
Re: preprocessor sfportscan does not generate alerts johnny.venter (Feb 25)

John York

Re: botnets John York (Mar 22)
configure options for 2.9.4 John York (Feb 15)

Jon M

Re: Snort distributions Jon M (Mar 06)

Josh Bitto

Re: network interface Josh Bitto (Feb 19)
Re: Snort and Barnyard2 Josh Bitto (Feb 06)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Snort Rules Josh Bitto (Mar 24)
Re: Snort and SQL on PFsense Josh Bitto (Feb 01)
Re: Testing Snort Josh Bitto (Jan 30)
Re: Snort and my VLANs Josh Bitto (Feb 14)
Re: Snort CPU usage Josh Bitto (Feb 18)
WAN and LAN interfaces Josh Bitto (Feb 12)
Re: Snort and SQL on PFsense Josh Bitto (Feb 01)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Re: About Snort installation Josh Bitto (Feb 04)
Re: Snort and IM Josh Bitto (Feb 18)
Snort and SQL on PFsense Josh Bitto (Jan 31)
Re: Snort and IM Josh Bitto (Feb 18)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Re: WAN and LAN interfaces Josh Bitto (Feb 12)
Re: Testing Snort Josh Bitto (Jan 30)
Snort and Proxmox Josh Bitto (Jan 28)
Updates Josh Bitto (Feb 07)
Re: Testing Snort Josh Bitto (Jan 30)
Re: Snort and IM Josh Bitto (Feb 18)
Re: Testing Snort Josh Bitto (Jan 30)
Re: Snort and Proxmox Josh Bitto (Jan 29)
Re: Snort CPU usage Josh Bitto (Feb 19)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Re: Snort and IM Josh Bitto (Feb 18)
Re: Test traffic Josh Bitto (Feb 19)
Re: Snort and Barnyard2 Josh Bitto (Feb 07)
Re: WAN and LAN interfaces Josh Bitto (Feb 12)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Re: Snort CPU usage Josh Bitto (Feb 19)
Snort and IM Josh Bitto (Feb 18)
Re: Snort and my VLANs Josh Bitto (Feb 15)
Re: Snort and Barnyard2 Josh Bitto (Feb 06)
Re: Snort and SQL on PFsense Josh Bitto (Feb 01)
Re: Snort and Barnyard2 Josh Bitto (Feb 06)
Re: Snort and Barnyard2 Josh Bitto (Feb 07)
Snort CPU usage Josh Bitto (Feb 18)
Re: Snort and IM Josh Bitto (Feb 18)
Re: Snort and Barnyard2 Josh Bitto (Feb 07)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Re: Snort and SQL database Josh Bitto (Feb 01)
Re: Snort and Barnyard2 Josh Bitto (Feb 07)
Snort and my VLANs Josh Bitto (Feb 14)
Re: Snort and my VLANs Josh Bitto (Feb 14)
Snort and Barnyard2 Josh Bitto (Feb 06)
Re: Snort and Barnyard2 Josh Bitto (Feb 07)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Testing Snort Josh Bitto (Jan 30)
Snort and SQL database Josh Bitto (Feb 01)
Re: Snort and Proxmox Josh Bitto (Jan 28)
Re: Snort and IM Josh Bitto (Feb 18)
Barnyard2 schema Josh Bitto (Feb 04)
Re: Testing Snort Josh Bitto (Jan 30)

Joshua Kinard

[PATCH]: Add Nonce Sum bit to 'flags' Joshua Kinard (Jan 26)
Re: Mis-Matching traffic with PCRE Rules Joshua Kinard (Mar 08)

Juan Camilo Valencia

Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)
Signature for bridging protocols Juan Camilo Valencia (Mar 10)
Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 29)
Signature for bridging protocols Juan Camilo Valencia (Mar 07)
Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 29)
Re: Virtual Machines and Hypervisors Juan Camilo Valencia (Jan 30)

Justin

Re: Real Time Alert and Variables Justin (Jan 31)

Justin Knox

Re: Testing Snort Justin Knox (Jan 30)
Re: Snort 2.9.4 and libsf_engine.so Justin Knox (Jan 19)
Re: PulledPork New Snort Categories Justin Knox (Mar 07)

Kaushal Shriyan

Re: Snort 2.9.4.0 on CentOS 5.8 Kaushal Shriyan (Feb 12)
Re: Snort 2.9.4.0 on CentOS 5.8 Kaushal Shriyan (Feb 12)
HA feature available for Snort NIDS/NIPS Engine Kaushal Shriyan (Mar 18)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
Snort 2.9.4.0 on CentOS 5.8 Kaushal Shriyan (Feb 12)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 21)
Re: Snort 2.9.4.0 on CentOS 5.8 Kaushal Shriyan (Feb 21)
Hardware Requirement for Snort NIDS/NIPS Engine Kaushal Shriyan (Mar 18)

Kee, Scott

Re: Snort Alert[1:16482:8] Kee, Scott (Mar 26)
Re: Snort Alert[1:16482:8] Kee, Scott (Mar 27)
Snort Alert[1:16482:8] Kee, Scott (Mar 26)

Kern, Daniel P. x1449

ICMP rule triggered by UDP packet Kern, Daniel P. x1449 (Feb 05)
Re: ICMP rule triggered by UDP packet Kern, Daniel P. x1449 (Feb 06)

Kevin Ross

Re: Best practices for setting HOME_NET Kevin Ross (Jan 11)
Re: HA feature available for Snort NIDS/NIPS Engine Kevin Ross (Mar 18)
Re: Use dyndns to ignore my ip Kevin Ross (Feb 15)
Syslog Help Kevin Ross (Mar 18)
Re: [Emerging-Sigs] Creating Potential DOS HTTP sig Kevin Ross (Jan 20)
Re: Syslog Help Kevin Ross (Mar 18)
Re: Syslog Help Kevin Ross (Mar 20)

Kevin Thomas

Re: no IDS logs from snort Kevin Thomas (Mar 11)
no IDS logs from snort Kevin Thomas (Mar 06)
Re: no IDS logs from snort Kevin Thomas (Mar 11)
Re: no IDS logs from snort Kevin Thomas (Mar 08)

Kiryukhin Andrey

Re: Hash function for ip 4-tuple Kiryukhin Andrey (Feb 04)

Knut Borg

Snort and buffering of packets Knut Borg (Jan 19)
Alarm rule specific to a network session Knut Borg (Mar 22)
Re: Snort and buffering of packets Knut Borg (Jan 24)

Kungu Panda

Juniper vulnerability signature coverage? Kungu Panda (Feb 05)

Kurt Jensen CISSP

Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz Kurt Jensen CISSP (Mar 22)
Re: Snort Rules Kurt Jensen CISSP (Mar 26)
Re: Errors installing SNORT 2.9 to SuSE Linux 12.2 - rpm or tar.gz Kurt Jensen CISSP (Mar 23)

L0rd Ch0de1m0rt

Re: Automatically decoding of Teredo traffic L0rd Ch0de1m0rt (Mar 26)
Re: Automatically decoding of Teredo traffic L0rd Ch0de1m0rt (Mar 20)
Re: [Emerging-Sigs] Touched by a proxy: thoughts on urilen? L0rd Ch0de1m0rt (Feb 26)
Re: Automatically decoding of Teredo traffic L0rd Ch0de1m0rt (Mar 29)
Re: Automatically decoding of Teredo traffic L0rd Ch0de1m0rt (Mar 20)
Re: Automatically decoding of Teredo traffic L0rd Ch0de1m0rt (Mar 19)

Lawrence Teo

[PATCH] Allow Snort to run as non-root with IPFW DAQ Lawrence Teo (Mar 05)
[PATCH] DAQ IPFW module packet injection fix Lawrence Teo (Feb 25)
Re: Can't start DAQ (-1) - ipfw_daq_start: can't create divert socket Lawrence Teo (Mar 08)

Lay, James

Re: Snort rule for a pattern match? Lay, James (Mar 26)
Re: Snort rule for a pattern match? Lay, James (Mar 27)
PP and community rules Lay, James (Mar 28)
Re: Using a var in the conf and local rules Lay, James (Feb 25)
Re: Using a var in the conf and local rules Lay, James (Feb 25)
Re: PP and community rules Lay, James (Mar 28)
Re: Real Time Alert and Variables Lay, James (Feb 07)

Leonardo Pezente

rule creation Leonardo Pezente (Mar 13)

lists () packetmail net

Re: Rules across tcp headers & http headers/payload lists () packetmail net (Mar 04)
Re: Snort.org Blog: VRT Rule License Change v2.0 lists () packetmail net (Mar 22)
Re: Any signtures snort or emerging for these threats? lists () packetmail net (Mar 28)
Re: Snort rule for a pattern match? lists () packetmail net (Mar 27)
Re: (no subject) lists () packetmail net (Mar 25)
Re: UDP on port 6667 lists () packetmail net (Mar 07)
Re: Rules across tcp headers & http headers/payload lists () packetmail net (Mar 05)
Re: Quick and dirty lists () packetmail net (Jan 30)
Re: Snort rule for a pattern match? lists () packetmail net (Mar 27)
Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. lists () packetmail net (Jan 26)

Livio Ricciulli

Re: botnets Livio Ricciulli (Mar 21)
Re: botnets Livio Ricciulli (Mar 22)
Re: Snort distributions Livio Ricciulli (Mar 06)
Re: CPU Affinity Livio Ricciulli (Jan 27)
Re: CPU Affinity Livio Ricciulli (Jan 25)
Re: NIDS in the Cloud Livio Ricciulli (Jan 25)

Lukas Matt

IPS packet reject handling doesn't work as expected Lukas Matt (Jan 26)

Lutfi ODUNCUOGLU

ERROR: Failed to initialize dynamic preprocessor: SF_GTP (IPV6) version 1.1.1 (-2) Lutfi ODUNCUOGLU (Feb 05)

manel affi

help me manel affi (Mar 12)

Maple Thorpe

snort-2.9.4.1 startup message: Can't start DAQ (-1) .. Fatal Error, Quitting.. Maple Thorpe (Mar 29)

Marc Belanger

Re: preprocessor sfportscan does not generate alerts Marc Belanger (Feb 18)
preprocessor sfportscan does not generate alerts Marc Belanger (Feb 15)

Marcio Merlone

Assistance registering on snort.org - confirmation mail was refused by my server Marcio Merlone (Feb 22)

Mario Lupino

Snort doesn't write unified2 files as expected Mario Lupino (Mar 01)

Mark W. Jeanmougin

Re: User add in centOs Mark W. Jeanmougin (Mar 29)

Martin Holste

Re: Real Time Alert and Variables Martin Holste (Feb 11)

Martins Sapats

Snort Pattern alghoritm Martins Sapats (Jan 26)

Mārtiņš Sapats

Snort Pattern alghoritm Mārtiņš Sapats (Jan 19)

Matthew Van Gent

Way to generate alerts? Matthew Van Gent (Jan 10)
Re: Way to generate alerts? Matthew Van Gent (Jan 10)

Maverick

decoderActionQ Maverick (Jan 09)

Mayur Patil

About Snort installation Mayur Patil (Feb 04)
About make command error Mayur Patil (Feb 28)
About DAQ error Mayur Patil (Mar 25)
About Snort GUI report:Just missed the result Mayur Patil (Feb 09)
About IDS package Mayur Patil (Jan 20)
Re: About make command error Mayur Patil (Mar 01)
About Snort installation Mayur Patil (Feb 03)
Re: About make command error Mayur Patil (Mar 02)
Re: Snort Rules Mayur Patil (Mar 24)
About Snort installation Mayur Patil (Feb 04)
Re: About make command error Mayur Patil (Mar 01)

Michael Bower

Help with a rule Michael Bower (Jan 19)

Michael Brown

formatting of variables Michael Brown (Feb 04)

Michael D. Wood

Re: Snort Michael D. Wood (Mar 29)

Michael J Wise

Re: Running Snort from User Account Michael J Wise (Mar 04)

Michael Steele

Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 04)
Re: Snort not collecting data after installing pulledpork and running rules update Michael Steele (Feb 13)
Logging problems on Windows using the -E switch Michael Steele (Jan 31)
Re: [barnyard2-users] Logging to the Windows event log Michael Steele (Jan 30)
Re: [barnyard2-users] Logging to the Windows event log Michael Steele (Jan 30)
Windows - Logging events to Application Log gets error Michael Steele (Feb 21)
Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 03)
Re: PulledPork not processing Michael Steele (Feb 10)
Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 04)
Re: Real Time Alert and Variables Michael Steele (Jan 31)
Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 03)
Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 03)
Community Ruleset Clarification Michael Steele (Mar 30)
Re: [Snort-devel] Snort Configuration Problems Michael Steele (Jan 02)
Re: Logging problems on Windows using the -E switch Michael Steele (Jan 31)
Re: Community Ruleset Clarification Michael Steele (Mar 30)
Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 03)
Public Blacklist usage? Michael Steele (Feb 25)
Re: Snort Alert[1:16482:8] Michael Steele (Mar 26)
Re: Snort not collecting data after installing pulledpork and running rules update Michael Steele (Feb 13)
Re: Persistent problems with rule updates for Registerd Users Michael Steele (Jan 04)
Re: Real Time Alert and Variables Michael Steele (Jan 27)
Re: Real Time Alert and Variables Michael Steele (Jan 31)
Re: PulledPork not processing Michael Steele (Feb 10)
Re: [Snort-devel] Snort Configuration Problems Michael Steele (Jan 02)
PulledPork not processing Michael Steele (Feb 09)
Re: Logging - A easy way ? Michael Steele (Mar 26)
Persistent problems with rule updates for Registerd Users Michael Steele (Jan 02)
Re: Snort not collecting data after installing pulledpork and running rules update Michael Steele (Feb 12)

Miguel Alvarez

Re: What is the correct syntax for bpf_file? Miguel Alvarez (Jan 29)
Sig for 0 day browser java plugin? Miguel Alvarez (Feb 20)
Re: Re : Re: What is the correct syntax for bpf_file? Miguel Alvarez (Jan 29)
What is the correct syntax for bpf_file? Miguel Alvarez (Jan 29)
Re: Re : Re: What is the correct syntax for bpf_file? Miguel Alvarez (Jan 30)

Mikael Keri

Fwd: Re: Virtual Machines and Hypervisors Mikael Keri (Jan 29)
Re: Virtual Machines and Hypervisors mikael keri (Jan 29)

Mike Becker

Re: HA feature available for Snort NIDS/NIPS Engine Mike Becker (Mar 18)

Mike Cox

Re: Fwd: Rule checking logic ("checking" as defined by rule profile stats) question Mike Cox (Jan 10)
Easy way to output alert and Hex+ASCII pcap data? Mike Cox (Mar 18)
Rule checking logic ("checking" as defined by rule profile stats) question Mike Cox (Jan 08)
Re: Fwd: Rule checking logic ("checking" as defined by rule profile stats) question Mike Cox (Jan 09)
Re: Easy way to output alert and Hex+ASCII pcap data? Mike Cox (Mar 18)

Mike Miller

Re: problems in snort installing. Mike Miller (Mar 19)
Re: Rebuilding the wheel Mike Miller (Jan 07)
Re: HA feature available for Snort NIDS/NIPS Engine Mike Miller (Mar 18)
Re: Recommended hardware for running snort in packet logging mode on home network proxy? Mike Miller (Mar 22)
Re: BASE 100% TCP ? Mike Miller (Mar 12)
Re: Best practices for setting HOME_NET Mike Miller (Jan 11)
Database sizing and tuning Mike Miller (Jan 11)
Re: Snort CPU usage Mike Miller (Feb 18)
Re: Best practices for setting HOME_NET Mike Miller (Jan 11)

Miller - CDLE, Michael

Re: Safe browsing and proxies Miller - CDLE, Michael (Mar 05)

Miso Patel

Question About Threshholds Miso Patel (Mar 20)

Mitesh Jadia

Re: decoderActionQ Mitesh Jadia (Jan 10)
bug in sfutil/sfrt.c Mitesh Jadia (Mar 15)
Re: Restart snort inline without traffic loss? Mitesh Jadia (Feb 06)

Mohammad MontazerI

Re: problems in snort installing. Mohammad MontazerI (Mar 18)
Re: Alert file Mohammad MontazerI (Mar 20)
Re: Fw: problems in snort installing. Mohammad MontazerI (Mar 19)
Re: best suited distro for snort? Mohammad MontazerI (Mar 26)
Re: general questions Mohammad MontazerI (Mar 29)
Re: general questions Mohammad MontazerI (Mar 29)
Re: problems in snort installing. Mohammad MontazerI (Mar 19)
Re: general questions Mohammad MontazerI (Mar 29)
Alert file Mohammad MontazerI (Mar 19)
Re: Alert file Mohammad MontazerI (Mar 20)
Fw: problems in snort installing. Mohammad MontazerI (Mar 19)
User add in centOs Mohammad MontazerI (Mar 29)
Re: problems in snort installing. Mohammad MontazerI (Mar 19)
Re: Alert file Mohammad MontazerI (Mar 20)
Re: problems in snort installing. Mohammad MontazerI (Mar 19)
Re: general questions Mohammad MontazerI (Mar 29)
Re: general questions Mohammad MontazerI (Mar 29)
Re: problems in snort installing. Mohammad MontazerI (Mar 19)
general questions Mohammad MontazerI (Mar 28)
problems in snort installing. Mohammad MontazerI (Mar 16)

Muteb Alqahtani

network interface Muteb Alqahtani (Feb 19)

Nathan Benson

Re: Quick question about byte_test Nathan Benson (Feb 14)
Re: Rule assist Nathan Benson (Mar 12)

Ned Moran

Re: Fw: Snort Rules Ned Moran (Feb 15)
Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Ned Moran (Jan 26)

Nicholas Bogart

Snort alert file missing? Nicholas Bogart (Mar 28)
Re: var or ipvar? Nicholas Bogart (Jan 28)
Re: var or ipvar? Nicholas Bogart (Jan 28)

Nicholas Horton

Re: Explanation of Rule 1:19189:4 Nicholas Horton (Jan 29)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: Real Time Alert and Variables Nicholas Horton (Feb 12)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: Real Time Alert and Variables Nicholas Horton (Jan 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: Explanation of Rule 1:19189:4 Nicholas Horton (Jan 29)
DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Explanation of Rule 1:19189:4 Nicholas Horton (Jan 29)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: Real Time Alert and Variables Nicholas Horton (Jan 27)
Re: Real Time Alert and Variables Nicholas Horton (Feb 07)
Re: Real Time Alert and Variables Nicholas Horton (Feb 12)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: Real Time Alert and Variables Nicholas Horton (Feb 07)
Re: Real Time Alert and Variables Nicholas Horton (Jan 27)
Re: Real Time Alert and Variables Nicholas Horton (Jan 25)
Real Time Alert and Variables Nicholas Horton (Jan 25)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)
Re: Explanation of Rule 1:19189:4 Nicholas Horton (Jan 29)
Re: Real Time Alert and Variables Nicholas Horton (Feb 06)
Re: DAQ 2.0.0 Error with 2.9.4.1 Nicholas Horton (Mar 27)

Nikola Vulovic

compilation fail daq 2.0.0 Nikola Vulovic (Jan 02)
(no subject) Nikola Vulovic (Jan 12)

ntbuck12

syslog problems persist ntbuck12 (Mar 12)
snort ip change breaks detection ntbuck12 (Feb 28)
Re: syslog problems persist [SOLVED] ntbuck12 (Mar 13)
Writing a "not" snort rule ntbuck12 (Mar 19)
Re: Writing a "not" snort rule ntbuck12 (Mar 19)

Okeowo, Ayo

Re: Snort in Inline Mode on CentOS 6.3 Okeowo, Ayo (Feb 10)
Re: Snort in Inline Mode on CentOS 6.3 Okeowo, Ayo (Feb 10)
Snort in Inline Mode on CentOS 6.3 Okeowo, Ayo (Feb 06)
Fwd: Snort in Inline Mode on CentOS 6.3 Okeowo, Ayo (Feb 10)
Re: Snort in Inline Mode on CentOS 6.3 Okeowo, Ayo (Feb 10)

Pablo Cantos

Re: Optimized implementation of AC and AC_Q pattern matching algorithms Pablo Cantos (Jan 26)
Re: Optimized implementation of AC and AC_Q pattern matching algorithms Pablo Cantos (Jan 28)

palestine group

null ports in snort database palestine group (Mar 19)

patricio

Snort Unixsock patricio (Jan 22)
SNORT compilation in ECLIPSE patricio (Jan 28)
SNORT compilation in ECLIPSE patricio (Jan 28)
Re: Snort Unixsock patricio (Jan 23)
Re: Snort Unixsock patricio (Jan 23)
SNORT openflow patricio (Jan 11)
Re: SNORT openflow patricio (Jan 13)
Snort Unixsock patricio (Jan 22)

Paul Tsang

Snort 2.9.3.1 so rules seems not working Paul Tsang (Jan 08)

Peter Bates

Re: Rule download fails Peter Bates (Feb 25)
Re: Updating Rules using Oinkmaster Peter Bates (Jan 08)
Re: Syslog Help Peter Bates (Mar 18)
Unified2 extra data Peter Bates (Jan 03)
Re: Reverse shell connections Peter Bates (Mar 29)

Phil Daws

Re: PP and community rules Phil Daws (Mar 28)
Sensor Location Phil Daws (Mar 25)
SDF Triggering Phil Daws (Mar 27)
Output: CSV and interface Phil Daws (Mar 27)

Philip Edwards

SSH preprocessor Philip Edwards (Mar 04)

Prabhakaran Kasinathan

Is Ipv6 Support in Snort Complete ? Prabhakaran Kasinathan (Mar 13)

Prabhudev Avarasang

help add rule while snort is running Prabhudev Avarasang (Mar 01)

Prathibha P G

Snort Prathibha P G (Feb 03)
Snort in Grid Computing Prathibha P G (Mar 06)
Error Prathibha P G (Feb 25)

Pratik Narang

Re: botnets Pratik Narang (Mar 24)
botnets Pratik Narang (Mar 12)
Re: botnets Pratik Narang (Mar 21)

praveen_recker .

Re: DAQ installation error praveen_recker . (Feb 11)

Quentin Vallin

Problem with output file Quentin Vallin (Feb 21)
Snort alert Quentin Vallin (Mar 27)
Re: Problem with output file Quentin Vallin (Feb 25)
Re: Snort alert Quentin Vallin (Mar 28)
Re: Problem with output file Quentin Vallin (Feb 21)

Quoc tuan Pham

help snort Quoc tuan Pham (Mar 16)

Ray Caparros

Re: Install Snort 2.9 on Mac OSX (Lion) Ray Caparros (Feb 12)
Re: no IDS logs from snort Ray Caparros (Mar 11)
Re: no IDS logs from snort Ray Caparros (Mar 09)
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ray Caparros (Feb 19)
Re: best suited linux distro for snort? Ray Caparros (Mar 26)

Research

Sourcefire VRT Certified Snort Rules Update 2013-01-15 Research (Jan 15)
Sourcefire VRT Certified Snort Rules Update 2013-01-24 Research (Jan 24)
Sourcefire VRT Certified Snort Rules Update 2013-02-01 Research (Feb 01)
Sourcefire VRT Certified Snort Rules Update 2013-01-03 Research (Jan 03)
Sourcefire VRT Certified Snort Rules Update 2013-03-07 Research (Mar 07)
Sourcefire VRT Certified Snort Rules Update 2013-02-12 Research (Feb 12)
Sourcefire VRT Certified Snort Rules Update 2013-03-28 Research (Mar 28)
Sourcefire VRT Certified Snort Rules Update 2013-03-14 Research (Mar 14)
Sourcefire VRT Certified Snort Rules Update 2013-02-08 Research (Feb 08)
Sourcefire VRT Certified Snort Rules Update 2013-01-08 Research (Jan 08)
Sourcefire VRT Certified Snort Rules Update 2013-01-29 Research (Jan 29)
Sourcefire VRT Certified Snort Rules Update 2013-01-17 Research (Jan 17)
Sourcefire VRT Certified Snort Rules Update 2013-02-21 Research (Feb 21)
Sourcefire VRT Certified Snort Rules Update 2013-02-05 Research (Feb 05)
Sourcefire VRT Certified Snort Rules Update 2013-02-19 Research (Feb 19)
Sourcefire VRT Certified Snort Rules Update 2013-03-21 Research (Mar 21)
Sourcefire VRT Certified Snort Rules Update 2013-03-26 Research (Mar 26)
Sourcefire VRT Certified Snort Rules Update 2013-02-14 Research (Feb 14)
Sourcefire VRT Certified Snort Rules Update 2013-03-05 Research (Mar 05)
Sourcefire VRT Certified Snort Rules Update 2013-01-14 Research (Jan 14)
Sourcefire VRT Certified Snort Rules Update 2013-02-07 Research (Feb 07)
Sourcefire VRT Certified Snort Rules Update 2013-02-28 Research (Feb 28)
Sourcefire VRT Certified Snort Rules Update 2013-02-21 Research (Feb 21)
Sourcefire VRT Certified Snort Rules Update 2013-01-10 Research (Jan 10)
Sourcefire VRT Certified Snort Rules Update 2013-02-27 Research (Feb 27)
Sourcefire VRT Certified Snort Rules Update 2013-03-12 Research (Mar 12)
Sourcefire VRT Certified Snort Rules Update 2013-03-19 Research (Mar 19)
Sourcefire VRT Certified Snort Rules Update 2013-01-22 Research (Jan 22)
Sourcefire VRT Certified Snort Rules Update 2013-03-14 Research (Mar 14)

Reshma Purushothaman

Database Decoding Reshma Purushothaman (Jan 09)

Ricky Huang

Does Snort support country blocking Ricky Huang (Mar 06)
Questions with this Snort IPS setup Ricky Huang (Mar 11)
Setting Snort policy_mode Ricky Huang (Mar 05)
Re: "Adapter is in Passive Mode" Warning Ricky Huang (Mar 08)
Can't start DAQ (-1) - ipfw_daq_start: can't create divert socket Ricky Huang (Mar 08)
Re: Alert file Ricky Huang (Mar 20)
Re: Questions with this Snort IPS setup Ricky Huang (Mar 12)
Re: Does Snort support country blocking Ricky Huang (Mar 06)
Re: Setting Snort policy_mode Ricky Huang (Mar 05)
Testing Snort functionality, or, how do I know if Snort really works? Ricky Huang (Mar 06)
Re: Can't start DAQ (-1) - ipfw_daq_start: can't create divert socket Ricky Huang (Mar 11)
Re: Can't start DAQ (-1) - ipfw_daq_start: can't create divert socket Ricky Huang (Mar 12)
Re: Snort alert Ricky Huang (Mar 27)
Re: Snort doc error (?) - rule option not optional? Ricky Huang (Mar 08)
Re: Testing Snort functionality, or, how do I know if Snort really works? Ricky Huang (Mar 06)
Re: Does Snort support country blocking Ricky Huang (Mar 06)
Snort doc error (?) - rule option not optional? Ricky Huang (Mar 06)
"Adapter is in Passive Mode" Warning Ricky Huang (Mar 06)
Re: Snort doc error (?) - rule option not optional? Ricky Huang (Mar 08)
Re: general questions Ricky Huang (Mar 28)

Rm Kml

Re : Re: What is the correct syntax for bpf_file? Rm Kml (Jan 29)

rmkml

Re: Rule assist rmkml (Mar 12)
Re: Explanation of Rule 1:19189:4 rmkml (Jan 29)
Re: What is the correct syntax for bpf_file? rmkml (Jan 29)
Re: Explanation of Rule 1:19189:4 rmkml (Jan 29)
Re: Quick and dirty rmkml (Jan 30)
Re: Rule assist rmkml (Mar 12)

Robert Cotter

Re: Recent changes to SNORT 2.9.4.0 rulesets regarding PCRE syntax. Robert Cotter (Feb 20)
Recent changes to SNORT 2.9.4.0 rulesets regarding PCRE syntax. Robert Cotter (Feb 20)

Rodrigo Montoro(Sp0oKeR)

Re: HTTP Filtering using Snort Rodrigo Montoro(Sp0oKeR) (Jan 13)

Russ Combs

Re: Patch to have unified2 outputs for multiple snort instances Russ Combs (Feb 14)
Re: The detect function Russ Combs (Jan 02)
Re: Testing Snort Russ Combs (Jan 30)
Re: Automatically decoding of Teredo traffic Russ Combs (Mar 20)
Re: configure options for 2.9.4 Russ Combs (Feb 15)
Re: unified2_extra_data Russ Combs (Jan 10)
Re: [Emerging-Sigs] Creating Potential DOS HTTP sig Russ Combs (Jan 22)
Re: Snort Segmentation Fault Russ Combs (Feb 14)
Re: compilation fail daq 2.0.0 Russ Combs (Jan 03)
Re: snort SIGSEGV Russ Combs (Jan 02)
Re: Can't start DAQ (-1) - ipfw_daq_start: can't create divert socket Russ Combs (Mar 12)
Re: Persistent problems with rule updates for Registerd Users Russ Combs (Jan 03)
Re: SNORT openflow Russ Combs (Jan 14)
Re: "Adapter is in Passive Mode" Warning Russ Combs (Mar 08)
Re: Snort Segmentation Fault Russ Combs (Feb 14)
Re: Snort doc error (?) - rule option not optional? Russ Combs (Mar 08)
Re: Snort doc error (?) - rule option not optional? Russ Combs (Mar 08)

Ruyk

snort and http_inspect Ruyk (Feb 26)

Sacher , Désirée

Snort not logging to unified2 Sacher , Désirée (Jan 30)
Re: Snort not logging to unified2 Sacher , Désirée (Jan 30)

salawank

Re: botnets salawank (Mar 24)
Re: Alert file salawank (Mar 20)

Sallee, Stephen (Jake)

Re: New install questions. Sallee, Stephen (Jake) (Mar 06)
New install questions. Sallee, Stephen (Jake) (Mar 06)
Re: New install questions. Sallee, Stephen (Jake) (Mar 07)
Re: CPU and RAM planning tool Sallee, Stephen (Jake) (Mar 10)
Re: New install questions. Sallee, Stephen (Jake) (Mar 06)
Re: CPU and RAM planning tool Sallee, Stephen (Jake) (Mar 10)
CPU and RAM planning tool Sallee, Stephen (Jake) (Mar 09)

sandeep mlist

Need help in snort rule sandeep mlist (Jan 30)
Re: Need help in snort rule sandeep mlist (Jan 30)
Need help with byte_test sandeep mlist (Feb 11)

Sharon Sahar

HTTP Filtering using Snort Sharon Sahar (Jan 13)
Re: HTTP Filtering using Snort Sharon Sahar (Jan 13)

Shields, Joseph (NIH/NIEHS) [C]

FW: Snort rule for a pattern match? Shields, Joseph (NIH/NIEHS) [C] (Mar 07)
How does Snort implement PCRE (?C callout functionality in snort rule? Shields, Joseph (NIH/NIEHS) [C] (Feb 26)
Re: Snort rule for a pattern match? Shields, Joseph (NIH/NIEHS) [C] (Mar 26)
Snort rule for a pattern match? Shields, Joseph (NIH/NIEHS) [C] (Mar 07)
Re: Snort rule for a pattern match? Shields, Joseph (NIH/NIEHS) [C] (Mar 26)
Re: Snort rule for a pattern match? Shields, Joseph (NIH/NIEHS) [C] (Mar 27)
Re: Snort rule for a pattern match? Shields, Joseph (NIH/NIEHS) [C] (Mar 27)

Smith, Edward

Re: Unknown ClassType: trojan-activity Smith, Edward (Jan 14)
Unknown ClassType: trojan-activity Smith, Edward (Jan 14)

Smit Smit

Re: snort and http_inspect Smit Smit (Feb 26)

snort

snort as windows as service and logging to the windows event log snort (Feb 27)

Snort Releases

Snort 2.9.4.1 Now Available Snort Releases (Mar 05)
Snort 2.9.4.1 Now Available Snort Releases (Mar 05)

Stark, Vernon L.

Re: Segmentation Fault After Rule Update Stark, Vernon L. (Mar 14)
Segmentation Fault After Rule Update Stark, Vernon L. (Mar 14)
Value of max_gzip_mem listed in documentation Stark, Vernon L. (Jan 23)
FW: Recent changes to SNORT 2.9.4.0 rulesets regarding PCRE syntax. Stark, Vernon L. (Feb 20)

Starner, Mark

Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Starner, Mark (Jan 16)

Stephen Mintz

Re: Using a var in the conf and local rules Stephen Mintz (Feb 25)

Stephen Reese

Re: Anomaly-detection dynamic preprocessor Stephen Reese (Feb 25)

Steve Marotta

Re: Rule set for non-intrusive events? Steve Marotta (Jan 09)
Rule set for non-intrusive events? Steve Marotta (Jan 09)

Steven Sturges

Re: Fwd: Rule checking logic ("checking" as defined by rule profile stats) question Steven Sturges (Jan 09)
Re: Fwd: Rule checking logic ("checking" as defined by rule profile stats) question Steven Sturges (Jan 13)

sumitkamboj88 () gmail com

Snort Configuration Problem sumitkamboj88 () gmail com (Jan 25)

Tamara Fisher

Re: PulledPork New Snort Categories Tamara Fisher (Mar 07)
Running Snort from User Account Tamara Fisher (Mar 04)
403 Error when attempting to pull rules using Pulled-Pork Tamara Fisher (Feb 20)
Re: 403 Error when attempting to pull rules using Pulled-Pork Tamara Fisher (Feb 20)
PulledPork New Snort Categories Tamara Fisher (Mar 07)

Tavis Ormandy

incorrect FDDI test in decode.c leads to reading uninitialized fields Tavis Ormandy (Jan 15)

Thibaud Raso

Snort on proxy (outbound alerts) Thibaud Raso (Jan 18)

Todd Wease

Re: Logging problems on Windows using the -E switch Todd Wease (Jan 31)
Re: [PATCH] Allow Snort to run as non-root with IPFW DAQ Todd Wease (Mar 06)
Re: Snort Pattern alghoritm Todd Wease (Mar 08)
Re: Dynamic Preprocessor- packets from established flows Todd Wease (Jan 31)
Re: Mis-Matching traffic with PCRE Rules Todd Wease (Mar 08)
Re: [PATCH]: Add Nonce Sum bit to 'flags' Todd Wease (Jan 28)
Re: Re : Re: What is the correct syntax for bpf_file? Todd Wease (Jan 30)
Re: var or ipvar? Todd Wease (Jan 28)
Re: Snort not logging to unified2 Todd Wease (Jan 30)
Re: Dynamic Preprocessor- packets from established flows Todd Wease (Jan 30)
Re: var or ipvar? Todd Wease (Jan 29)
Re: Snort Pattern alghoritm Todd Wease (Jan 28)

Tony Reusser

Re: Snort 2.9.4.0 on CentOS 5.8 Tony Reusser (Feb 12)

Tony Robinson

Using pulled pork to change rule state from alert to drop for a policy type Tony Robinson (Mar 24)
Re: PulledPork not processing Tony Robinson (Feb 10)
Re: Using pulled pork to change rule state from alert to drop for a policy type Tony Robinson (Mar 27)
Re: Test traffic Tony Robinson (Feb 19)

Topher ZiCornell

Snort on AWS Topher ZiCornell (Jan 28)

T. R

Re: Snort on proxy (outbound alerts) T. R (Jan 18)

Tural Nazirov

About Snort Inline Tural Nazirov (Mar 19)
Snort rules problem Tural Nazirov (Mar 07)

Ulric Eriksson

Re: Virtual Machines and Hypervisors Ulric Eriksson (Jan 30)

Victor Roemer

Re: Bad performance x 2 when using net.bpf.zerocopy_enable=1 on FreeBSD 9.1 Victor Roemer (Feb 19)
Re: [Snort-devel] Bad performance x 2 when using net.bpf.zerocopy_enable=1 on FreeBSD 9.1 Victor Roemer (Feb 20)
Re: incorrect FDDI test in decode.c leads to reading uninitialized fields Victor Roemer (Jan 15)
Re: unified2_extra_data Victor Roemer (Jan 11)
Re: Cannot get alert from dynamic_example preprocessor in output Victor Roemer (Feb 19)
Re: 'make' Snort to compile my own preprocessor Victor Roemer (Jan 15)

vincent

Re: Snort 2.9.4.0 on CentOS 5.8 vincent (Feb 12)
Re: Snort 2.9.4.0 on CentOS 5.8 vincent (Feb 12)

Vo Van Pho

Remove outside from mailing list Vo Van Pho (Feb 19)
Re: Remove outside from mailing list Vo Van Pho (Feb 19)

waldo kitty

Re: Error app-detect.rules (18) Unknown ClassType: waldo kitty (Mar 12)
Re: Creating Your Own Snort Rule? waldo kitty (Mar 12)
Re: Best practices for setting HOME_NET waldo kitty (Jan 11)
Re: Blocking ip's with snort blacklist waldo kitty (Mar 26)
Re: Snort and Proxmox waldo kitty (Jan 28)
Re: Need help: a custom snort signature that will detect attachments (inbound + outbound) waldo kitty (Jan 25)
Re: general questions waldo kitty (Mar 29)
Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
Re: Reverse shell connections waldo kitty (Mar 23)
Re: Snort and IM waldo kitty (Feb 18)
Re: Using a var in the conf and local rules waldo kitty (Feb 25)
Re: general questions waldo kitty (Mar 29)
Re: Snort CPU usage waldo kitty (Feb 18)
Re: Snort as a predefined PID waldo kitty (Mar 04)
Re: Fwd: waldo kitty (Jan 29)
Re: question for snort flow established waldo kitty (Mar 18)
Re: How To Use Snort As An IDS waldo kitty (Mar 04)
Re: help add rule while snort is running waldo kitty (Mar 01)
Re: Snort and IM waldo kitty (Feb 18)
Re: Errors after upgrade to 2.9.4.1 waldo kitty (Mar 14)
Re: newbie question about pass and alert directive waldo kitty (Feb 23)
Re: Fw: Snort Rules waldo kitty (Feb 14)
Re: preprocessor sfportscan does not generate alerts waldo kitty (Feb 15)
Re: var or ipvar? waldo kitty (Jan 28)
Re: var or ipvar? waldo kitty (Jan 28)
Re: no IDS logs from snort waldo kitty (Mar 11)
Re: no IDS logs from snort waldo kitty (Mar 11)
Re: Alert file waldo kitty (Mar 20)
Re: Rules across tcp headers & http headers/payload waldo kitty (Mar 04)
Re: Restart snort inline without traffic loss? waldo kitty (Feb 08)
Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
Re: Custom variables in rules and snort.conf waldo kitty (Jan 14)
Re: Rule question.. SID 1:1000103 waldo kitty (Mar 13)
var or ipvar? waldo kitty (Jan 28)
Re: Snort and Proxmox waldo kitty (Jan 28)
Re: problems in snort installing. waldo kitty (Mar 20)
Re: Still trying to build this box waldo kitty (Mar 12)
Re: Fw: Snort Rules waldo kitty (Feb 15)
Re: question for snort flow established waldo kitty (Mar 18)
Re: var or ipvar? waldo kitty (Jan 28)
Re: Using pulled pork to change rule state from alert to drop for a policy type waldo kitty (Mar 25)
Re: Restart snort inline without traffic loss? waldo kitty (Feb 07)
Re: (no subject) waldo kitty (Jan 30)
Re: Restart snort inline without traffic loss? waldo kitty (Feb 06)
Re: Need help with byte_test waldo kitty (Feb 12)
Re: Reverse shell connections waldo kitty (Mar 29)
Re: general questions waldo kitty (Mar 29)
Re: Error initializing rule chains waldo kitty (Mar 09)
Re: Questions with this Snort IPS setup waldo kitty (Mar 12)
Re: Alert file waldo kitty (Mar 21)
Re: Problem with sensitive-data:email addresses rule waldo kitty (Mar 30)
Re: Problem with sensitive-data:email addresses rule waldo kitty (Mar 30)
Re: Snort on proxy (outbound alerts) waldo kitty (Jan 18)
Re: Snort alert waldo kitty (Mar 28)
Re: ERROR: Failed to initialize dynamic preprocessor: SF_GTP (IPV6) version 1.1.1 (-2) waldo kitty (Feb 06)
Re: configure options for 2.9.4 waldo kitty (Feb 15)
Re: 403 error :( waldo kitty (Mar 18)
Re: Unknown ClassType waldo kitty (Mar 21)
Re: Creating a PostgreSQL database for snort on Debian system waldo kitty (Jan 21)
Re: no IDS logs from snort waldo kitty (Mar 11)
Re: Integrating ClamAv into Snort waldo kitty (Feb 12)
Re: Help With Assignment waldo kitty (Feb 20)
Re: no IDS logs from snort waldo kitty (Mar 09)
Re: problems in snort installing. waldo kitty (Mar 16)
Re: Snort Block rules download for IPS mode waldo kitty (Jan 28)
Re: var or ipvar? waldo kitty (Jan 28)
Re: DNS Query for .su TLD (Soviet Union) waldo kitty (Mar 05)
Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
Re: question for snort flow established waldo kitty (Mar 18)
Re: general questions waldo kitty (Mar 29)
Re: Creating Your Own Snort Rule? waldo kitty (Mar 12)
Re: Snort and SQL database waldo kitty (Feb 01)
Re: preprocessor sfportscan does not generate alerts waldo kitty (Feb 18)
Re: question for snort flow established waldo kitty (Mar 16)
Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
Re: Need help in snort rule waldo kitty (Jan 30)
Re: Errors after upgrade to 2.9.4.1 waldo kitty (Mar 13)
Re: var or ipvar? waldo kitty (Jan 28)
Re: Snort Configuration Problem waldo kitty (Jan 25)
Re: Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address: waldo kitty (Feb 27)
Re: About make command error waldo kitty (Mar 02)
Re: question for snort flow established waldo kitty (Mar 18)
Re: preprocessor sfportscan does not generate alerts waldo kitty (Feb 25)
Re: Alert file waldo kitty (Mar 20)
Re: Easy way to output alert and Hex+ASCII pcap data? waldo kitty (Mar 18)
Re: newbie question about pass and alert directive waldo kitty (Feb 22)
Re: Barnyard2 database failures waldo kitty (Jan 06)
Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. waldo kitty (Jan 26)
Re: Snort Alert[1:16482:8] waldo kitty (Mar 26)
Re: Still trying to build this box waldo kitty (Mar 12)
Re: 'make' Snort to compile my own preprocessor waldo kitty (Jan 15)
Re: Fwd: waldo kitty (Jan 30)
Re: Problem with acquiring traffic waldo kitty (Feb 23)
Re: problems in snort installing. waldo kitty (Mar 17)
Re: Barnyard2 database failures waldo kitty (Jan 03)
Re: var or ipvar? waldo kitty (Jan 28)
Re: general questions waldo kitty (Mar 29)
Re: About make command error waldo kitty (Feb 28)
Re: Best practices for setting HOME_NET waldo kitty (Jan 11)
Re: Restart snort inline without traffic loss? waldo kitty (Feb 06)
Re: Need help with byte_test waldo kitty (Feb 12)
Re: Snort Question waldo kitty (Feb 13)
Re: ERROR: parser.c(5302) waldo kitty (Mar 28)

Ward Sladek

Re: Pass rules - no effect/not working Ward Sladek (Jan 30)
Pass rules - no effect/not working Ward Sladek (Jan 26)

waseem sarwar

Add Data Into New Tables waseem sarwar (Mar 05)
Re: Add Data Into New Tables waseem sarwar (Mar 05)
Re: Add Data Into New Tables waseem sarwar (Mar 05)
Re: Mis-Matching traffic with PCRE Rules waseem sarwar (Mar 08)
Mis-Matching traffic with PCRE Rules waseem sarwar (Mar 08)

Weir, Jason

Re: compilation fail daq 2.0.0 Weir, Jason (Jan 03)

Yayan Tri Taryana

Updating Rules using Oinkmaster Yayan Tri Taryana (Jan 07)
Barnyard Waldo File Corrupted/Truncated Yayan Tri Taryana (Jan 08)

yayantritaryana

Rule Snort Ping Flood yayantritaryana (Mar 11)

Yeison Camargo

Snort Rules 2940 Problem Yeison Camargo (Feb 04)

yew chuan Ong

sid 15554 yew chuan Ong (Jan 06)

Y M

Re: Snort log: Source MAC address record Y M (Mar 11)
Re: Snort and Barnyard2 Y M (Feb 06)
Re: Snort and my VLANs Y M (Feb 14)
Re: Snort in Inline Mode on CentOS 6.3 Y M (Feb 10)
Re: Snort in Inline Mode on CentOS 6.3 Y M (Feb 10)
Re: Snort in Inline Mode on CentOS 6.3 Y M (Feb 06)
Re: Restart snort inline without traffic loss? Y M (Feb 08)
Unable to access Ruleset of 21 March Y M (Mar 24)
Re: Snort and Barnyard2 Y M (Feb 06)
Re: (no subject) Y M (Jan 12)
Re: Real Time Alert and Variables Y M (Jan 25)
Re: Snort doc error (?) - rule option not optional? Y M (Mar 08)
Re: Restart snort inline without traffic loss? Y M (Feb 06)
Re: Snort and Barnyard2 Y M (Feb 06)
FW: snort logging issue Y M (Feb 13)
Re: Snort in Inline Mode on CentOS 6.3 Y M (Feb 06)
Re: Snort in Inline Mode on CentOS 6.3 Y M (Feb 10)
Re: var or ipvar? Y M (Jan 28)
Re: Snort and Barnyard2 Y M (Feb 06)
Re: Identify outbound SSH connections Y M (Jan 08)
Re: sid-msg.map Y M (Mar 19)
Re: Snort rules problem Y M (Mar 08)
Re: Snort rules problem Y M (Mar 08)
Re: "Adapter is in Passive Mode" Warning Y M (Mar 08)
Re: Restart snort inline without traffic loss? Y M (Feb 08)
Re: Snort and Barnyard2 Y M (Feb 06)

Yonas Abebe

Test traffic Yonas Abebe (Feb 19)

Yoshimasa Obana

Packet Drop in Preprocessor Yoshimasa Obana (Feb 25)

Yossi

Tagged Packet in the new snort? Yossi (Mar 07)

Yossi Nachum

Re: Using pulled pork to change rule state from alert to drop for a policy type Yossi Nachum (Mar 25)

Zahra Hakimi

sfportscan Preprocessor Zahra Hakimi (Jan 06)

z@@f@r @}{m3D

Re: Snort Segmentation Fault z@@f@r @}{m3D (Feb 14)
Snort Segmentation Fault z@@f@r @}{m3D (Feb 14)

zhaojunling_20

Re: question for snort flow established zhaojunling_20 (Mar 16)
Re: question for snort flow established zhaojunling_20 (Mar 16)
question for snort flow established zhaojunling_20 (Mar 16)
Re: question for snort flow established zhaojunling_20 (Mar 17)
Re: question for snort flow established zhaojunling_20 (Mar 17)

עמית קליינמן

Re: DAQ complaint. Unable to build snort snort-2.9.4 עמית קליינמן (Jan 25)
DAQ complaint. Unable to build snort snort-2.9.4 עמית קליינמן (Jan 25)
Re: DAQ complaint. Unable to build snort snort-2.9.4 עמית קליינמן (Jan 25)
Problems with installing snort 2.9.4 on centos 6.3 עמית קליינמן (Jan 31)

Андрей Меньков

Cannot get alert from dynamic_example preprocessor in output Андрей Меньков (Feb 19)
Re: Cannot get alert from dynamic_example preprocessor in output Андрей Меньков (Feb 19)
Re: Cannot get alert from dynamic_example preprocessor in output Андрей Меньков (Feb 19)
Re: Anomaly-detection dynamic preprocessor Андрей Меньков (Feb 25)
Anomaly-detection dynamic preprocessor Андрей Меньков (Feb 22)

严骞

Re: Unknown ClassType 严骞 (Mar 20)

黃 huang

hey! 黃 huang (Mar 15)

Previous period

Next period