Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

825 messages starting Nov 12 13 and ending Dec 13 13
Date index | Thread index | Author index

abbasakbar

Fake Conferences CSCI and WORLDCOMP of Hamid Arabnia abbasakbar (Nov 12)
Fake Conferences CSCI and WORLDCOMP of Hamid Arabnia abbasakbar (Nov 12)
Fake Conferences CSCI and WORLDCOMP of Hamid Arabnia abbasakbar (Nov 12)

abdelkader . djebbar

i hvave error when run snort abdelkader . djebbar (Nov 26)

ƒabricio -

Problems with Snort Installation on Windows 7 ƒabricio - (Nov 13)

Alan McKay

Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 15)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 14)
Re: First time snorting ... ERROR: The dynamic detection library ... Alan McKay (Nov 19)

Alex McDonnell

Re: SIP scanner sig Alex McDonnell (Oct 01)
Re: SIP scanner sig Alex McDonnell (Oct 01)

Amir Azhdari

snort with SVM Amir Azhdari (Dec 27)

Amtul Saboor

My email ID Amtul Saboor (Oct 22)
Writing Preprocessor For Snort Amtul Saboor (Nov 02)
Please verif Output of DPX (sample dynamic preprocessor tool kit) Amtul Saboor (Nov 29)
Re: Need help to know which files to be changed in Dynamic preprocessor starter kit Amtul Saboor (Dec 26)
Re: Need help to know which files to be changed in Dynamic preprocessor starter kit Amtul Saboor (Nov 26)
Re: Need help to know which files to be changed in Dynamic preprocessor starter kit Amtul Saboor (Nov 22)
Re: DPX Output Verification Amtul Saboor (Dec 13)
Re: Writing Preprocessor For Snort Amtul Saboor (Nov 08)
DPX Output Verification Amtul Saboor (Nov 27)
Re: Writing Preprocessor For Snort Amtul Saboor (Nov 06)
Need help to know which files to be changed in Dynamic preprocessor starter kit Amtul Saboor (Nov 22)

anagha b

@empty rules files anagha b (Nov 14)
@empty rules files anagha b (Nov 17)
@processing packets left by snort anagha b (Oct 01)
@snort.log empty files anagha b (Oct 31)
@snort alert anagha b (Nov 27)
@portscan log not showing all decoys anagha b (Nov 19)

Andres Riancho

Snort - w3af integration to find malware in websites Andres Riancho (Oct 05)

aneeque khan

How to send packets to Snort without using pcap. aneeque khan (Nov 13)

Angel Chiriboga Torres

Logs Storage Problem Angel Chiriboga Torres (Dec 26)

Anshuman Anil Deshmukh

Re: Issue related to Blacklists Anshuman Anil Deshmukh (Oct 16)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
Re: Network cards for IPS & query related to PFRING Anshuman Anil Deshmukh (Oct 24)
Re: Zabbix for Snort performance monitoring [Solved] Anshuman Anil Deshmukh (Oct 20)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
Re: Issue related to Blacklists Anshuman Anil Deshmukh (Oct 17)
Re: Flowbits config Anshuman Anil Deshmukh (Oct 22)
Network cards for IPS & query related to PFRING Anshuman Anil Deshmukh (Oct 17)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 24)
Queries regarding FRAG3 & STREAM5 Anshuman Anil Deshmukh (Oct 28)
Pulledpork issue 142 Anshuman Anil Deshmukh (Nov 01)
Re: Queries regarding FRAG3 & STREAM5 Anshuman Anil Deshmukh (Nov 07)
Issue related to Blacklists Anshuman Anil Deshmukh (Oct 14)
Re: Issue related to Blacklists [SOLVED] Anshuman Anil Deshmukh (Oct 17)
Re: Zabbix for Snort performance monitoring [Solved] Anshuman Anil Deshmukh (Oct 18)
Re: Multiple SID's for same type of event Anshuman Anil Deshmukh (Oct 25)
Zero day attack protection Anshuman Anil Deshmukh (Oct 27)
Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
Flowbits config Anshuman Anil Deshmukh (Oct 22)
Re: Network cards for IPS & query related to PFRING Anshuman Anil Deshmukh (Oct 21)
Zabbix for Snort performance monitoring Anshuman Anil Deshmukh (Oct 10)
Re: Network cards for IPS & query related to PFRING Anshuman Anil Deshmukh (Oct 24)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 27)
Re: Zabbix for Snort performance monitoring Anshuman Anil Deshmukh (Oct 10)
Re: Queries regarding FRAG3 & STREAM5 Anshuman Anil Deshmukh (Nov 08)
Re: Zabbix for Snort performance monitoring [Solved] Anshuman Anil Deshmukh (Oct 12)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
Multiple SID's for same type of event Anshuman Anil Deshmukh (Oct 24)
Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Anshuman Anil Deshmukh (Nov 02)
Recall: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 26)
Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 26)
Re: Network cards for IPS & query related to PFRING Anshuman Anil Deshmukh (Oct 20)

Ashu Singh

Snort Not logging alert Ashu Singh (Oct 05)
Need help: Snort not logging properly Ashu Singh (Oct 03)

avm31982

install avm31982 (Nov 29)

Ayodele Okeowo

Re: Snort & Barnyard Ayodele Okeowo (Dec 30)
Blocking Domain name like example.com Ayodele Okeowo (Dec 21)
Re: Blocking Domain name like example.com Ayodele Okeowo (Dec 23)
Re: Blocking Domain name like example.com Ayodele Okeowo (Dec 23)
Re: Periodic save rule profiling logs Ayodele Okeowo (Dec 23)
Re: Snort & Barnyard Ayodele Okeowo (Dec 23)
Re: Logs Storage Problem Ayodele Okeowo (Dec 26)

Bad Horse

Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 23)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 18)
Re: [Snort-devel] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Bad Horse (Nov 07)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 23)
Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 18)

Balamurali

Timezone issue in SNORT LOG Balamurali (Nov 26)

Bart Jan Kelter

Snort 2.9.5 and ERPSAN; malformed packages Bart Jan Kelter (Oct 21)

Beenish Raza

Re: [Snort-devel] Testing my own rules/signatures on pcap file Beenish Raza (Dec 30)
Testing my own rules/signatures on pcap file Beenish Raza (Dec 22)

beenph

Re: Barnyard2 reports database insert errors beenph (Nov 02)
Re: Barnyard2 reports database insert errors beenph (Nov 02)
Re: Barnyard2 reports database insert errors beenph (Nov 01)
Re: Barnyard2 reports database insert errors beenph (Nov 04)

Bhagya Bantwal

Re: About README.UNSOCK Bhagya Bantwal (Nov 14)
Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Bhagya Bantwal (Nov 07)
Re: working snort > 2.9.5 on archs with strict memory alignment? Bhagya Bantwal (Nov 12)
Re: Unified2 file corrupt? Bhagya Bantwal (Nov 13)
Re: [Snort-devel] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Bhagya Bantwal (Nov 22)

bk6662

Question about SNORT Sensor Placement bk6662 (Dec 31)

Bobby Venal

Re: NFQ DAQ "module version issue" on Debian Bobby Venal (Oct 27)
NFQ DAQ "module version issue" on Debian Bobby Venal (Oct 21)
NFQ DAQ "module version issue" on Debian Bobby Venal (Oct 20)

Budinich Galvez, Luis Alberto

compile options? Budinich Galvez, Luis Alberto (Dec 02)

carlopmart

Re: Pulledpork duplicate rules carlopmart (Oct 14)
Re: Pulledpork duplicate rules carlopmart (Oct 14)

Carlos Pacho

Re: Expiro sigs Carlos Pacho (Nov 14)
Re: HNAP Admin attempts Carlos Pacho (Nov 14)

Celso Fajardo

snort on alix 2d13 Celso Fajardo (Dec 31)

Chris Green

Re: [HOW-TO] Logging Snort alerts to Syslog and Splunk Chris Green (Oct 06)

cjgd7-facebook () yahoo com

Cannot make default /usr/lib/snort_dynamicpreprocessor into ...lib64... cjgd7-facebook () yahoo com (Dec 05)

C. L. Martinez

Re: Pulledpork duplicate rules C. L. Martinez (Oct 14)
Pulledpork duplicate rules C. L. Martinez (Oct 14)
Re: Pulledpork duplicate rules C. L. Martinez (Oct 14)

DA_667

difference between pulledpork -P and -n option? DA_667 (Nov 16)

Daniel Calvo Castro

Malware detection with Snort Daniel Calvo Castro (Nov 26)

Dave Corsello

Reputation preprocessor isn't blocking traffic Dave Corsello (Dec 07)
Barnyard2 reports database insert errors Dave Corsello (Nov 01)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 03)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 02)
Re: Reputation preprocessor isn't blocking traffic Dave Corsello (Dec 13)
Re: Reputation preprocessor isn't blocking traffic Dave Corsello (Dec 10)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 02)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 05)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 01)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 05)
Re: Barnyard2 reports database insert errors Dave Corsello (Nov 04)

Dave Venman

[SPAM] Re: Snort variables longer than 65535 bytes Dave Venman (Dec 02)
[SPAM] Re: Flowbits config Dave Venman (Oct 22)

donfack zeufack hermann

Writing a dynamic rules donfack zeufack hermann (Nov 09)

Dwayne Hottinger

http://webres1.pand.ctmail.com/ Dwayne Hottinger (Dec 04)
Re: http://webres1.pand.ctmail.com/ Dwayne Hottinger (Dec 04)

Ed Borgoyn (eborgoyn)

Re: preprocessor drop packets issues Ed Borgoyn (eborgoyn) (Dec 11)

Edward Borgoyn

Re: snort stop unexpectedly Edward Borgoyn (Nov 04)

Ellad G. Yatsko

Re: What to do? Ellad G. Yatsko (Nov 21)
Re: What to do? Ellad G. Yatsko (Nov 21)
Re: What to do? Ellad G. Yatsko (Nov 22)
What to do? Ellad G. Yatsko (Nov 21)
Re: What to do? Ellad G. Yatsko (Nov 22)
Is it a bug? Ellad G. Yatsko (Nov 24)

el mountasser el oukoud

elmountasser.eloukoud () gmail com el mountasser el oukoud (Nov 18)

elof

Using snort in an PCI DSS environment elof (Nov 20)
Re: Using snort in an PCI DSS environment elof (Nov 20)
Re: Using snort in an PCI DSS environment elof (Nov 20)
Re: Using snort in an PCI DSS environment elof (Nov 21)

Emiliano Fausto

Re: [snort-users] Stream5 doesn't take into account every TCP segment Emiliano Fausto (Dec 10)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 04)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 05)
[snort-users] Stream5 doesn't take into account every TCP segment Emiliano Fausto (Dec 10)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 04)
[snort-devel] Chainning pre-processors Emiliano Fausto (Dec 04)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 04)
Re: Need help to know which files to be changed in Dynamic preprocessor starter kit Emiliano Fausto (Dec 26)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 04)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 05)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 04)
Re: [snort-devel] Chainning pre-processors Emiliano Fausto (Dec 05)

Eric G

Re: Zabbix for Snort performance monitoring Eric G (Oct 10)
Re: Zabbix for Snort performance monitoring [Solved] Eric G (Oct 20)
Re: Duplicate rules & rule parser Eric G (Oct 26)

Ernest Okoromi

Configuration Issues Ernest Okoromi (Oct 30)

evalues evalues

Re: Snort UDP traffic in loopback interface evalues evalues (Dec 12)
Snort UDP traffic in loopback interface evalues evalues (Dec 11)

Felix Hosner

vrt subscribe installation Felix Hosner (Dec 14)

Fernando Villegas

Question about snort rules Fernando Villegas (Oct 07)

Fernando Villegas Acevedo

Fwd: Question about snort rules Fernando Villegas Acevedo (Oct 11)
Question about snort rules Fernando Villegas Acevedo (Oct 11)

fidel69

so_rules fidel69 (Nov 13)

Florent Bautista

SNORT vs WANGUARD Florent Bautista (Nov 07)

Frank Kirschner

FW: Re: FTP / Telnet normalization and anomaly detection Frank Kirschner (Dec 10)
FTP / Telnet normalization and anomaly detection Frank Kirschner (Dec 06)
Re: FTP / Telnet normalization and anomaly detection Frank Kirschner (Dec 07)

Geoffrey Serrao

Re: Expiro sigs Geoffrey Serrao (Nov 14)
Re: Compiling Snort Source Code version 2.9 in Windows with Visual Studio 2008 Geoffrey Serrao (Oct 30)
Re: ShodanHQ Rule Geoffrey Serrao (Oct 22)

Geoff Serrao

ShodanHQ Rule Geoff Serrao (Oct 22)

Ginski, Richard

Re: RAR File Detection Ginski, Richard (Oct 14)
RAR File Detection Ginski, Richard (Oct 11)
Re: RAR File Detection Ginski, Richard (Oct 14)

Glass, Keith

SNORT DB question Glass, Keith (Nov 12)

Gregor Mahnic

Snort 0,01 seconds too late? Gregor Mahnic (Dec 01)

Gregory W. MacPherson

Re: Writing Preprocessor For Snort Gregory W. MacPherson (Nov 14)

guillaume . daleux

Re: [Snort-devel] Testing my own rules/signatures on pcap file guillaume . daleux (Dec 22)

Hafez Kamal

[HITB-Announce] #HITB2014AMS Call for Papers Now Open Hafez Kamal (Nov 27)

Hanson.Webster

Dynamic rules not initialized properly Hanson.Webster (Oct 07)

Han Zhang

preprocessor drop packets issues Han Zhang (Dec 10)
Re: preprocessor drop packets issues Han Zhang (Dec 11)

Harley H

Columbia, MD Snort Users Group Harley H (Nov 25)

Harry Härpfer

Writing normalizer for snort Harry Härpfer (Nov 11)

Heine Lysemose

Re: pulledpork not retrieving reg rules Heine Lysemose (Oct 10)
Re: Can snort dump full pcap of alert? Heine Lysemose (Dec 19)

highend root

Re: Writing normalizer for snort highend root (Nov 12)

Hui Cao

Re: Queries regarding FRAG3 & STREAM5 Hui Cao (Nov 12)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 04)
Re: Fwd: unsock option Hui Cao (Oct 30)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 05)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 04)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 04)
Re: Queries regarding FRAG3 & STREAM5 Hui Cao (Oct 28)
Re: File magic rules for 2.9.6, what options are required? Hui Cao (Dec 27)
Re: Cannot make default /usr/lib/snort_dynamicpreprocessor into ...lib64... Hui Cao (Dec 05)
Re: Snort on iPhone Hui Cao (Oct 30)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 05)
Re: Defines on preprocids.h Hui Cao (Dec 04)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 04)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 04)
Re: [snort-devel] Chainning pre-processors Hui Cao (Dec 04)

Hui Cao (huica)

Re: compile options? Hui Cao (huica) (Dec 03)
Re: compile options? Hui Cao (huica) (Dec 03)

Irani Player

request Irani Player (Oct 30)

Irlam, Oliver J. [RA]

RHEL 6.0 documenation Irlam, Oliver J. [RA] (Nov 12)

Jaime Nebrera

Correlation rules Jaime Nebrera (Nov 12)

James

Snort & Barnyard James (Dec 22)
Re: Snort & Barnyard James (Dec 23)

James Dickenson

Re: Snort not generating alerts James Dickenson (Oct 24)
Re: Feedback on rule testing James Dickenson (Dec 20)
Feedback on rule testing James Dickenson (Dec 20)

James Hodge

Re: Snort & Barnyard James Hodge (Dec 30)

James Lay

Re: Classification Number Mapping James Lay (Oct 02)
Re: HNAP Admin attempts James Lay (Nov 14)
Pony checkin James Lay (Oct 30)
Re: problem with snort configure script and libpcap James Lay (Oct 02)
Re: Interesting observation with with so rules James Lay (Oct 11)
JBoss AS Exploit Sig James Lay (Nov 19)
Asprox Sig James Lay (Nov 12)
Re: Pulledpork duplicate rules James Lay (Oct 14)
Re: Using snort in an PCI DSS environment James Lay (Nov 20)
Re: RAR File Detection James Lay (Oct 14)
Re: disabling specific snort rules James Lay (Oct 24)
Re: Egobot James Lay (Oct 15)
Tenda router backdoor James Lay (Oct 21)
Re: RAR File Detection James Lay (Oct 14)
Re: quick sanity check please? James Lay (Nov 15)
Re: FATAL ERROR: Cannot decode data link type 113 James Lay (Nov 19)
Interesting observation with with so rules James Lay (Oct 11)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) James Lay (Oct 04)
Re: Snort Instance James Lay (Oct 30)
Interesting article James Lay (Oct 25)
Air Installer PUA James Lay (Nov 26)
Re: Logstash James Lay (Oct 15)
Re: FTP / Telnet normalization and anomaly detection James Lay (Dec 06)
Re: Using snort in an PCI DSS environment James Lay (Nov 22)
Re: IE 0-day James Lay (Oct 01)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) James Lay (Oct 04)
Re: Pulledpork duplicate rules James Lay (Oct 14)
vBulletin 4.x and 5.x exploit in the wild James Lay (Oct 09)
Re: Alerting on internal TCP connection attempts to non-existent services or hosts . James Lay (Dec 03)
Re: Reputation Preprocessor James Lay (Oct 13)
Re: Snort not detecting MS08-067 James Lay (Oct 23)
Re: What to do? James Lay (Nov 22)
Re: Error 504 when fetching Rules James Lay (Dec 13)
Re: Interesting observation with with so rules James Lay (Oct 11)
Re: What to do? James Lay (Nov 21)
Re: RAR File Detection James Lay (Oct 11)
Re: Interesting observation with with so rules James Lay (Oct 11)
Re: snort and BGP James Lay (Oct 11)
Fwd: Re: Asprox Sig James Lay (Nov 12)
Re: Air Installer PUA James Lay (Nov 26)
Re: [Snort-users] disablesid.conf Issue (was Syntax for "ignore=" in Pulledpork) James Lay (Nov 14)
Logstash and snort James Lay (Nov 05)
Re: Interesting observation with with so rules James Lay (Oct 12)
Doing the KanKan James Lay (Oct 11)
Egobot James Lay (Oct 15)
HNAP Admin attempts James Lay (Nov 14)
Re: Snort not generating alerts James Lay (Oct 30)
Re: Pony checkin James Lay (Oct 30)
Re: Need help: Snort not logging properly James Lay (Oct 03)
CF Admin parser access sig James Lay (Dec 13)
Re: disabling specific snort rules James Lay (Oct 27)
Re: how to specify collecting packets on more then one interface James Lay (Oct 11)
Re: TIFF images in MS-Office documents used in targeted attacks James Lay (Nov 06)
Re: Pulledpork duplicate rules James Lay (Oct 15)
Re: Snort Instance James Lay (Oct 30)
Re: Pulledpork duplicate rules James Lay (Oct 14)
Re: Interesting observation with with so rules James Lay (Oct 11)
Re: installing Snort OSX 10.9.1 James Lay (Dec 30)
Additional KanKan sig James Lay (Oct 16)
Re: HNAP Admin attempts James Lay (Nov 14)
TIFF images in MS-Office documents used in targeted attacks James Lay (Nov 05)
Logstash James Lay (Oct 15)
Re: Using snort in an PCI DSS environment James Lay (Nov 20)
Re: disabling specific snort rules James Lay (Oct 24)
Re: CF Admin parser access sig James Lay (Dec 13)
IE 0-day James Lay (Oct 01)

Jamie Riden

quick sanity check please? Jamie Riden (Nov 15)

Jason Buker

installing Snort OSX 10.9.1 Jason Buker (Dec 30)

Jason Haar

OT: DNS sinkhole question Jason Haar (Dec 04)

Jeff d'Ambly

snort and BGP Jeff d'Ambly (Oct 11)
Re: snort and BGP Jeff d'Ambly (Oct 15)

Jefferson, Shawn

Re: Attribute Table question Jefferson, Shawn (Nov 14)

Jeff Kell

Re: ANY query rule Jeff Kell (Oct 10)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Jeff Kell (Oct 06)

Jeremy Hoel

False Positive on VRT 28039 Jeremy Hoel (Nov 26)
Re: Logstash Jeremy Hoel (Oct 15)
Re: OPENFPC Proxy merge Jeremy Hoel (Dec 17)
Re: [help,urgent] Using PCRE to match packets in hex Jeremy Hoel (Oct 27)
Re: Logging Packets with Snort Jeremy Hoel (Oct 25)
Re: Logging Packets with Snort Jeremy Hoel (Oct 25)
Re: Logging Packets with Snort Jeremy Hoel (Oct 25)
Re: Question about SNORT Sensor Placement Jeremy Hoel (Dec 31)
Re: Logging Packets with Snort Jeremy Hoel (Oct 25)
Re: Logging Packets with Snort Jeremy Hoel (Oct 25)
Re: 'conifg stateful' option Jeremy Hoel (Nov 13)
Snort.org down? Jeremy Hoel (Oct 01)
'conifg stateful' option Jeremy Hoel (Nov 13)
Re: Snort not detecting MS08-067 Jeremy Hoel (Oct 23)
Re: False Positive on VRT 28039 Jeremy Hoel (Nov 26)
Re: RHEL 6.0 documenation Jeremy Hoel (Nov 12)
Re: Snort.org down? Jeremy Hoel (Oct 01)
Re: OPENFPC Proxy merge Jeremy Hoel (Dec 18)
Re: A question in regards to rules, ACK and flow. Jeremy Hoel (Dec 04)
A question in regards to rules, ACK and flow. Jeremy Hoel (Dec 04)
Re: Logging Packets with Snort Jeremy Hoel (Oct 25)
Re: Community Rules and Pulled Pork Jeremy Hoel (Oct 21)

Jeremy Scott

Sourcefire VRT Certified Snort Rules for CVE-2013-3906 Jeremy Scott (Nov 07)

JJC

Re: pulled pork updates JJC (Oct 15)
Re: Duplicate rules & rule parser JJC (Oct 25)
Re: Pulled Pork 0.7.0 Issues JJC (Nov 07)
Re: Pulledpork issue 142 JJC (Nov 01)
Re: Pulledpork duplicate rules JJC (Oct 14)
Re: Pulledpork duplicate rules JJC (Oct 14)
Re: PulledPork 0.7.0 on windows does not update rules folder JJC (Oct 29)
Re: disabling specific snort rules JJC (Oct 24)
Re: Pulledpork duplicate rules JJC (Oct 14)

JJ Cummings

Re: Duplicate rules & rule parser JJ Cummings (Oct 23)
Re: [help,urgent] Using PCRE to match packets in hex JJ Cummings (Oct 27)
Re: Pulledpork duplicate rules JJ Cummings (Oct 14)
Re: Pulledpork duplicate rules JJ Cummings (Oct 14)
Re: Duplicate rules & rule parser JJ Cummings (Oct 22)

Joel Esler

Re: Issue related to Blacklists Joel Esler (Oct 15)
Re: Snort not detecting MS08-067 Joel Esler (Oct 22)
Re: Flowbits config Joel Esler (Oct 22)
Re: Doing the KanKan Joel Esler (Oct 11)
Re: Flowbits config Joel Esler (Oct 22)
Re: Question about snort rules Joel Esler (Oct 07)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 06)
Re: Duplicate rules & rule parser Joel Esler (Oct 26)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 23)
Re: Duplicate rules & rule parser Joel Esler (Oct 25)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 07)
Re: Snort on iPhone Joel Esler (Oct 30)
Re: 2955 sigs for registered users Joel Esler (Oct 09)
Re: Tenda router backdoor Joel Esler (Oct 21)
Re: pulled pork updates Joel Esler (Oct 15)
Snort.org Blog: Snort VRT Default Ruleset Rebalancing Joel Esler (Oct 11)
Re: request Joel Esler (Oct 30)
Re: disabling specific snort rules Joel Esler (Oct 27)
Re: Pony checkin Joel Esler (Oct 31)
Re: Regarding Snort Rules Joel Esler (Nov 11)
Re: scan rules on pfsense Joel Esler (Nov 11)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 18)
Re: Beginner Rule Problem Joel Esler (Oct 08)
Re: 2955 sigs for registered users Joel Esler (Oct 11)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 24)
Re: Zero day attack protection Joel Esler (Oct 29)
Re: SnortID.com website Joel Esler (Oct 02)
Re: Issue related to Blacklists Joel Esler (Oct 16)
Re: Snort Rule and FTP server Joel Esler (Nov 03)
Re: Zero day attack protection Joel Esler (Oct 28)
Re: [snort-users] About attribute replacement Joel Esler (Oct 18)
Re: Writing Preprocessor For Snort Joel Esler (Nov 03)
Re: Beginner Rule Problem Joel Esler (Oct 08)
Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Joel Esler (Nov 02)
Re: Sample snort.conf not updated? Joel Esler (Oct 23)
Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 11/05/2013 Joel Esler (Nov 05)
Re: Zbot variant sigs Joel Esler (Oct 11)
Re: vBulletin 4.x and 5.x exploit in the wild Joel Esler (Oct 09)
Re: Question about snort rules Joel Esler (Oct 07)
Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Joel Esler (Oct 31)
Re: Beginner Rule Problem Joel Esler (Oct 11)
Re: Duplicate rules & rule parser Joel Esler (Oct 22)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Nov 07)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 18)
Re: Community Rules and Pulled Pork Joel Esler (Oct 21)
Re: snort stop unexpectedly Joel Esler (Nov 04)
Re: Oracle SQL Obfuscation Rule Joel Esler (Oct 22)
Re: IE 0-day Joel Esler (Oct 01)
Re: new sig for detecting Apache / PHP RCE Joel Esler (Oct 30)
Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/14/2013 Joel Esler (Oct 15)
Re: ShodanHQ Rule Joel Esler (Oct 22)
Re: TIFF images in MS-Office documents used in targeted attacks Joel Esler (Nov 06)
Re: SnortID.com website Joel Esler (Oct 02)
Re: Snort not detecting MS08-067 Joel Esler (Oct 23)
Re: 2955 sigs for registered users Joel Esler (Oct 09)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 07)
Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/15/2013, Rule Rebalancing Joel Esler (Oct 15)

Joel Esler (jesler)

Re: snort normalization trouble // not working as I expect Joel Esler (jesler) (Dec 23)
Re: Commented out rules. Joel Esler (jesler) (Dec 20)
Re: Timezone issue in SNORT LOG Joel Esler (jesler) (Nov 26)
Re: Bad range in Snort rules Joel Esler (jesler) (Dec 16)
Re: OPENFPC Proxy merge Joel Esler (jesler) (Dec 17)
Re: IPS does not detect MS12-020 vulnerability via backtrack module Joel Esler (jesler) (Nov 26)
Re: Snort UDP traffic in loopback interface Joel Esler (jesler) (Dec 13)
Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 11/26/2013 Joel Esler (jesler) (Nov 26)
Re: Error 504 when fetching Rules Joel Esler (jesler) (Dec 13)
Re: A question in regards to rules, ACK and flow. Joel Esler (jesler) (Dec 04)
Re: i hvave error when run snort Joel Esler (jesler) (Nov 26)
Re: Error 504 when fetching Rules Joel Esler (jesler) (Dec 13)
Re: snort normalization trouble // not working as I expect Joel Esler (jesler) (Dec 23)
Re: Columbia, MD Snort Users Group Joel Esler (jesler) (Nov 25)
Re: Help with a rule Joel Esler (jesler) (Dec 10)
Re: File magic rules for 2.9.6, what options are required? Joel Esler (jesler) (Dec 27)
Re: Attribute Table question Joel Esler (jesler) (Nov 18)
Re: False Positive on VRT 28039 Joel Esler (jesler) (Nov 27)
Re: IPS does not detect MS12-020 vulnerability via backtrack module Joel Esler (jesler) (Nov 26)
Re: [Snort-sigs] [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Joel Esler (jesler) (Dec 09)
Re: Pulled Pork error Joel Esler (jesler) (Dec 18)
Re: Reputation preprocessor isn't blocking traffic Joel Esler (jesler) (Dec 09)
Re: Rules with options like http_uri of flow Joel Esler (jesler) (Dec 18)
Re: File magic rules for 2.9.6, what options are required? Joel Esler (jesler) (Dec 26)
Re: False Positive on VRT 28039 Joel Esler (jesler) (Nov 26)
Re: [Snort-user] requires libdnet.so.1 Joel Esler (jesler) (Nov 25)
Re: [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword Joel Esler (jesler) (Dec 09)
Re: Confusion about SID 25282 Joel Esler (jesler) (Dec 04)
Re: Testing my own rules/signatures on pcap file Joel Esler (jesler) (Dec 22)

John Babio

sublime text 2 tmlanguage syntax highlighting for snort rules? John Babio (Dec 23)
Re: sublime text 2 tmlanguage syntax highlighting for snort rules? John Babio (Dec 24)

John Millican

Re: Using snort in an PCI DSS environment John Millican (Nov 20)
Re: Using snort in an PCI DSS environment John Millican (Nov 20)

Johnny Venter

Re: Fwd: pulled pork updates Johnny Venter (Oct 23)
Re: Logging Packets with Snort Johnny Venter (Oct 25)
Logging Packets with Snort Johnny Venter (Oct 25)
Re: Logging Packets with Snort Johnny Venter (Oct 25)
Re: Logging Packets with Snort Johnny Venter (Oct 25)
Re: Logging Packets with Snort Johnny Venter (Oct 25)
Re: Logging Packets with Snort Johnny Venter (Oct 25)
pulled pork updates Johnny Venter (Oct 15)
Fwd: pulled pork updates Johnny Venter (Oct 23)

John York

CyberHack Christmas Challenge John York (Dec 13)
Re: OPENFPC Proxy merge John York (Dec 17)

Jonathan Heard

Re: Alerting on internal TCP connection attemptsto non-existent services or hosts . . Jonathan Heard (Dec 05)
Alerting on internal TCP connection attempts to non-existent services or hosts . Jonathan Heard (Dec 03)

Jon Larson

Snort variables longer than 65535 bytes Jon Larson (Dec 01)
Snort variables longer than 65535 bytes Jon Larson (Nov 22)

Jorge G. Perez

snort stop unexpectedly Jorge G. Perez (Nov 04)
UNKNOWN METHOD Jorge G. Perez (Nov 07)

Joshua Kinard

Re: File magic rules for 2.9.6, what options are required? Joshua Kinard (Dec 27)
Re: File magic rules for 2.9.6, what options are required? Joshua Kinard (Dec 27)
Re: File magic rules for 2.9.6, what options are required? Joshua Kinard (Dec 27)
File magic rules for 2.9.6, what options are required? Joshua Kinard (Dec 26)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joshua Kinard (Oct 24)
Re: Snort variables longer than 65535 bytes Joshua Kinard (Dec 02)
Re: File magic rules for 2.9.6, what options are required? Joshua Kinard (Dec 27)
Re: Feature request: isdataat ability in specific (preprocessor) buffers Joshua Kinard (Oct 24)
Re: File magic rules for 2.9.6, what options are required? Joshua Kinard (Dec 27)
Re: RHEL 6 with Snort 2.9.5.6-1 and PCRE 8.33 install issue (UNCLASSIFIED) Joshua Kinard (Dec 27)
Re: RHEL 6 with Snort 2.9.5.6-1 and PCRE 8.33 install issue (UNCLASSIFIED) Joshua Kinard (Dec 27)

JS

Hi Snort Users! JS (Oct 19)
Hey, Snort Users JS (Dec 27)

KA L

http_preprocessor chunk_length parameter KA L (Oct 23)
http_preprocessor question KA L (Oct 22)

Kevin Ross

Re: OPENFPC Proxy merge Kevin Ross (Dec 18)
Re: OPENFPC Proxy merge Kevin Ross (Dec 19)
OPENFPC Proxy merge Kevin Ross (Dec 17)
Re: Zero day attack protection Kevin Ross (Oct 29)
Re: Can snort dump full pcap of alert? Kevin Ross (Dec 20)
Re: OPENFPC Proxy merge Kevin Ross (Dec 19)
Re: OPENFPC Proxy merge Kevin Ross (Dec 17)
Re: OPENFPC Proxy merge Kevin Ross (Dec 18)

Kiryukhin Andrey

Periodic save rule profiling logs Kiryukhin Andrey (Dec 23)

Kodiak80

Re: Beginner Rule Problem Kodiak80 (Oct 10)
Beginner Rule Problem Kodiak80 (Oct 07)

k vijay sai Prashanth

Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)
Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. k vijay sai Prashanth (Oct 10)

Kyle Creyts

Re: Help with a rule Kyle Creyts (Dec 10)

L0rd Ch0de1m0rt

Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Nov 20)
Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Nov 07)
Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Dec 04)
Re: [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Dec 05)
Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword L0rd Ch0de1m0rt (Nov 06)
Re: Feature request: isdataat ability in specific (preprocessor) buffers L0rd Ch0de1m0rt (Nov 06)

LaTonya Hall

Re: Snort not detecting MS08-067 LaTonya Hall (Oct 22)
Classification Number Mapping LaTonya Hall (Oct 02)
Per License Oinkcode LaTonya Hall (Oct 31)
Re: Snort not detecting MS08-067 LaTonya Hall (Oct 23)
[Snort-user] requires libdnet.so.1 LaTonya Hall (Nov 25)
Re: Snort not detecting MS08-067 LaTonya Hall (Oct 23)
Fwd: Classification Number Mapping LaTonya Hall (Oct 02)
Snort not detecting MS08-067 LaTonya Hall (Oct 22)
Re: Snort not detecting MS08-067 LaTonya Hall (Oct 30)

Lay, James

Re: Can snort dump full pcap of alert? Lay, James (Dec 20)

Leonardo Pezente

scan rules on pfsense Leonardo Pezente (Nov 11)
Re: scan rules on pfsense Leonardo Pezente (Nov 12)

Leon Ward

Re: OPENFPC Proxy merge Leon Ward (Dec 17)
Re: OPENFPC Proxy merge Leon Ward (Dec 30)
Re: OPENFPC Proxy merge Leon Ward (Dec 30)

Lil Evil

Re: snort normalization trouble // not working as I expect Lil Evil (Dec 23)
snort normalization trouble // not working as I expect Lil Evil (Dec 23)

lists () packetmail net

Re: [Snort-users] [Snort-devel] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword lists () packetmail net (Dec 09)
Re: HNAP Admin attempts lists () packetmail net (Nov 14)
Re: Help with a rule lists () packetmail net (Dec 10)

Lowe, Richard B

Re: Snort UDP traffic in loopback interface Lowe, Richard B (Dec 12)

Luis Daniel Lucio Quiroz

Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
Re: Snortsam with snort Luis Daniel Lucio Quiroz (Nov 03)
ANY query rule Luis Daniel Lucio Quiroz (Oct 10)
Re: ANY query rule Luis Daniel Lucio Quiroz (Oct 10)

Lukas Matt

Confusion about SID 25282 Lukas Matt (Dec 04)
Bad range in Snort rules Lukas Matt (Dec 16)
IPS does not detect MS12-020 vulnerability via backtrack module Lukas Matt (Nov 26)

Mahendra Ladhe

Re: Snort gives different stats for different runs with the same set of inputs Mahendra Ladhe (Dec 12)
Snort gives different stats for different runs with the same set of inputs Mahendra Ladhe (Dec 12)

Markus Lude

working snort > 2.9.5 on archs with strict memory alignment? Markus Lude (Nov 12)

Mark W. Jeanmougin

Re: Network cards for IPS & query related to PFRING Mark W. Jeanmougin (Oct 26)

Mary

Fwd: unsock option Mary (Oct 30)

Mathewson, Nathan

Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Mathewson, Nathan (Oct 04)

Matt .

Snort not generating alerts Matt . (Oct 23)
Snort not generating alerts Matt . (Oct 30)

Matt Brichetto

Pulled Pork Verifying Rule Updates Matt Brichetto (Oct 15)

Matt Watchinski

Re: Writing normalizer for snort Matt Watchinski (Nov 12)

Maxwell, Jamison [HDS]

Re: Malware detection with Snort Maxwell, Jamison [HDS] (Nov 26)

Mayur Patil

Re: Compile so rules in C language Mayur Patil (Oct 28)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 08)
Fwd: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 07)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 13)
Re: UNKNOWN METHOD Mayur Patil (Nov 07)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 04)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 04)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
Re: [snort-users] About attribute replacement Mayur Patil (Oct 19)
Re: UNKNOWN METHOD Mayur Patil (Nov 07)
Re: [snort-users] About attribute replacement Mayur Patil (Oct 18)
Re: Writing Preprocessor For Snort Mayur Patil (Nov 03)
Re: Malware detection with Snort Mayur Patil (Nov 26)
Fwd: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 17)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)
Re: [HOW-TO] Logging Snort alerts to Syslog and Splunk Mayur Patil (Oct 05)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 09)
[snort-users] About attribute replacement Mayur Patil (Oct 18)
Re: Unrecognised syslog facility/priority in snort Mayur Patil (Oct 11)

Meysam Farazmand

nmap -sT prevention Meysam Farazmand (Oct 09)

Mike Hale

Issues with suppressing some preproc rules Mike Hale (Nov 26)
Re: Issues with suppressing some preproc rules Mike Hale (Nov 26)

Miso Patel

Snort on iPhone Miso Patel (Oct 30)

mohammad mahdizadeh

question about snort anomaly detection mohammad mahdizadeh (Oct 13)

Mustafa Karci

Snort not taking nmap second time (scan) Mustafa Karci (Nov 29)
prepossesors (fsportscan) not working Mustafa Karci (Nov 28)
snort nmap not working Mustafa Karci (Nov 26)

Nguyen Quoc Viet

show snort rules Nguyen Quoc Viet (Nov 13)

nicenate

Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 04)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 07)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 04)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 05)

Nicholas Horton

Re: Snort Instance Nicholas Horton (Oct 30)
Snort Instance Nicholas Horton (Oct 30)
Re: Snort Instance Nicholas Horton (Oct 30)

Nicholas Mavis

Oracle SQL Obfuscation Rule Nicholas Mavis (Oct 22)
Re: CF Admin parser access sig Nicholas Mavis (Dec 13)
Re: Rules with options like http_uri of flow Nicholas Mavis (Dec 17)

Nick Randolph

Re: Egobot Nick Randolph (Oct 15)

oalabeatrix

BASE does not fill the BASE Homepage Portscan bar oalabeatrix (Dec 03)

olivier a

SNORT/BASE does not fill the BASE Homepage Portscan bar olivier a (Dec 01)

Omar Sattar/NOC/Nexlinx

How to define External Port lists to be ignored in snort Omar Sattar/NOC/Nexlinx (Dec 30)

Ong Wen Jian

Re: Compiling Snort Source Code version 2.9 in Windows with Visual Studio 2008 Ong Wen Jian (Nov 14)
Compiling Snort Source Code version 2.9 in Windows with Visual Studio 2008 Ong Wen Jian (Oct 30)
Re: Compiling Snort Source Code version 2.9 in Windows with Visual Studio 2008 Ong Wen Jian (Nov 14)

onno

Rules with options like http_uri of flow onno (Dec 17)

onno () b00z nl

Re: Pulled Pork error onno () b00z nl (Dec 18)

Onno van der Leun

Re: Rules with options like http_uri of flow Onno van der Leun (Dec 18)
Can snort dump full pcap of alert? Onno van der Leun (Dec 19)
Re: Rules with options like http_uri of flow Onno van der Leun (Dec 18)

Ozgur Karatas

Snort work is slowing Ozgur Karatas (Dec 21)

Patrick Mullen

Re: Writing a dynamic rules Patrick Mullen (Nov 11)
Re: Sourcefire VRT Certified Snort Rules for CVE-2013-3906 Patrick Mullen (Nov 08)

Paul Bottomley

Re: TIFF images in MS-Office documents used in targeted attacks Paul Bottomley (Nov 06)
I2P traffic Paul Bottomley (Nov 25)

paul meding

Re: http://webres1.pand.ctmail.com/ paul meding (Dec 04)

Peter Bates

Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. Peter Bates (Oct 10)
Re: Duplicate rules & rule parser Peter Bates (Oct 22)
Re: Flowbits config Peter Bates (Oct 22)
Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. Peter Bates (Oct 10)
Re: Duplicate rules & rule parser Peter Bates (Oct 22)
Re: snort and barnyard2 using a lot of resources Peter Bates (Oct 18)
Re: Fwd: Unrecognised syslog facility/priority in snort Peter Bates (Oct 18)
Re: Duplicate rules & rule parser Peter Bates (Oct 24)
Re: Network cards for IPS & query related to PFRING Peter Bates (Oct 24)
Re: ERROR: Can't set DAQ BPF filter to 'status' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. Peter Bates (Oct 10)
Re: Fwd: pulled pork updates Peter Bates (Oct 23)

Prashant Mishra

Regarding Snort Rules Prashant Mishra (Nov 11)

praveen_recker .

Re: Unrecognised syslog facility/priority in snort praveen_recker . (Oct 04)
Re: Unrecognised syslog facility/priority in snort praveen_recker . (Oct 13)
[HOW-TO] Logging Snort alerts to Syslog and Splunk praveen_recker . (Oct 05)

Qinwen Hu

How to use Snort to detect DNS reverse lookup queries Qinwen Hu (Nov 26)

quocviet nguyen

Snort Rule and FTP server quocviet nguyen (Nov 03)
Re: Snortsam with snort quocviet nguyen (Nov 04)
Snortsam with snort quocviet nguyen (Nov 03)
Re: Snortsam with snort quocviet nguyen (Nov 03)

Randal T. Rioux

Re: Barnyard2 showing no records Randal T. Rioux (Oct 03)
Re: SnortID.com website Randal T. Rioux (Oct 02)
Re: @snort alert Randal T. Rioux (Nov 29)
Re: (no subject) Randal T. Rioux (Nov 29)
Re: SnortID.com website Randal T. Rioux (Oct 02)

Research

Sourcefire VRT Certified Snort Rules Update 2013-12-10 Research (Dec 10)
Sourcefire VRT Certified Snort Rules Update 2013-12-24 Research (Dec 24)
Sourcefire VRT Certified Snort Rules Update 2013-12-05 Research (Dec 05)
Sourcefire VRT Certified Snort Rules Update 2013-10-31 Research (Oct 31)
Sourcefire VRT Certified Snort Rules Update 2013-10-01 Research (Oct 01)
Sourcefire VRT Certified Snort Rules Update 2013-12-17 Research (Dec 17)
Sourcefire VRT Certified Snort Rules Update 2013-10-08 Research (Oct 08)
Sourcefire VRT Certified Snort Rules Update 2013-10-14 Research (Oct 14)
Sourcefire VRT Certified Snort Rules Update 2013-10-03 Research (Oct 03)
Sourcefire VRT Certified Snort Rules Update 2013-10-29 Research (Oct 29)
Sourcefire VRT Certified Snort Rules Update 2013-12-12 Research (Dec 12)
Sourcefire VRT Certified Snort Rules Update 2013-11-07 Research (Nov 07)
Sourcefire VRT Certified Snort Rules Update 2013-11-26 Research (Nov 26)
Sourcefire VRT Certified Snort Rules Update 2013-10-24 Research (Oct 24)
Sourcefire VRT Certified Snort Rules Update 2013-10-22 Research (Oct 22)
Sourcefire VRT Certified Snort Rules Update 2013-11-22 Research (Nov 22)
Sourcefire VRT Certified Snort Rules Update 2013-11-20 Research (Nov 20)
Sourcefire VRT Certified Snort Rules Update 2013-12-19 Research (Dec 19)
Sourcefire VRT Certified Snort Rules Update 2013-11-12 Research (Nov 12)
Sourcefire VRT Certified Snort Rules Update 2013-12-31 Research (Dec 31)
Sourcefire VRT Certified Snort Rules Update 2013-10-17 Research (Oct 17)
Sourcefire VRT Certified Snort Rules Update 2013-11-18 Research (Nov 18)
Sourcefire VRT Certified Snort Rules Update 2013-11-05 Research (Nov 05)
Sourcefire VRT Certified Snort Rules Update 2013-10-10 Research (Oct 10)
Sourcefire VRT Certified Snort Rules Update 2013-10-15 Research (Oct 15)
Sourcefire VRT Certified Snort Rules Update 2013-11-14 Research (Nov 14)
Sourcefire VRT Certified Snort Rules Update 2013-12-02 Research (Dec 02)

ResQue

PulledPork 0.7.0 on windows does not update rules folder ResQue (Oct 29)
PulledPork 0.7.0 on windows does not update rules folder ResQue (Oct 28)

rmkml

Update: new release on ETPLC project ! rmkml (Nov 21)
Re: Offered new rule for detect last Outlook/Crypto API... rmkml (Nov 13)
Re: Rules with options like http_uri of flow rmkml (Dec 17)
RE : Re: FTP / Telnet normalization and anomaly detection rmkml (Dec 06)
Re: [help,urgent] Using PCRE to match packets in hex rmkml (Oct 27)
Re: Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword rmkml (Nov 20)
Re: HNAP Admin attempts rmkml (Nov 14)
Re: [help,urgent] Using PCRE to match packets in hex rmkml (Oct 27)
Offered new rule for detect last Outlook/Crypto API... rmkml (Nov 12)
Re: new sig for detecting Apache / PHP RCE rmkml (Oct 30)
new sig for detecting Apache / PHP RCE rmkml (Oct 30)
Re: [help,urgent] Using PCRE to match packets in hex rmkml (Oct 27)
Re: [Snort-users] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword rmkml (Dec 04)
Re: Snort UDP traffic in loopback interface rmkml (Dec 11)
Re: Snort not generating alerts rmkml (Oct 30)
RE : Snort Rule and FTP server rmkml (Nov 03)
Re: [Snort-sigs] Serious problems Snort 2.9 with relative content matches using http_inspect preprocessor and http_uri keyword rmkml (Nov 08)
Re: Snort not detecting MS08-067 rmkml (Oct 22)

Rob MacGregor

Re: Feedback on rule testing Rob MacGregor (Dec 20)

Rodrigo Montoro(Sp0oKeR)

Re: Interesting article Rodrigo Montoro(Sp0oKeR) (Oct 28)
Re: prepossesors (fsportscan) not working Rodrigo Montoro(Sp0oKeR) (Nov 28)

Rodrigo Pimpão

Defines on preprocids.h Rodrigo Pimpão (Dec 04)
Help to understand functions Rodrigo Pimpão (Dec 26)

Roland RoLaNd

pulledpork not retrieving reg rules Roland RoLaNd (Oct 10)
disabling specific snort rules Roland RoLaNd (Oct 24)
Re: disabling specific snort rules Roland RoLaNd (Oct 27)
snort 2.9.5.5 from source - error on make Roland RoLaNd (Oct 16)
Re: disabling specific snort rules Roland RoLaNd (Oct 24)
snort and barnyard2 using a lot of resources Roland RoLaNd (Oct 18)
snort.conf network variables Roland RoLaNd (Oct 16)
Re: pulledpork not retrieving reg rules Roland RoLaNd (Oct 10)

Ron Haines

Community Rules and Pulled Pork Ron Haines (Oct 21)

Russ Combs

Re: Need help to know which files to be changed in Dynamic preprocessor starter kit Russ Combs (Dec 26)
Re: Snort variables longer than 65535 bytes Russ Combs (Dec 02)
Re: Issue related to Blacklists Russ Combs (Oct 17)
Re: tools in tools folder not automatically built from .spec file?!?! Russ Combs (Nov 14)
Re: question about snort anomaly detection Russ Combs (Oct 14)
Re: Writing Preprocessor For Snort Russ Combs (Nov 08)
Re: how to specify collecting packets on more then one interface Russ Combs (Oct 09)
Re: DPX Output Verification Russ Combs (Dec 16)
Re: Please verif Output of DPX (sample dynamic preprocessor tool kit) Russ Combs (Dec 02)
Re: Need help to know which files to be changed in Dynamic preprocessor starter kit Russ Combs (Nov 22)
Re: Snort gives different stats for different runs with the same set of inputs Russ Combs (Dec 12)
Re: Is it a bug? Russ Combs (Dec 02)
Re: Snort not taking nmap second time (scan) Russ Combs (Dec 02)
Re: Writing Preprocessor For Snort Russ Combs (Nov 07)
Re: Timezone issue in SNORT LOG Russ Combs (Dec 02)

Saint Crusty

Re: Zero day attack protection Saint Crusty (Oct 28)
Re: Zero day attack protection Saint Crusty (Oct 29)

Salvo

Snort logs are empty Salvo (Oct 25)
Snort and Banyard2 no data in logs. Salvo (Oct 24)
Re: Malware detection with Snort Salvo (Nov 26)
Re: DAQ. Configure "error checking for libpcap version >= "1.0.0"... n" Salvo (Oct 15)
Re: DAQ. Configure "error checking for libpcap version >= "1.0.0"... n". Problem Solved. Salvo (Oct 16)
Re: Snort logs are empty Salvo (Oct 25)
DAQ. Configure "error checking for libpcap version >= "1.0.0"... n" Salvo (Oct 13)

setests setests

Reputation Preprocessor setests setests (Oct 13)

Seydou Mamadou Traore

(no subject) Seydou Mamadou Traore (Nov 07)

SnortFan

Re: Commented out rules. SnortFan (Dec 21)
Pulled Pork error SnortFan (Dec 18)
Attribute Table question SnortFan (Nov 14)
Re: Attribute Table question SnortFan (Nov 18)
Re: Pulled Pork error SnortFan (Dec 18)
Commented out rules. SnortFan (Dec 20)

Snort Releases

Snort 2.9.5.6 Now Available Snort Releases (Nov 18)
Snort 2.9.6 Beta Now Available Snort Releases (Nov 18)
Snort 2.9.6 RC Now Available Snort Releases (Dec 12)
Snort 2.9.6 Beta Now Available Snort Releases (Nov 18)
Snort 2.9.6 RC Now Available Snort Releases (Dec 12)
Snort 2.9.5.6 Now Available Snort Releases (Nov 18)

snorty

how to specify collecting packets on more then one interface snorty (Oct 11)
how to specify collecting packets on more then one interface snorty (Oct 08)

sockstat

Re: Zero day attack protection sockstat (Oct 28)

Sri ranjani

I am unable to View rules for specific events in snort database Sri ranjani (Nov 14)

Stark, Vernon L.

Re: Pulledpork duplicate rules Stark, Vernon L. (Oct 15)
disablesid.conf Issue (was Syntax for "ignore=" in Pulledpork) Stark, Vernon L. (Nov 14)
Error 504 when fetching Rules Stark, Vernon L. (Dec 13)
Sample snort.conf not updated? Stark, Vernon L. (Oct 23)
Re: Alerting on internal TCP connection attempts to non-existent services or hosts . Stark, Vernon L. (Dec 03)
Syntax for "ignore=" in Pulledpork Stark, Vernon L. (Nov 13)
Re: Pulledpork duplicate rules Stark, Vernon L. (Oct 15)
Re: Pulledpork duplicate rules Stark, Vernon L. (Oct 14)
Re: Pulledpork duplicate rules Stark, Vernon L. (Oct 15)
Re: Error 504 when fetching Rules Stark, Vernon L. (Dec 13)

Stephen Fernandis [IT Shared Services – Hub]

Re: Snort gives different stats for different runs with the same set of inputs Stephen Fernandis [IT Shared Services – Hub] (Dec 13)

Stephen Teti

Rule to match all non-HTTP traffic Stephen Teti (Nov 18)

Steven Sturges

Re: Snort on iPhone Steven Sturges (Oct 30)

Turnbough, Bradley E.

Pulled Pork 0.7.0 Issues Turnbough, Bradley E. (Nov 05)
Re: Barnyard2 / Extra Data Logging -- Status Turnbough, Bradley E. (Nov 14)
Re: Pulled Pork 0.7.0 Issues Turnbough, Bradley E. (Nov 07)
2955 sigs for registered users Turnbough, Bradley E. (Oct 09)
Barnyard2 / Extra Data Logging -- Status Turnbough, Bradley E. (Nov 13)
Re: tools in tools folder not automatically built from .spec file?!?! Turnbough, Bradley E. (Nov 14)
tools in tools folder not automatically built from .spec file?!?! Turnbough, Bradley E. (Nov 13)

Tyler MacPherson

Help with a rule Tyler MacPherson (Dec 10)

Victor Roemer

Re: sublime text 2 tmlanguage syntax highlighting for snort rules? Victor Roemer (Dec 24)
Re: File magic rules for 2.9.6, what options are required? Victor Roemer (Dec 27)
Re: Snort on iPhone Victor Roemer (Oct 30)

waldo kitty

Re: Snort and Banyard2 no data in logs. waldo kitty (Oct 24)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
Re: UNKNOWN METHOD waldo kitty (Nov 07)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
Re: compile options? waldo kitty (Dec 02)
Re: Timezone issue in SNORT LOG waldo kitty (Nov 26)
Re: NFQ DAQ "module version issue" on Debian waldo kitty (Oct 28)
Re: Blocking Domain name like example.com waldo kitty (Dec 23)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
Re: Per License Oinkcode waldo kitty (Oct 31)
Re: install waldo kitty (Nov 29)
Re: @snort alert waldo kitty (Nov 28)
Re: Issues with suppressing some preproc rules waldo kitty (Nov 26)
Re: disabling specific snort rules waldo kitty (Oct 24)
Re: [help,urgent] Using PCRE to match packets in hex waldo kitty (Oct 27)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 15)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
Re: Periodic save rule profiling logs waldo kitty (Dec 23)
Re: UNKNOWN METHOD waldo kitty (Nov 07)
Re: Barnyard2 reports database insert errors waldo kitty (Nov 05)
Re: OT: DNS sinkhole question waldo kitty (Dec 04)
Re: FATAL ERROR: Cannot decode data link type 113 waldo kitty (Nov 19)
Re: Snort 0,01 seconds too late? waldo kitty (Dec 01)
Re: difference between pulledpork -P and -n option? waldo kitty (Nov 16)
Re: Barnyard2 reports database insert errors waldo kitty (Nov 05)
Re: Multiple SID's for same type of event waldo kitty (Oct 24)
Re: [snort-users] About attribute replacement waldo kitty (Oct 19)
Re: Blocking Domain name like example.com waldo kitty (Dec 21)
Re: 'conifg stateful' option waldo kitty (Nov 13)
Re: i hvave error when run snort waldo kitty (Nov 26)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 19)
Re: Barnyard2 reports database insert errors waldo kitty (Nov 02)
Re: First time snorting ... ERROR: The dynamic detection library ... waldo kitty (Nov 14)
Re: HNAP Admin attempts waldo kitty (Nov 14)
Re: http://webres1.pand.ctmail.com/ waldo kitty (Dec 04)
Re: @empty rules files waldo kitty (Nov 14)
FATAL ERROR: Cannot decode data link type 113 waldo kitty (Nov 19)
Re: Queries regarding FRAG3 & STREAM5 waldo kitty (Nov 09)
Re: Pulledpork duplicate rules waldo kitty (Oct 15)

WangChuang

About README.UNSOCK WangChuang (Nov 14)
Re: About README.UNSOCK WangChuang (Nov 18)

Wei-li Tang

Incremental latency when ping via Snort inline Wei-li Tang (Nov 05)

Will Metcalf

Re: [Emerging-Sigs] Offered new rule for detect last Outlook/Crypto API... Will Metcalf (Nov 12)

wkitty42

Re: Pulledpork duplicate rules wkitty42 (Oct 14)
Re: Unrecognised syslog facility/priority in snort wkitty42 (Oct 09)
Re: Interesting observation with with so rules wkitty42 (Oct 11)
Re: ANY query rule wkitty42 (Oct 10)
Re: Beginner Rule Problem wkitty42 (Oct 10)
Re: ANY query rule wkitty42 (Oct 11)
Re: DAQ. Configure "error checking for libpcap version >= "1.0.0"... n" wkitty42 (Oct 13)
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) wkitty42 (Oct 05)
Re: pulledpork not retrieving reg rules wkitty42 (Oct 10)
Re: 2955 sigs for registered users wkitty42 (Oct 09)
Re: ANY query rule wkitty42 (Oct 11)
Re: Interesting observation with with so rules wkitty42 (Oct 11)
Re: 2955 sigs for registered users wkitty42 (Oct 10)

Wright, Jonathon S CTR (US)

RHEL 6 with Snort 2.9.5.6-1 and PCRE 8.33 install issue (UNCLASSIFIED) Wright, Jonathon S CTR (US) (Dec 27)
RHEL 6 with Snort 2.9.5.6-1 and PCRE 8.33 install issue (UNCLASSIFIED) Wright, Jonathon S CTR (US) (Dec 27)
Re: RHEL 6 with Snort 2.9.5.6-1 and PCRE 8.33 install issue (UNCLASSIFIED) Wright, Jonathon S CTR (US) (Dec 27)
Re: RHEL 6 with Snort 2.9.5.6-1 and PCRE 8.33 install issue (UNCLASSIFIED) Wright, Jonathon S CTR (US) (Dec 27)

Y M

SIP scanner sig Y M (Oct 01)
Re: Commented out rules. Y M (Dec 20)
Re: Expiro sigs Y M (Nov 14)
Re: Zbot variant sigs Y M (Oct 10)
Re: Expiro sigs Y M (Nov 14)
Re: Zbot/Simda sig Y M (Oct 10)
Rovnix Sig Y M (Dec 09)
Re: show snort rules Y M (Nov 13)
Re: Dynamic rules not initialized properly Y M (Oct 07)
Re: Zbot variant sigs Y M (Oct 11)
Re: SIP scanner sig Y M (Oct 01)
Linux Fokirtor Backdoor Y M (Nov 19)
Adware/Toolbar? Y M (Oct 20)
Re: quick sanity check please? Y M (Nov 15)
Re: HNAP Admin attempts Y M (Nov 14)
Re: Interesting observation with with so rules Y M (Oct 11)
Re: Zbot variant sigs Y M (Oct 10)
Expiro sigs Y M (Nov 14)
Re: Can snort dump full pcap of alert? Y M (Dec 19)
Re: SIP scanner sig Y M (Oct 01)
Re: Help with a rule Y M (Dec 10)
Re: Interesting observation with with so rules Y M (Oct 11)
Re: First time snorting ... ERROR: The dynamic detection library ... Y M (Nov 15)
Zbot/Simda sig Y M (Oct 10)
Re: Syntax for "ignore=" in Pulledpork Y M (Nov 13)
Re: Dynamic rules not initialized properly Y M (Oct 07)

Youngquist, Jason R.

problem with snort configure script and libpcap Youngquist, Jason R. (Oct 02)

Yoyo Lam

Re: [help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 28)
Re: [help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 28)
Re: [help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 27)
Re: [help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 27)
Re: [help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 27)
Re: [help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 27)
[help,urgent] Using PCRE to match packets in hex Yoyo Lam (Oct 27)

Zach Hatsis

Unified2 file corrupt? Zach Hatsis (Nov 11)
Errors on using Dynamic Rules Zach Hatsis (Dec 06)
Re: Unified2 file corrupt? Zach Hatsis (Nov 13)

Максим Завилов

Re: Snort UDP traffic in loopback interface Максим Завилов (Dec 13)

Previous period

Next period