Snort: by date
RSS Feed
About List
All Lists
Previous period
735 messages
starting Oct 01 14 and
ending Dec 29 14
Date index |
Thread index |
Author index
Wednesday, 01 October
Need your help waleed bulajoul
Recall massage Need your help waleed bulajoul
Snort Dropped Packets waleed bulajoul
Unknown rule option sip_header James Lay
Re: Unknown rule option sip_header Y M
Re: Snort Dropped Packets Y M
Re: Unknown rule option sip_header James Lay
Re: Unknown rule option sip_header Jeremy Hoel
Re: Unknown rule option sip_header James Lay
Re: Unknown rule option sip_header Y M
Re: Unknown rule option sip_header Shirkdog
Re: Unknown rule option sip_header James Lay
Re: Unknown rule option sip_header Y M
Re: Unknown rule option sip_header Joel Esler (jesler)
Re: Unknown rule option sip_header Jeremy Hoel
Re: Unknown rule option sip_header waldo kitty
Re: Unknown rule option sip_header James Lay
snort syslog and barnyard2 John Hally
Re: snort syslog and barnyard2 Joel Esler (jesler)
Re: snort syslog and barnyard2 Shirkdog
Re: snort syslog and barnyard2 Joel Esler (jesler)
Re: snort syslog and barnyard2 John Hally
ERROR: 'debug-pkts' is an invalid option to the 'config ppm:' configuration Jiahua Yu
Re: Fast Pattern Matcher not using http_raw_* content strings? Mike Cox
Fwd: [Snort-users] ERROR: 'debug-pkts' is an invalid option to the 'config ppm:' configuration Joel Esler (jesler)
Re: Fast Pattern Matcher not using http_raw_* content strings? Joel Esler (jesler)
Re: Fwd: [Snort-users] ERROR: 'debug-pkts' is an invalid option to the 'config ppm:' configuration Hui cao
Re: Snort-devel Digest, Vol 98, Issue 7 Muhammad Ridwan Zalbina
Re: Unknown rule option sip_header waldo kitty
Re: ERROR: 'debug-pkts' is an invalid option to the 'config ppm:' configuration waldo kitty
Re: ERROR: 'debug-pkts' is an invalid option to the 'config ppm:' configuration Jiahua Yu
Which NIC Offload Properties should I turn them on or off to make Snort logging work? Jutichai Thongkrachai
Thursday, 02 October
Re: ERSPAN and IDS Carter Waxman (cwaxman)
Multiple Instances of SNORT test engineer
Re: Multiple Instances of SNORT Stark, Vernon L.
Re: Multiple Instances of SNORT Y M
Re: Multiple Instances of SNORT Bill Bernsen
Sourcefire VRT Certified Snort Rules Update 2014-10-02 Research
Re: Multiple Instances of SNORT Robert Cotter
Friday, 03 October
Re: Multiple Instances of SNORT Juan Jesus Prieto
Snort, barnyard2, snorby issue Joey Moe
Re: Snort, barnyard2, snorby issue Sharif Uddin
Re: Snort, barnyard2, snorby issue Joey Moe
The DAQ version does not support reload Deepak Yadav
Using Snort on Amazon AWS VPC Paulo Henrique Castro
Re: Multiple Instances of SNORT test engineer
Measuring the delay introduced by Snort Jiahua Yu
FATAL error on the snort as" Snort[]: FATAL ERROR: Event6 type not yet supported!" vinay kadagave
Re: The DAQ version does not support reload waldo kitty
Re: Multiple Instances of SNORT test engineer
Re: A size of log file is zero although there is an attack Jutichai Thongkrachai
Saturday, 04 October
Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort Peter Fyon
Re: A size of log file is zero although there is an attack waldo kitty
Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort Russ Combs (rucombs)
Sunday, 05 October
Get Invalid Configuration in blacklist.rules when restart Snort Jutichai Thongkrachai
Monday, 06 October
Re: Get Invalid Configuration in blacklist.rules when restart Snort Joel Esler (jesler)
Re: Get Invalid Configuration in blacklist.rules when restart Snort Jutichai Thongkrachai
93.184.215.200 black listed IP address Ceejay Cervantes
Re: Get Invalid Configuration in blacklist.rules when restart Snort Stephen Gantz
Re: 93.184.215.200 black listed IP address Joel Esler (jesler)
Re: Get Invalid Configuration in blacklist.rules when restart Snort Joel Esler (jesler)
Re: 93.184.215.200 black listed IP address Ceejay Cervantes
Re: 93.184.215.200 black listed IP address Joel Esler (jesler)
Re: 93.184.215.200 black listed IP address James Lay
Snort + DARPA Tho Le Phuoc
Slow snort startup, plus flowbit issues Andre DiMino
Re: Slow snort startup, plus flowbit issues Y M
Re: Slow snort startup, plus flowbit issues waldo kitty
Re: Snort + DARPA Y M
Re: Slow snort startup, plus flowbit issues Bill Bernsen
Re: Snort + DARPA waldo kitty
Re: Snort + DARPA Tho Le Phuoc
Issue with pcre Sean Cavanaugh
Re: Issue with pcre lists
Snort Segfault Peter Fyon
Re: Issue with pcre Sean Cavanaugh
Re: Issue with pcre lists
Re: Issue with pcre Joel Esler (jesler)
Re: Slow snort startup, plus flowbit issues Joel Esler (jesler)
Re: Issue with pcre lists
Re: Issue with pcre Joel Esler (jesler)
Measuring the delay caused by snort Jiahua Yu
Re: Issue with pcre lists
Re: Issue with pcre waldo kitty
Re: Issue with pcre lists
Re: Snort Segfault Peter Fyon
Snort precompiled rule causes segfault Peter Fyon
Re: Slow snort startup, plus flowbit issues Andre DiMino
Re: Issue with pcre waldo kitty
Re: Issue with pcre lists
Tuesday, 07 October
SPADE preprocessor Tho Le Phuoc
Re: SPADE preprocessor Shirkdog
Re: Snort Segfault Patrick Mullen
Sourcefire VRT Certified Snort Rules Update 2014-10-07 Research
hi mohsen Abbaspour
Genetic Algorithm Integration to Snort in Debian 6 chozy fachrul
Re: SPADE preprocessor waldo kitty
FW: hi Ed Borgoyn (eborgoyn)
Snort.org confirmation email Stuart Wyatt
Re: Snort.org confirmation email Jeremy Hoel
Implementation Genetic Algorithm to Snort chozy fachrul
Re: Snort.org confirmation email Stuart Wyatt
Re: Get Invalid Configuration in blacklist.rules when restart Snort Jutichai Thongkrachai
Snort.AD http://anomalydetection.info/ Tho Le Phuoc
Snort doesn't generate unified2 alert log Jutichai Thongkrachai
Re: SPADE preprocessor Tho Le Phuoc
Wednesday, 08 October
Re: SPADE preprocessor waldo kitty
Sourcefire VRT Certified Snort Rules Update 2014-10-08 Research
Custom signature question Jeronimo L. Cabral
Re: SPADE preprocessor Marty Roesch (maroesch)
Re: Snort-devel Digest, Vol 99, Issue 3 Muhammad Ridwan Zalbina
Thursday, 09 October
PulledPork recent issue James Lay
Re: PulledPork recent issue Shirkdog
Re: PulledPork recent issue James Lay
Snort 2.9.7 RC is now available Snort Releases
Snort 2.9.7 RC is now available Snort Releases
Re: Custom signature question Joel Esler (jesler)
Re: Snort-devel Digest, Vol 99, Issue 3 Ed Borgoyn (eborgoyn)
Re: PulledPork recent issue Shirkdog
Re: PulledPork recent issue James Lay
Re: PulledPork recent issue James Lay
Re: PulledPork recent issue Joel Esler (jesler)
Re: PulledPork recent issue James Lay
Shellshock CVE 2014-6271 Lukas Matt
Re: Shellshock CVE 2014-6271 Lukas Matt
Re: Shellshock CVE 2014-6271 Alex McDonnell
byte_extract addition? Mike Cox
Sourcefire VRT Certified Snort Rules Update 2014-10-09 Research
Re: byte_extract addition? Ed Borgoyn (eborgoyn)
Friday, 10 October
SID:32124 BLACKLIST Win.Backdoor.Upatre SSL Cert inbound Joe Gedeon
Re: SID:32124 BLACKLIST Win.Backdoor.Upatre SSL Cert inbound Joel Esler (jesler)
Snort sigs for BlackEnergy v3 / lite David Bryant
Re: SID:32124 BLACKLIST Win.Backdoor.Upatre SSL Cert inbound Joe Gedeon
Re: Snort sigs for BlackEnergy v3 / lite waldo kitty
Re: Snort sigs for BlackEnergy v3 / lite Joel Esler (jesler)
Saturday, 11 October
hi mohsen Abbaspour
Questions on Sig 31985 Sam
BASE 1.4.5 - browsing Previous and Next events not working? Michael Steele
Monday, 13 October
Pulledpork doesn't creates sid-msg.map properly C. L. Martinez
Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez
Re: Pulledpork doesn't creates sid-msg.map properly Rob MacGregor
Re: Pulledpork doesn't creates sid-msg.map properly Shirkdog
Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez
Re: Pulledpork doesn't creates sid-msg.map properly Shirkdog
Re: Pulledpork doesn't creates sid-msg.map properly C. L. Martinez
Events output timestamps mismatch? Y M
Re: SID:32124 BLACKLIST Win.Backdoor.Upatre SSL Cert inbound Joe Gedeon
Re: SID:32124 BLACKLIST Win.Backdoor.Upatre SSL Cert inbound Joel Esler (jesler)
Re: SID:32124 BLACKLIST Win.Backdoor.Upatre SSL Cert inbound Jamie Riden
Re: Pulledpork doesn't creates sid-msg.map properly waldo kitty
Acidbase frontend does not show IPv6 alerts? Marcelo Garcia
S5: Pruned session from cache that was using X bytes (stale/timeout). ML mail
Re: S5: Pruned session from cache that was using X bytes (stale/timeout). waldo kitty
Tuesday, 14 October
Re: Acidbase frontend does not show IPv6 alerts? Jeremy Hoel
Sourcefire VRT Certified Snort Rules Update 2014-10-14 Research
Wednesday, 15 October
Re: Acidbase frontend does not show IPv6 alerts? Marcelo Garcia
SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Greg Kay
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Joe Gedeon
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm McGlamery, Russell
Re: Unable to kill a non-zombie process with -9 (fwd) elof2
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm McGlamery, Russell
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Joel Esler (jesler)
False positives for symcb.com Robert Pritchard
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Greg Kay
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm McGlamery, Russell
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Y M
SID 32186 Jeremy Scott
Re: SID 32186 Nick Randolph
predefined rules José Luis Rodríguez Rodríguez
Assist with FrameworkPOS sig James Lay
Sid 21858 Oscar A
Sourcefire VRT Certified Snort Rules Update 2014-10-15 Research
Re: Assist with FrameworkPOS sig rmkml
Re: Assist with FrameworkPOS sig rmkml
Re: Sid 21858 Joel Esler (jesler)
Re: Assist with FrameworkPOS sig James Lay
Re: Sid 21858 Oscar A
Thursday, 16 October
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Alex McDonnell
Snort App Logs (not alerts) Kurzawa, Kevin
Re: Snort App Logs (not alerts) James Lay
Re: SID 32174 BLACKLIST DNS request for known malware domain sr.symcd.com - Osx.Backdoor.iWorm Y M
Re: Snort App Logs (not alerts) Kurzawa, Kevin
Regular Expression Matching in Snort Rules Venkataramesh Bontupalli
Re: Snort App Logs (not alerts) waldo kitty
Re: Snort App Logs (not alerts) Y M
Re: Regular Expression Matching in Snort Rules Mitesh Jadia
Re: Regular Expression Matching in Snort Rules Venkataramesh Bontupalli
Re: Snort App Logs (not alerts) Kurzawa, Kevin
Sourcefire VRT Certified Snort Rules Update 2014-10-16 Research
Snort and core rules Muhammad Ridwan Zalbina
Re: Regular Expression Matching in Snort Rules Mitesh Jadia
Friday, 17 October
Re: Regular Expression Matching in Snort Rules Venkataramesh Bontupalli
Port problems in a rule Kurzawa, Kevin
Unable to update Snort signatures Hanson.Webster
Re: Port problems in a rule waldo kitty
Re: Unable to update Snort signatures James Lay
Re: Unable to update Snort signatures lists () packetmail net
Unable to update Snort signatures Hanson.Webster
Re: Unable to update Snort signatures Shirkdog
Re: Unable to update Snort signatures Joel Esler (jesler)
Monday, 20 October
SNORT version lifecycle Hanson.Webster
Re: Port problems in a rule Kurzawa, Kevin
Re: SNORT version lifecycle Joel Esler (jesler)
Re: SNORT version lifecycle Hanson.Webster
snaplen has no effect on "ip dgm len > captured len" Nicolas Greneche
Re: Port problems in a rule waldo kitty
Re: SNORT version lifecycle Hanson.Webster
Re: SNORT version lifecycle Joel Esler (jesler)
Re: SNORT version lifecycle Y M
Re: SNORT version lifecycle Hanson.Webster
Re: SNORT version lifecycle waldo kitty
Manually download and install Snort Rules updates Hanson.Webster
Re: Manually download and install Snort Rules updates Y M
Re: Manually download and install Snort Rules updates Hanson.Webster
Re: Manually download and install Snort Rules updates Y M
Re: SNORT version lifecycle waldo kitty
Tuesday, 21 October
Change sid number with pulledpork C. L. Martinez
Re: Change sid number with pulledpork waldo kitty
Sourcefire VRT Certified Snort Rules Update 2014-10-21 Research
Re: Change sid number with pulledpork Joel Esler (jesler)
Wednesday, 22 October
fast_pattern not always longest content string by default? Mike Cox
Re: Snort-devel Digest, Vol 99, Issue 6 Muhammad Ridwan Zalbina
Re: Snort-devel Digest, Vol 99, Issue 6 Muhammad Ridwan Zalbina
Re: Snort-devel Digest, Vol 99, Issue 6 Joel Esler (jesler)
Re: fast_pattern not always longest content string by default? Josh Rosenbaum (jrosenba)
Re: fast_pattern not always longest content string by default? Joshua Kinard
Re: fast_pattern not always longest content string by default? Steve Sturges (ststurge)
Thursday, 23 October
Trying to develop a systemd snort script, running into errors removing/creating pid files Tony Robinson
Re: [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files Shirkdog
Re: [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files Tony Robinson
Re: fast_pattern not always longest content string by default? Mike Cox
Sourcefire VRT Certified Snort Rules Update 2014-10-23 Research
Snort 2.9.7 is now available Snort Releases
Snort 2.9.7 is now available Snort Releases
Re: fast_pattern not always longest content string by default? Joel Esler (jesler)
Latest snort/daq binaries for centos 6? Jim Garrison
Re: Snort 2.9.7 is now available rmkml
Re: Trying to develop a systemd snort script, running into errors removing/creating pid files Josh Rosenbaum (jrosenba)
Re: Snort 2.9.7 is now available Carter Waxman (cwaxman)
Re: [Snort-devel] Trying to develop a systemd snort script, running into errors removing/creating pid files waldo kitty
Sourcefire VRT Certified Snort Rules Update 2014-10-23 Research
"no return statement in function returning non-void" warnings when building snort Jim Garrison
Friday, 24 October
AppId quickstart James
Re: AppId quickstart Joel Esler (jesler)
Re: [Snort-openappid] AppId quickstart James
Re: AppId quickstart James
Saturday, 25 October
What is URL of Signature and Rule Lookup? Jutichai Thongkrachai
Re: What is URL of Signature and Rule Lookup? Joel Esler (jesler)
where to find the README.* document files? waldo kitty
Re: where to find the README.* document files? James
Re: where to find the README.* document files? Joel Esler (jesler)
Re: What is URL of Signature and Rule Lookup? Jutichai Thongkrachai
Re: What is URL of Signature and Rule Lookup? Joel Esler (jesler)
Re: What is URL of Signature and Rule Lookup? Jeremy Hoel
Re: What is URL of Signature and Rule Lookup? Jutichai Thongkrachai
Re: What is URL of Signature and Rule Lookup? Joel Esler (jesler)
protected_content and replace? Joshua Kinard
Re: where to find the README.* document files? waldo kitty
Re: where to find the README.* document files? waldo kitty
Sunday, 26 October
Status of Razorback project C. L. Martinez
Information Request about snort unix socket Giancarlo Capone
Snort Rule Nicholas Horton
Snort Rule Nicholas Horton
Monday, 27 October
Re: Snort Rule rmkml
Re: Trying to develop a systemd snort script, running into errors removing/creating pid files Robert Millott
Re: protected_content and replace? Carter Waxman (cwaxman)
Information Request about snort unix socket (unixSock) Giancarlo Capone
Re: Information Request about snort unix socket (unixSock) Joel Esler (jesler)
Re: Status of Razorback project Joel Esler (jesler)
Shellshock Signatures Ron Haines
Re: protected_content and replace? Joshua Kinard
Developing a TCP/IP connections statistics plugin Phuong Cao
Tuesday, 28 October
Poodle Signatures Leo Miao
APT28 Snort Signatures Tony Robinson
Re: Developing a TCP/IP connections statistics plugin Carter Waxman (cwaxman)
Re: Poodle Signatures Joel Esler (jesler)
Re: Snort-users Digest, Vol 101, Issue 41 Alex McDonnell
Re: Developing a TCP/IP connections statistics plugin Phuong Cao
Sourcefire VRT Certified Snort Rules Update 2014-10-28 Research
Re: APT28 Snort Signatures Joel Esler (jesler)
Snort string matching whitelist possible? bancfc
[Snort]Linux system non-accessible after sometime hitesh menghani
Wednesday, 29 October
Errors initializing Snort with netmap support C. L. Martinez
Debug errors with Openappid and Snort 2.9.7.0 C. L. Martinez
Re: Debug errors with Openappid and Snort 2.9.7.0 Joel Esler (jesler)
Re: Errors initializing Snort with netmap support C. L. Martinez
Re: Shellshock Signatures Ron Haines
Thursday, 30 October
Frequency of Compromised Hosts rule updates Sabu Thaliyath
Re: [Snort]Linux system non-accessible after sometime hitesh menghani
Re: Frequency of Compromised Hosts rule updates waldo kitty
Snort 2.9.7.0 unable to find daq James Lay
Re: Snort 2.9.7.0 unable to find daq Carter Waxman (cwaxman)
dpx.c:260:27: no member named 'getRuntimePolicy' Zeeuw, L.V. de
Sourcefire VRT Certified Snort Rules Update 2014-10-30 Research
Re: Snort 2.9.7.0 unable to find daq James Lay
File size Oscar A
Re: File size lists () packetmail net
Re: Snort 2.9.7.0 unable to find daq Carter Waxman (cwaxman)
Re: Frequency of Compromised Hosts rule updates Sabu Thaliyath
Re: Sourcefire VRT Certified Snort Rules Update 2014-10-30 Oscar A
Re: File size Oscar A
Re: Sourcefire VRT Certified Snort Rules Update 2014-10-30 Joel Esler (jesler)
Re: Sourcefire VRT Certified Snort Rules Update 2014-10-30 Oscar A
sig-id 1:26848:3 Oscar A
Friday, 31 October
(no subject) Priya Agarwal
Re: (no subject) Priya Agarwal
Re: (no subject) Priya Agarwal
Re: [Snort-openappid] Gmail detection Sabu Thaliyath
Startup Script (init.d) test engineer
Re: Startup Script (init.d) Robert Millott
Re: Snort 2.9.7.0 unable to find daq James Lay
Re: Snort 2.9.7.0 unable to find daq James Lay
Re: [Snort-openappid] Gmail detection Sabu Thaliyath
Re: File size waldo kitty
Re: Unable to kill a non-zombie process with -9 elof2
Re: sig-id 1:26848:3 waldo kitty
Some Snort beginner questions Jim Garrison
Re: Some Snort beginner questions Joel Esler (jesler)
Re: Some Snort beginner questions James Lay
Error when dumping so_rules with custom path using snort 2.9.7.0 Sec_Aficionado
Saturday, 01 November
Re: Some Snort beginner questions waldo kitty
Re: Error when dumping so_rules with custom path using snort 2.9.7.0 waldo kitty
Sunday, 02 November
Odd http requests in the logs Richard Geddes
Monday, 03 November
Snort 2.9.7.0 snort.conf unable to load rules from local.conf Priya Agarwal
Stream6 PAF callback function sharing (void **user) argument issue. Mitesh Jadia
Error building snort 2.9.7.0 on FreeBSD elof
Re: Error building snort 2.9.7.0 on FreeBSD elof
Re: Error building snort 2.9.7.0 on FreeBSD elof
Example conf file missing for 2.9.7.0 in website Sec_Aficionado
Re: Error when dumping so_rules with custom path using snort 2.9.7.0 Sec_Aficionado
Compile Bug in FreeBSD 8.x with Snort-2.9.7.x Bill Parker
Re: Example conf file missing for 2.9.7.0 in website Shirkdog
Re: Odd http requests in the logs waldo kitty
Re: Error when dumping so_rules with custom path using snort 2.9.7.0 waldo kitty
Re: Example conf file missing for 2.9.7.0 in website Tony Robinson
Process to submit bugs? Sec Aficionado
Re: Example conf file missing for 2.9.7.0 in website Joel Esler (jesler)
Re: Process to submit bugs? Joel Esler (jesler)
Re: Process to submit bugs? Sec Aficionado
Snort with AFPacket Sec Aficionado
Re: Snort with AFPacket James Lay
Re: Snort with AFPacket Sec_Aficionado
Re: Snort with AFPacket James Lay
Re: Snort with AFPacket Sec Aficionado
Re: Snort with AFPacket James Lay
Re: Snort with AFPacket waldo kitty
Re: Snort with AFPacket waldo kitty
Re: Example conf file missing for 2.9.7.0 in website Joel Esler (jesler)
Tuesday, 04 November
Re: Snort with AFPacket James Lay
Re: Example conf file missing for 2.9.7.0 in website Tony Robinson
Unix Socket problem to compile C code provided in README.UNSOCK file Giancarlo Capone
Re: Snort with AFPacket Sec_Aficionado
Re: Snort with AFPacket James Lay
Re: Snort with AFPacket waldo kitty
dpx-1.6 / snort 2.9.7.0 problem? Zeeuw, L.V. de
Sourcefire VRT Certified Snort Rules Update 2014-11-04 Research
Re: Sourcefire VRT Certified Snort Rules Update 2014-11-04 waldo kitty
vlan agnostic not working John Babio
Wednesday, 05 November
Re: Startup Script (init.d) test engineer
Re: Some Snort beginner questions Jim Garrison
Re: Some Snort beginner questions Sec_Aficionado
Missing all dynamic files - snort won't start elof
Re: Example conf file missing for 2.9.7.0 in website Sec_Aficionado
Re: Some Snort beginner questions James Lay
Re: Example conf file missing for 2.9.7.0 in website Joel Esler (jesler)
How many rules read / active? test engineer
Re: How many rules read / active? waldo kitty
Snorby usage Pradeep Mocherla
Re: Snorby usage Doug Burks
Help Regarding Snort : Capturing traffic in KDD cup 1999 dataset format. kruti choksi
Re: Help Regarding Snort : Capturing traffic in KDD cup 1999 dataset format. Joel Esler (jesler)
Re: Help Regarding Snort : Capturing traffic in KDD cup 1999 dataset format. kruti choksi
Re: Help Regarding Snort : Capturing traffic in KDD cup 1999 dataset format. Jaime Blasco
Thursday, 06 November
SID 29999 Dan Rieille
how to use stream5 reassembler to reassemble tcp packet? Mohiuddin Ebna Kawsar
Missing all dynamic files - snort won't start (fwd) elof
Re: how to use stream5 reassembler to reassemble tcp packet? Mitesh Jadia
Re: SID 29999 Alex McDonnell
Wirelurker A and B James Lay
Sourcefire VRT Certified Snort Rules Update 2014-11-06 Research
Cnort 2.9.7.0 RPM builds for Centos 6 Turnbough, Bradley E.
Re: [Emerging-Sigs] Wirelurker A and B James Espinosa
Re: [Emerging-Sigs] Wirelurker A and B rmkml
Re: [Emerging-Sigs] Wirelurker A and B James Lay
Re: Stream6 PAF callback function sharing (void **user) argument issue. Josh Rosenbaum (jrosenba)
Help_ Samad Najjar
Friday, 07 November
Re-naming DPX File dpx.c Amtul Saboor
Re: How many rules read / active? test engineer
Re: How many rules read / active? Kurzawa, Kevin
Re: dpx-1.6 / snort 2.9.7.0 problem? Josh Rosenbaum (jrosenba)
Saturday, 08 November
How to log dpx alerts/events using unified2, barnyard, mysql? Zeeuw, L.V. de
Monday, 10 November
Re: Missing all dynamic files - snort won't start elof
How can I remove redundant entries from the database? Avery Rozar
Re: Missing all dynamic files - snort won't start Josh Rosenbaum (jrosenba)
How do I log integrate Snort with Snort alienvault بلغور چغندر
Tuesday, 11 November
Re: Compile Bug in FreeBSD 8.x with Snort-2.9.7.x Michael Altizer
barnyard2: Unable to open directory '/var/log/snort' and Unable to find the next spool file! Joyabrata Ghosh
Re: Errors initializing Snort with netmap support Michael Altizer
Fwd: Issue Regarding Rate_filter Amtul Saboor
Re: Snort 2.9.7 is now available Michael Altizer
Re: barnyard2: Unable to open directory '/var/log/snort' and Unable to find the next spool file! Stephen Gantz
Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules James Lay
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules Joel Esler (jesler)
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules James Lay
Re: How can I remove redundant entries from the database? Y M
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules Y M
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules James Lay
Sourcefire VRT Certified Snort Rules Update 2014-11-11 Research
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules Y M
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules James Lay
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules Y M
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules James Lay
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules Y M
Re: Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules James Lay
Re: Snort inline afpaquet slow network Charlie Heselton
Re: Errors initializing Snort with netmap support C. L. Martinez
Wednesday, 12 November
snort rpc_decode amin Salehi
Re: Fwd: Issue Regarding Rate_filter Russ Combs (rucombs)
Re: Fwd: Issue Regarding Rate_filter Amtul Saboor
Re: Fwd: Issue Regarding Rate_filter Russ Combs (rucombs)
Re: fast_pattern not always longest content string by default? Mike Cox
Re: snort rpc_decode James Lay
Demand of snort output XSign
Inline snort negative impact on network Charlie Heselton
Re: Inline snort negative impact on network Y M
Thursday, 13 November
Variables don't need dollar sign in sig? Mike Cox
Re: Errors initializing Snort with netmap support Michael Altizer
Sourcefire VRT Certified Snort Rules Update 2014-11-13 Research
Re: Startup Script (init.d) test engineer
Re: Inline snort negative impact on network Charlie Heselton
Re: Inline snort negative impact on network Y M
SNORT and Emulex DAG test engineer
Re: Inline snort negative impact on network waldo kitty
Re: Inline snort negative impact on network Charlie Heselton
Re: Inline snort negative impact on network Charlie Heselton
Re: SNORT and Emulex DAG Bill Bernsen
Re: Startup Script (init.d) Bill Bernsen
Re: SNORT and Emulex DAG Robert Cotter
Re: Inline snort negative impact on network Y M
Re: Inline snort negative impact on network Charlie Heselton
Re: Inline snort negative impact on network Charlie Heselton
Friday, 14 November
Re: Startup Script (init.d) test engineer
Re: SNORT and Emulex DAG test engineer
Re: Compile Bug in FreeBSD 8.x with Snort-2.9.7.x Michael Altizer
Re: SNORT and Emulex DAG Bill Bernsen
Re: Inline snort negative impact on network Y M
Re: SNORT and Emulex DAG test engineer
Re: SNORT and Emulex DAG Bill Bernsen
BPF Filters Turnbough, Bradley E.
Re: BPF Filters James Lay
Re: BPF Filters Y M
Re: BPF Filters Turnbough, Bradley E.
Sunday, 16 November
Drop action behaves as if it's Reject action sky rongo
Unable to update signatures for 2.9.6.1 Anshuman Anil Deshmukh
Monday, 17 November
Re: Unable to update signatures for 2.9.6.1 James Lay
Re: Unable to update signatures for 2.9.6.1 waldo kitty
Problem in configuring snort for inserting events in sql database ahmed shafie
Re: Problem in configuring snort for inserting events in sql database Stephen Gantz
Tuesday, 18 November
Snort not logging /VAR/LOG/SNORT alerts after Nessus scan Iain Lorimer
ipvar EXTERNAL_NET Peggs Randahl
Re: ipvar EXTERNAL_NET Edwin Smulders
Sourcefire VRT Certified Snort Rules Update 2014-11-18 Research
Wednesday, 19 November
Re: ipvar EXTERNAL_NET Iain Lorimer
Thursday, 20 November
Sourcefire VRT Certified Snort Rules Update 2014-11-20 Research
RDP attack vector in MS14-066 Barry Bahrami
sig for RDP attack vector in MS14-066 Barry Bahrami
About syslog messages in snort C. L. Martinez
Friday, 21 November
Re: About syslog messages in snort Robert Millott
Re: About syslog messages in snort C. L. Martinez
Re: About syslog messages in snort Robert Millott
Snort missing C99 patch Terry John
Re: Snort missing C99 patch Michael Altizer
Re: Snort missing C99 patch Terry John
Re: Snort missing C99 patch Terry John
Re: Snort missing C99 patch Michael Altizer
Re: About syslog messages in snort C. L. Martinez
Do you have port 443 in $HTTP_PORTS and http_inspect_server? L0rd Ch0de1m0rt
Re: Do you have port 443 in $HTTP_PORTS and ttp_inspect_server? Joel Esler
Saturday, 22 November
Barnyard configuration problem ahmed shafie
Re: Barnyard configuration problem Jeremy Hoel
Re: Barnyard configuration problem Rhoades.Jon
Monday, 24 November
Snort 2.9.7.0 enters into infinity loop getApplicationData souber
Re: Snort 2.9.7.0 enters into infinity loop getApplicationData souber
Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui Cao (huica)
Sourcefire VRT Certified Snort Rules Update 2014-11-24 Research
Need help about Snort - rate_filter Jack Chuong
Tuesday, 25 November
lots of alerts on so rule "possible DGA detected" Ronny Vaningh
Re: lots of alerts on so rule "possible DGA detected" kestutis.malakauskas
Re: lots of alerts on so rule "possible DGA detected" Alex McDonnell
Re: lots of alerts on so rule "possible DGA detected" Patrick Mullen
Re: lots of alerts on so rule "possible DGA detected" C. L. Martinez
Re: Snort missing C99 patch Terry John
Re: lots of alerts on so rule "possible DGA detected" waldo kitty
SNORT-Multiple sensors+SNORBY Mohammed Sahib
Re: SNORT-Multiple sensors+SNORBY Jeremy Hoel
Re: SNORT-Multiple sensors+SNORBY Doug Burks
Problems configuring react: msg; Peter Fraser
Wednesday, 26 November
Re: Problems configuring react: msg; Hui Cao (huica)
Thursday, 27 November
Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other waldo kitty
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Friday, 28 November
Modifying Rules Works One Direction, but Not T'Other colony.three
Saturday, 29 November
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other Joel Esler (jesler)
Re: Modifying Rules Works One Direction, but Not T'Other Doug Burks
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other Doug Burks
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other Doug Burks
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other Doug Burks
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other Doug Burks
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Re: Modifying Rules Works One Direction, but Not T'Other Joel Esler (jesler)
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Sunday, 30 November
Re: Modifying Rules Works One Direction, but Not T'Other Doug Burks
Re: Modifying Rules Works One Direction, but Not T'Other colony.three
Monday, 01 December
Snort Blog: Snort FAQ is now on Snort.org! Joel Esler (jesler)
Snort REACT Response Peter Fraser
Tuesday, 02 December
Using OpenAppid generated info C. L. Martinez
Re: Snort REACT Response Hui cao
Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui cao
Sourcefire VRT Certified Snort Rules Update 2014-12-02 Research
Re: fast_pattern not always longest content string by default? Mike Cox
Re: Snort REACT Response Peter Fraser
pf_ring, openfpc, snort and snorby Matheus Condi'ez
Re: Snort REACT Response Peter Fraser
Re: Snort REACT Response Peter Fraser
Re: pf_ring, openfpc, snort and snorby Jeremy Hoel
Wednesday, 03 December
Re: pf_ring, openfpc, snort and snorby Matheus Condi'ez
Re: pf_ring, openfpc, snort and snorby Doug Burks
negation of appid keyword greg . mcnathansonsnuf003
Re: Snort REACT Response Hui Cao (huica)
(smtp) Attempted response buffer overflow Dan Roberts
Re: negation of appid keyword Joel Esler (jesler)
Ignoring Backups - TCP Stateful? colony.three
Comparison of extracted value between packets Praveen D
Re: pf_ring, openfpc, snort and snorby Jeremy Hoel
Re: Ignoring Backups - TCP Stateful? Doug Burks
Re: pf_ring, openfpc, snort and snorby Matheus Condi'ez
Re: negation of appid keyword greg . mcnathansonsnuf003
Re: Ignoring Backups - TCP Stateful? Colony.Three
Thursday, 04 December
CVE-2014-8104 Lukas Matt
Re: Ignoring Backups - TCP Stateful? Doug Burks
Re: Ignoring Backups - TCP Stateful? Colony.Three
Sourcefire VRT Certified Snort Rules Update 2014-12-04 Research
Feasibility question James Lay
Re: Feasibility question Joel Esler (jesler)
Re: CVE-2014-8104 Joel Esler (jesler)
Re: Feasibility question James Lay
Multiple errors on Snort Anshuman Anil Deshmukh
Friday, 05 December
Re: pf_ring, openfpc, snort and snorby Leon Ward (leonward)
Re: Multiple errors on Snort Anshuman Anil Deshmukh
Cert error on snort.org Michael Wisniewski
Snort.org Joel Esler (jesler)
Re: Cert error on snort.org Heine Lysemose
Re: Cert error on snort.org Heine Lysemose
Error 500 today? Andre DiMino
Re: Error 500 today? Jeremy Hoel
Re: Ignoring Backups - TCP Stateful? Colony.Three
Re: Snort.org Michael Wisniewski
Re: Ignoring Backups - TCP Stateful? Doug Burks
Re: Ignoring Backups - TCP Stateful? Colony.Three
Re: Ignoring Backups - TCP Stateful? Colony.Three
Re: Ignoring Backups - TCP Stateful? Doug Burks
Re: Ignoring Backups - TCP Stateful? Doug Burks
Re: Ignoring Backups - TCP Stateful? Colony.Three
Re: Ignoring Backups - TCP Stateful? Doug Burks
Re: Ignoring Backups - TCP Stateful? Colony.Three
Re: pf_ring, openfpc, snort and snorby Matheus Condi'ez
Re: pf_ring, openfpc, snort and snorby Matheus Condi'ez
Re: Ignoring Backups - TCP Stateful? Doug Burks
Monday, 08 December
snort daqs capabilities Mark Greenman
ET SHELLCODE Possible Call with No Offset UDP Shellcode Colony.Three
worms detection Eugeniu Babin
Re: worms detection Joel Esler (jesler)
Daq module for wndows Argcyborg
Re: Daq module for wndows Joel Esler (jesler)
Re: Daq module for wndows Argcyborg
simple email rule Turnbough, Bradley E.
problem zT
Email mime part data_state reassembly problem Mitesh Jadia
Tuesday, 09 December
Snort 2.9.7.0 - probably memleak in HttpInspect souber
[HITB-Announce] #HITB2015AMS Call for Papers is Open Hafez Kamal
Re: Snort 2.9.7.0 - probably memleak in HttpInspect Bhagya Bantwal (bbantwal)
Sourcefire VRT Certified Snort Rules Update 2014-12-09 Research
Re: fast_pattern not always longest content string by default? Josh Rosenbaum (jrosenba)
Re: Daq module for wndows Joel Esler (jesler)
Re: Daq module for wndows waldo kitty
Wednesday, 10 December
Malicious swf sig James Lay
Re: [Emerging-Sigs] Malicious swf sig James Lay
Re: [Emerging-Sigs] Malicious swf sig James Lay
Re: [Emerging-Sigs] Malicious swf sig Will Metcalf
Re: [Emerging-Sigs] Malicious swf sig James Lay
Snort's capabilities Savakh S
Re: Snort's capabilities Joel Esler (jesler)
Rules updates broken? Cary Townsend
Re: Rules updates broken? waldo kitty
Thursday, 11 December
Re: Rules updates broken? elof
Could not add event to decoderActionQ elof
Re: Rules updates broken? Joel Esler (jesler)
Re: Email mime part data_state reassembly problem Bhagya Bantwal (bbantwal)
Re: Rules updates broken? Doug Burks
Snort 3.0 Alpha 1 b130 Now Available Snort Releases
Snort 3.0 Alpha 1 b130 Now Available Snort Releases
Re: Snort 3.0 Alpha 1 b130 Now Available Turnbough, Bradley E.
Re: Snort 3.0 Alpha 1 b130 Now Available Russ Combs (rucombs)
Re: Snort 3.0 Alpha 1 b130 Now Available Joel Esler (jesler)
Re: Rules updates broken? René Bauer
Sourcefire VRT Certified Snort Rules Update 2014-12-11 Research
error 500 last several days Dmitry Melekhov
Friday, 12 December
Re: Rules updates broken? Cary Townsend
Re: Rules updates broken? Joel Esler (jesler)
Barnyard2 and Snortsam for 2.9.7.0 Sec_Aficionado
Re: Barnyard2 and Snortsam for 2.9.7.0 Shirkdog
Re: Rules updates broken? Cary Townsend
Re: Rules updates broken? Joel Esler (jesler)
Lack of Sanity Checks in 'flow_control.cc' in Snort-3.0.0-a1 Bill Parker
Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Bill Parker
Missing Sanity Check for fseek() in Snort-3.0.0-a1 Bill Parker
Addition to snort_manual.pdf Bill Parker
Re: Missing Sanity Check for fseek() in Snort-3.0.0-a1 Russ Combs (rucombs)
Re: Addition to snort_manual.pdf Russ Combs (rucombs)
Re: Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Russ Combs (rucombs)
Saturday, 13 December
Crash while cmake build snort-3.0.0-a1 Y M
Crash while running snort-3.0.0-a1 with netmap Y M
Minor notes snort-3.0.0-a1 Y M
Re: Crash while cmake build snort-3.0.0-a1 Russ Combs (rucombs)
Re: Crash while cmake build snort-3.0.0-a1 Y M
Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs)
Re: Crash while running snort-3.0.0-a1 with netmap Russ Combs (rucombs)
Re: Minor notes snort-3.0.0-a1 Y M
Re: Crash while running snort-3.0.0-a1 with netmap Y M
Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs)
Re: Minor notes snort-3.0.0-a1 Y M
Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs)
Re: Minor notes snort-3.0.0-a1 Y M
Re: trouble with online mode Sec_Aficionado
http_inspect works incorrectly Mark Greenman
Sunday, 14 December
Re: trouble with online mode James Lay
Rules for detecting IEC61850 GOOSE messages Muhammad Talha Abdul Rashid
Fwd: Rules for detecting IEC61850 GOOSE messages Muhammad Talha Abdul Rashid
Monday, 15 December
Re: Snort 3.0 Alpha 1 b130 Now Available elof
Re: Snort 3.0 Alpha 1 b130 Now Available Joel Esler (jesler)
Re: Barnyard2 and Snortsam for 2.9.7.0 Ian
Re: Barnyard2 and Snortsam for 2.9.7.0 Joel Esler (jesler)
Re: trouble with online mode Sec_Aficionado
Re: Barnyard2 and Snortsam for 2.9.7.0 Sec_Aficionado
Protected content Alex Tatistcheff
Re: Error 500 today? Andre DiMino
Re: Crash while running snort-3.0.0-a1 with netmap Michael Altizer
Re: Crash while running snort-3.0.0-a1 with netmap Y M
Re: Error 500 today? Joel Esler (jesler)
Re: Protected content Russ Combs (rucombs)
Re: Protected content Jeremy Hoel
Re: Rules updates broken? Cary Townsend
Re: Crash while cmake build snort-3.0.0-a1 Russ Combs (rucombs)
Re: Error 500 today? Joel Esler (jesler)
Re: Error 500 today? Andre DiMino
Re: Missing Sanity Check for calloc() in Snort-3.0.0-a1 (round 2) Russ Combs (rucombs)
Re: Minor notes snort-3.0.0-a1 Russ Combs (rucombs)
Re: Rules updates broken? Joel Esler (jesler)
Re: Minor notes snort-3.0.0-a1 Y M
Re: Protected content Alex Tatistcheff
Re: Error 500 today? René Bauer
Tuesday, 16 December
Re: Comparison of extracted value between packets Praveen D
Re: Protected content Russ Combs (rucombs)
Re: Comparison of extracted value between packets Patrick Mullen
Re: Comparison of extracted value between packets James Lay
Sourcefire VRT Certified Snort Rules Update 2014-12-16 Research
Re: Snort++ Extras Y M
Re: Snort++ Extras Russ Combs (rucombs)
Re: Snort++ Extras Y M
Re: Snort++ Extras Joel Esler (jesler)
Re: Snort++ Extras Y M
troubleshooting dead snort Robert Millott
ERROR: unknown logger alert_ex Y M
Re: ERROR: unknown logger alert_ex Russ Combs (rucombs)
Re: ERROR: unknown logger alert_ex Y M
Re: troubleshooting dead snort Juan Jesus Prieto
Re: troubleshooting dead snort Livio Ricciulli
Wednesday, 17 December
Re: Could not add event to decoderActionQ elof
Problem with Content rule option Mark Greenman
Re: Problem with Content rule option Joel Esler (jesler)
Thursday, 18 December
Re: Comparison of extracted value between packets Praveen D
byte_test/byte_jump negative offsets Praveen D
Re: Problem with Content rule option waldo kitty
question about paf Hyunseok
Sourcefire VRT Certified Snort Rules Update 2014-12-18 Research
First packet X-Forwarded-For information and sending to a Unix Socket (Snort 2.9.2.1) Shane Boissevain
Re: question about paf Russ Combs (rucombs)
Re: First packet X-Forwarded-For information and sending to a Unix Socket (Snort 2.9.2.1) Russ Combs (rucombs)
Re: question about paf Hyunseok
Re: question about paf Russ Combs (rucombs)
Re: Protected content Alex Tatistcheff
Friday, 19 December
Re: Snort Error Joel Cornett (jocornet)
Re: Snort Error Joel Cornett (jocornet)
Re: Snort Error Steve Gantz
Re: Snort Error Joel Esler (jesler)
Proposed update to 1:28039 Rodgers, Anthony (DTMB)
SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line Jeremy Hoel
Re: Proposed update to 1:28039 Jeremy Hoel
Fwd: Problem with Content rule option Mark Greenman
Saturday, 20 December
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line waldo kitty
config problem xyz xyz
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line waldo kitty
Sunday, 21 December
Re: config problem Joel Esler (jesler)
Re: SNORT + PulledPork: FATAL ERROR: ... Invalid configuration line RŌNIN
snort kvm network Emilio Joel Macias
Re: Snort, barnyard2, snorby issue Matheus Condi'ez
Monday, 22 December
Re: Proposed update to 1:28039 Joel Esler (jesler)
Re: byte_test/byte_jump negative offsets Nick Randolph
Re: Proposed update to 1:28039 Rodgers, Anthony (DTMB)
Re: Proposed update to 1:28039 Rodgers, Anthony (DTMB)
Re: byte_test/byte_jump negative offsets Praveen D
Tuesday, 23 December
Re: How to port Snort with Android OS Joel Esler
NTP rule? John York
Sourcefire VRT Certified Snort Rules Update 2014-12-23 Research
Re: NTP rule? Joel Esler (jesler)
Sourcefire VRT Certified Snort Rules Update 2014-12-23 Research
Re: NTP rule? Joel Esler (jesler)
Sunday, 28 December
Problem with content option Mark Greenman
Re: Problem with content option Y M
(no subject) Sameera Osman
Monday, 29 December
snort inline install mongi . benali
Re: (no subject) Y M
Re: snort inline install Y M
Re: snort inline install Y M
(no subject) Sameera Osman
many rules with good fast_pattern vs. single rule with pcre Duane Howard
Re: many rules with good fast_pattern vs. single rule with pcre Joel Esler (jesler)