Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

792 messages starting Jan 17 15 and ending Jan 04 15
Date index | Thread index | Author index

박종일

Re: confirm 343ec785cc752e98b958383c9c38dfab4b0200dc 박종일 (Jan 17)
Not working unified2 module in snort++ (snort 3.0) 박종일 (Jan 14)
Re: confirm 343ec785cc752e98b958383c9c38dfab4b0200dc 박종일 (Jan 17)

adonis okpidi

Snort rules adonis okpidi (Mar 23)

Alex McDonnell

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Alex McDonnell (Jan 28)

Al Lewis (allewi)

Re: Red Hat Enterprise Linux 6.5 Al Lewis (allewi) (Mar 04)
Re: IPS using DAQ AFPacket problems Al Lewis (allewi) (Jan 12)
Re: commencing packet processing (pid=26029) ?? Al Lewis (allewi) (Mar 19)
Re: More about Outstanding packets Al Lewis (allewi) (Mar 23)
Re: Cannot get Snort listen on a second network interface (creating a gateway) Al Lewis (allewi) (Feb 23)
Re: Snort-users Digest, Vol 105, Issue 9 Al Lewis (allewi) (Feb 03)
Re: (http_inspect) UNKNOWN METHOD error on squid Al Lewis (allewi) (Mar 04)
Re: Cannot bind address and add more OS Policy for Stream5 TCP Preprocessor Al Lewis (allewi) (Feb 02)
Re: Cannot bind address and add more OS Policy for Stream5 TCP Preprocessor Al Lewis (allewi) (Feb 01)
Re: Regarding GID 1, SID 33429 - Microsoft Windows SMB potential group policy fallback exploit attempt Al Lewis (allewi) (Feb 14)
Re: Snort unable to drop packets in inline mode Al Lewis (allewi) (Feb 25)
Re: TCP flags issue Al Lewis (allewi) (Feb 09)
Re: snort-windows webserver-ec2 Al Lewis (allewi) (Mar 25)
Re: Cannot bind address and add more OS Policy for Stream5 TCP Preprocessor Al Lewis (allewi) (Feb 01)
Re: (http_inspect) UNKNOWN METHOD for SSL over http proxy Al Lewis (allewi) (Mar 27)
Re: snort 2972 - not working, need help Al Lewis (allewi) (Mar 24)
Re: Snort decoder Al Lewis (allewi) (Jan 26)
Re: Create rules for Google Hangouts Al Lewis (allewi) (Feb 11)
Re: Fwd: hybrid IDS using snort Al Lewis (allewi) (Mar 10)
Re: HTTP Get Flood Al Lewis (allewi) (Feb 15)
Re: HTTP Get Flood Al Lewis (allewi) (Feb 15)
Re: snort using rpcap in windows Al Lewis (allewi) (Feb 17)
Re: OpenAppID Al Lewis (allewi) (Mar 25)
Re: Snort-devel Digest, Vol 104, Issue 18 Al Lewis (allewi) (Mar 31)
Re: IPS using DAQ AFPacket problems Al Lewis (allewi) (Jan 12)
Re: Increase detection rate Al Lewis (allewi) (Feb 23)
Re: packet content match Al Lewis (allewi) (Jan 21)
Re: ERROR: Can't start DAQ Al Lewis (allewi) (Mar 31)
Re: Stuck at Commencing Packet Processing Al Lewis (allewi) (Feb 16)
Re: Snort not logging to /var/log/snort Al Lewis (allewi) (Mar 18)
Re: Rules question. Or clause with content keyword in rule. Al Lewis (allewi) (Feb 01)
Re: Rules Al Lewis (allewi) (Mar 13)
Re: real-time alerting and rule to monitor only specific traffic Al Lewis (allewi) (Feb 23)
Re: Cannot get Snort listen on a second network interface (creating a gateway) Al Lewis (allewi) (Feb 23)
Re: HTTP preprocesor Al Lewis (allewi) (Jan 26)
Re: commencing packet processing (pid=26029) ?? Al Lewis (allewi) (Mar 19)
Re: Snort unable to drop packets in inline mode Al Lewis (allewi) (Feb 23)
Re: SMTP Preprocessor : X-ANONYMOUSTLS command Al Lewis (allewi) (Mar 11)
Re: [Snort-user] dynamic variable for content match Al Lewis (allewi) (Jan 26)
Re: Building DAQ for freebsd - afpacket Al Lewis (allewi) (Jan 22)
Re: Why would my server trigger rule Sid 17487 Al Lewis (allewi) (Feb 10)
Re: about snort active responses in passive mode Al Lewis (allewi) (Feb 13)
Re: Cisco Proprietary Protocol and Snort Al Lewis (allewi) (Jan 27)
Re: snort lan sniff Al Lewis (allewi) (Feb 16)
Re: ERROR: Can't start DAQ Al Lewis (allewi) (Mar 31)
Re: [Snort-user] dynamic variable for content match Al Lewis (allewi) (Jan 29)
Re: Content Match Al Lewis (allewi) (Feb 01)
Re: Welcome to the "Snort-users" mailing list (Digest mode) Al Lewis (allewi) (Feb 03)
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Al Lewis (allewi) (Feb 17)
Re: Cisco Proprietary Protocol and Snort Al Lewis (allewi) (Jan 27)
Re: HTTP Get Flood Al Lewis (allewi) (Feb 15)
Re: Alert with no data Al Lewis (allewi) (Feb 18)
Re: commencing packet processing (pid=26029) ?? Al Lewis (allewi) (Mar 19)
Re: Snort rules Al Lewis (allewi) (Mar 23)
Re: Create rules for Google Hangouts Al Lewis (allewi) (Feb 12)
Re: Unclear on active response MAC address Al Lewis (allewi) (Mar 03)
Re: Snort-users Digest, Vol 104, Issue 51 Al Lewis (allewi) (Jan 28)
Re: Snort-3.0: WARNING: active responses disabled since DAQ can't inject packets. Al Lewis (allewi) (Mar 26)
Re: preprocessors rules Al Lewis (allewi) (Feb 23)
Re: Question about outstanding packets Al Lewis (allewi) (Feb 13)
Re: need assistance - no so rules with pulled pork Al Lewis (allewi) (Mar 05)
Re: (http_inspect) UNKNOWN METHOD error on squid Al Lewis (allewi) (Mar 04)
Re: Why would my server trigger rule Sid 17487 Al Lewis (allewi) (Feb 09)
Re: Fwd: hybrid IDS using snort Al Lewis (allewi) (Mar 09)
Re: (http_inspect) UNKNOWN METHOD for SSL over http proxy Al Lewis (allewi) (Mar 27)
Re: React option doesn't work Al Lewis (allewi) (Mar 27)
Re: [snort-user] is there any option to inspect packet? Al Lewis (allewi) (Feb 01)
Re: Snort decoder Al Lewis (allewi) (Jan 26)
Re: Stuck at Commencing Packet Processing Al Lewis (allewi) (Feb 22)
Re: Analyse pcap file Al Lewis (allewi) (Jan 23)
Re: test rule Al Lewis (allewi) (Jan 22)

amin salmani

my email address amin salmani (Jan 02)

amn0p

pulledpork 0.7.1 -wc certificate verification problem amn0p (Jan 16)

Andre DiMino

Re: FP on EXPLOIT-KIT Angler(1:31046) Andre DiMino (Jan 07)
Re: FP on EXPLOIT-KIT Angler(1:31046) Andre DiMino (Jan 07)
FP on EXPLOIT-KIT Angler(1:31046) Andre DiMino (Jan 07)
Re: FP on EXPLOIT-KIT Angler(1:31046) Andre DiMino (Jan 07)

Andrei_1980

Rules question. Or clause with content keyword in rule. Andrei_1980 (Feb 01)

Andrew Shagayev

gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
Re: Pulledpork and Snort warnings Andrew Shagayev (Mar 22)
How to resolve flowbit dependancies using Pulled Pork? Andrew Shagayev (Mar 11)
Re: gen-msg.map is missing! What to do? Where to get it? Andrew Shagayev (Mar 11)
Pulledpork and Snort warnings Andrew Shagayev (Mar 21)
pulled pork - snort dynamic rules on mac OS X Andrew Shagayev (Mar 17)
Unified2 with Barnyard2 + Postgresql Andrew Shagayev (Mar 10)
Pulled pork: A 500 error - root certificates Andrew Shagayev (Mar 11)
Snort: setup SO rules question. Andrew Shagayev (Mar 22)
(no subject) Andrew Shagayev (Mar 09)
how to run pulledpork ignoring trust certificates? Andrew Shagayev (Mar 15)

Andrew V. Stepanov

Unified2 Format skip packet entry. Andrew V. Stepanov (Jan 22)

Anshuman Anil Deshmukh

Monitoring incoming or outgoing traffic Anshuman Anil Deshmukh (Jan 08)
Re: Problem running Snort Inline Anshuman Anil Deshmukh (Feb 06)
Problem running Snort Inline Anshuman Anil Deshmukh (Feb 04)
Re: Unable to view the Signature Information Anshuman Anil Deshmukh (Jan 28)
Unable to view the Signature Information Anshuman Anil Deshmukh (Jan 28)
Re: Unable to view the Signature Information Anshuman Anil Deshmukh (Jan 28)
Re: [Emerging-Sigs] Reference links not working Anshuman Anil Deshmukh (Jan 13)
Re: Problem running Snort Inline Anshuman Anil Deshmukh (Feb 05)
Re: Unable to view the Signature Information Anshuman Anil Deshmukh (Jan 28)
Re: Monitoring incoming or outgoing traffic Anshuman Anil Deshmukh (Jan 09)
Re: Problem running Snort Inline [RESOLVED] Anshuman Anil Deshmukh (Feb 12)

Anthony Gallina

Re: Snort-users Digest, Vol 106, Issue 16 Anthony Gallina (Mar 05)
Re: Snort-users Digest, Vol 106, Issue 43 Anthony Gallina (Mar 18)
Re: Snort-users Digest, Vol 106, Issue 43 Anthony Gallina (Mar 23)
I could use help getting my snort pulled pork barnyard2 BASE running Anthony Gallina (Mar 16)

Anthony Sheetz

active response and network tap Anthony Sheetz (Jan 09)
https Anthony Sheetz (Jan 29)
reject without being inline Anthony Sheetz (Jan 14)
Re: restart snort after pulledpork updates ? Anthony Sheetz (Jan 22)

Archer Yang

Is ACID related to the snort's mysql support?‏ Archer Yang (Mar 06)

Arun Koshal

Dynamic preprocessor - detection engine on normalized data only Arun Koshal (Feb 21)
Re: Stream5 issue Arun Koshal (Mar 31)
Few strange problems with Snort and Stream5 preprocessor Arun Koshal (Mar 27)
Dynamic preprocessors: Detection engine on normalized data only Arun Koshal (Feb 20)
Stream5 issue Arun Koshal (Mar 27)
Re: Stream5 issue Arun Koshal (Mar 30)

Avery Rozar

Re: Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start Avery Rozar (Feb 03)
Snort upgrade using source Avery Rozar (Jan 19)
Re: Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start Avery Rozar (Feb 02)
Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start Avery Rozar (Feb 01)
Snort EOL question about VRT rules. Avery Rozar (Jan 11)

Balasubramaniam Natarajan

Re: Snort and a remote mssql database server Balasubramaniam Natarajan (Feb 17)
Re: TCP flags issue Balasubramaniam Natarajan (Feb 04)

Barry Bahrami

Re: Creating a rule for RDP Barry Bahrami (Feb 09)
Re: Creating a rule for RDP Barry Bahrami (Feb 09)

Benjamin Small

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Benjamin Small (Jan 28)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Benjamin Small (Jan 28)

Beto C

Alert with no data Beto C (Feb 18)

Bill Parker

Suggestion for snort.conf Bill Parker (Mar 13)
Fwd: Question Bill Parker (Feb 04)
Possible memory leak in service_ssl.c for snort-2.9.7.x and Snort++? Bill Parker (Mar 19)
Suggestion on Shared Objects/Engines/etc Bill Parker (Mar 16)
Magnetic Stripe Card addition to SDF processor? Bill Parker (Feb 08)

Bill Reimer

Re: Fwd: hybrid IDS using snort Bill Reimer (Mar 12)

Bob Brown

Re: NoSQL Key Value Port Bob Brown (Feb 06)
NoSQL Key Value Port Bob Brown (Feb 06)

Bryan Arenal

Automation tools to manage NIDS servers? Bryan Arenal (Jan 29)
What are the current default enabled build options? Bryan Arenal (Feb 05)
Re: Automation tools to manage NIDS servers? Bryan Arenal (Jan 29)
Re: What are the current default enabled build options? Bryan Arenal (Feb 05)
Re: What are the current default enabled build options? Bryan Arenal (Feb 05)

Carlos G Mendioroz

Re: Snort silently dying... Carlos G Mendioroz (Mar 10)
Snort silently dying... Carlos G Mendioroz (Mar 09)
Re: Snort silently dying... Carlos G Mendioroz (Mar 11)
Re: Snort silently dying... Carlos G Mendioroz (Mar 11)

Carter Waxman (cwaxman)

Re: React option doesn't work Carter Waxman (cwaxman) (Mar 30)
Re: Odp: RE: React option doesn't work Carter Waxman (cwaxman) (Mar 27)
Re: Odp: Re: Odp: RE: React option doesn't work Carter Waxman (cwaxman) (Mar 27)
Re: More about Outstanding packets Carter Waxman (cwaxman) (Mar 23)
Re: Odp: Re: Odp: Re: Odp: RE: React option doesn't work Carter Waxman (cwaxman) (Mar 27)

chinghsiung

Re: about snort active responses in passive mode chinghsiung (Feb 13)
about snort active responses in passive mode chinghsiung (Feb 13)

Claus Regelmann

Question: Snort-Alerts do not fire when traffic goes thru proxy Claus Regelmann (Mar 18)
Question: Snort-Alerts do not fire when traffic goesthru proxy Claus Regelmann (Mar 23)
Question: Snort-Alerts do not fire when goes thru proxy Claus Regelmann (Mar 18)

C. L. Martinez

Question about outstanding packets C. L. Martinez (Feb 12)
Re: Pulledpork: please verify that you have recently updated your root certificates! C. L. Martinez (Feb 19)

C.L. Martinez

More about Outstanding packets C.L. Martinez (Mar 23)
Re: More about Outstanding packets C.L. Martinez (Mar 23)
Re: More about Outstanding packets C.L. Martinez (Mar 23)

Colin Edwards

ShellShock Signatures Colin Edwards (Mar 02)
Re: ShellShock Signatures Colin Edwards (Mar 05)

Costas Kleopa (ckleopa)

Re: Possible memory leak in service_ssl.c for snort-2.9.7.x and Snort++? Costas Kleopa (ckleopa) (Mar 20)
Re: Snort table is NIL error Costas Kleopa (ckleopa) (Mar 01)

Crusty Saint

Re: Zero day attack protection Crusty Saint (Feb 04)

Da Beave

Re: SIEM Da Beave (Mar 27)

Dalton, Gerry

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Dalton, Gerry (Jan 28)

Dani Av

Fwd: snort database problem Dani Av (Mar 29)

Daniel Kariuki

error 422 Daniel Kariuki (Jan 21)

Dan Roberts

SMTP decoder Dan Roberts (Feb 11)
preprocessors rules Dan Roberts (Feb 23)
SMTP Preprocessor : X-ANONYMOUSTLS command Dan Roberts (Mar 11)
ERROR: Can't start DAQ Dan Roberts (Mar 31)

Dario Bruno

Pulledpork download rulesets error 500 Dario Bruno (Feb 17)
snort lan sniff Dario Bruno (Feb 16)

Dave Corsello

Re: Error 500 today? Dave Corsello (Jan 08)

Dave Killion

Re: FP on 31977? Dave Killion (Mar 16)
Re: Creating a rule for RDP Dave Killion (Feb 06)
Re: DNS Reverse Shell sig Dave Killion (Feb 04)

David Futsi

Sending syslog alerts from Snort on ArchLinux on RPI b+ David Futsi (Mar 23)

David Longenecker

Using DNS response fields in an alert msg David Longenecker (Jan 07)
Re: Using DNS response fields in an alert msg David Longenecker (Jan 22)

Dmitry Melekhov

Re: error 500 last several days Dmitry Melekhov (Jan 02)

Doug Burks

Re: Automation tools to manage NIDS servers? Doug Burks (Jan 29)

Doug Potter

Please remove me from Snort list Thanks Doug Potter (Jan 29)

Ed Borgoyn (eborgoyn)

Re: does alertAdd() free pointer after logging? Ed Borgoyn (eborgoyn) (Mar 03)

elof

Re: preprocessor stream5_global prune_log_max 0 elof (Mar 27)
Bad -M option (or manual) elof (Mar 26)
preprocessor stream5_global prune_log_max 0 elof (Mar 27)

Ely Petty

Re: man page doesn't list two valid alert modes Ely Petty (Jan 04)
man page doesn't list two valid alert modes Ely Petty (Jan 04)

Emiliano Fausto

Re: Stream5 issue Emiliano Fausto (Mar 28)
Re: Stream5 issue Emiliano Fausto (Mar 30)

Emilio Joel Macias

centos 6 o redhat 6 packages Emilio Joel Macias (Jan 21)

eric gonzalez

Possible Rule Change eric gonzalez (Jan 29)

Ethan Hunt

Snort 2.9.7.2 Ethan Hunt (Mar 23)
Snort 2.9.7.2 Ethan Hunt (Mar 15)

Eugene Grama

Fwd: snort using rpcap in windows Eugene Grama (Feb 16)
Snort and a remote mssql database server Eugene Grama (Feb 17)
Re: snort using rpcap in windows Eugene Grama (Feb 17)
snort 2972 - not working, need help Eugene Grama (Mar 23)
DDoS Rule Eugene Grama (Feb 08)
Re: snort using rpcap in windows Eugene Grama (Feb 17)
Rules Inquiry Eugene Grama (Feb 04)
snort-windows webserver-ec2 Eugene Grama (Mar 25)

Eugenio Perez

HTTP preprocesor Eugenio Perez (Jan 26)
Re: Snort, barnyard2, snorby issue Eugenio Perez (Mar 06)
Re: HTTP preprocesor Eugenio Perez (Jan 27)

Eugeniu Babin

Re: restart snort after pulledpork updates ? Eugeniu Babin (Jan 22)
barnyard2 and GRE packets Eugeniu Babin (Jan 21)
restart snort after pulledpork updates ? Eugeniu Babin (Jan 21)
What is snort sensor Eugeniu Babin (Jan 12)

Fabio Machado Sanches

RES: Rules Fabio Machado Sanches (Feb 12)
RES: Rules Fabio Machado Sanches (Feb 12)
Callbeck Fabio Machado Sanches (Mar 10)
Rules Fabio Machado Sanches (Mar 13)
RES: RES: Rules Fabio Machado Sanches (Feb 12)
Rules Fabio Machado Sanches (Feb 11)

factoreal

Re: Difference between drop and reject rules factoreal (Feb 07)

Farnsworth, Robert

commencing packet processing (pid=26029) ?? Farnsworth, Robert (Mar 19)
Re: commencing packet processing (pid=26029) ?? Farnsworth, Robert (Mar 19)
Red Hat Enterprise Linux 6.5 Farnsworth, Robert (Mar 03)
Re: commencing packet processing (pid=26029) ?? Farnsworth, Robert (Mar 19)

Flo

pulledpork config two different error messages Flo (Jan 01)
pulledpork config two different error messages Flo (Jan 01)

Florian Knorn

Snort, barnyard2, snorby issue Florian Knorn (Mar 06)

French, Jared

Thresholding issues French, Jared (Mar 26)

Guillaume Daleux

Problem with rule sid 33323 Guillaume Daleux (Feb 19)
Re: Problem with rule sid 33323 Guillaume Daleux (Feb 20)

Hafez Kamal

[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days Hafez Kamal (Jan 22)

Henry Collins

Cannot get Snort listen on a second network interface (creating a gateway) Henry Collins (Feb 23)
Re: Cannot get Snort listen on a second network interface (creating a gateway) Henry Collins (Feb 23)
Snort even though working properly does not report majority of rules Henry Collins (Feb 16)
Re: Cannot get Snort listen on a second network interface (creating a gateway) Henry Collins (Feb 23)

Hui cao

Re: File extraction during http/ftp transaction Hui cao (Mar 11)
Re: File extraction during http/ftp transaction Hui cao (Mar 11)
Re: File extraction during http/ftp transaction Hui cao (Mar 11)
Re: Resetting Snort without reloading everything Hui cao (Mar 31)
Re: File extraction during http/ftp transaction Hui cao (Mar 11)

Hui Cao (huica)

Re: Dynamic preprocessors: Detection engine on normalized data only Hui Cao (huica) (Feb 22)

Ikenna Chiadikaobi

Re: Snort-users Digest, Vol 105, Issue 49 Ikenna Chiadikaobi (Feb 17)

Irish Settingg

Re: Need help with Signature - OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt Irish Settingg (Mar 20)
More information on the rule - sid:31557 Irish Settingg (Jan 29)
Re: Need help with rule - [124:7:1] smtp: Attempted header name buffer overflow Irish Settingg (Feb 03)
Need help with Signature - OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt Irish Settingg (Mar 14)
Re: More information on the rule - sid:31557 Irish Settingg (Jan 29)
Need help with rule - [124:7:1] smtp: Attempted header name buffer overflow Irish Settingg (Feb 02)

Jack Pepper

Re: How to know what is "any" ip address??? Jack Pepper (Feb 02)
Re: Need an efficient way to generate rules for URL Filtering Jack Pepper (Mar 21)

Jacobi, Michael W CIV NSWCCD Philadelphia, 10432

Snort Sensors do not appear to be detecting what they should Jacobi, Michael W CIV NSWCCD Philadelphia, 10432 (Mar 11)

Jaime Nebrera

Re: Getting alerts for every file Snort detects and File Services preprocessor Jaime Nebrera (Mar 27)
Re: Getting alerts for every file Snort detects and File Services preprocessor Jaime Nebrera (Mar 27)
Re: Automation tools to manage NIDS servers? Jaime Nebrera (Jan 31)
Re: Automation tools to manage NIDS servers? Jaime Nebrera (Jan 31)

Jake Hann

Re: IPS using DAQ AFPacket problems Jake Hann (Jan 12)
Snort Configuration Trouble Jake Hann (Jan 09)
BASE timestamp wrong Jake Hann (Jan 15)
Re: Snort Configuration Trouble Jake Hann (Jan 09)
Re: IPS using DAQ AFPacket problems Jake Hann (Jan 12)

James Dickenson

False positives on mysql traffic James Dickenson (Feb 23)

James Lay

Re: (http_inspect) UNKNOWN METHOD error on squid James Lay (Mar 04)
Re: DNS Reverse Shell sig James Lay (Feb 04)
FindPOS sig James Lay (Mar 19)
Re: Problem running Snort Inline James Lay (Feb 05)
Re: HTTP preprocesor James Lay (Jan 26)
Re: Snort unable to drop packets in inline mode James Lay (Feb 22)
Re: Thresholding issues James Lay (Mar 26)
Re: Startup error post-package install James Lay (Feb 26)
Pawn Storm sig James Lay (Feb 04)
Re: Using DNS response fields in an alert msg James Lay (Jan 07)
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? James Lay (Feb 17)
Re: Etpro pulled pork question James Lay (Mar 10)
Re: Snort unable to drop packets in inline mode James Lay (Feb 22)
Re: Need an efficient way to generate rules for URL Filtering James Lay (Mar 21)
Re: Startup error post-package install James Lay (Feb 26)
Re: Etpro pulled pork question James Lay (Mar 23)
Re: Snort unable to drop packets in inline mode James Lay (Feb 22)
Possible Dridex C2 UA sig James Lay (Feb 19)
Re: Need help with Signature - OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt James Lay (Mar 20)
Re: DNS Reverse Shell sig James Lay (Feb 04)
Re: Startup error post-package install James Lay (Feb 26)
Re: Snort Configuration Trouble James Lay (Jan 09)
Re: Pulledpork and Snort warnings James Lay (Mar 22)
DNS Reverse Shell sig James Lay (Feb 04)

Jamie Riden

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Jamie Riden (Jan 28)
Re: Snort rules Jamie Riden (Mar 23)
Re: HTTP Get Flood Jamie Riden (Feb 15)
Re: Snort rules Jamie Riden (Mar 24)

Jason Haar

Re: Using DNS response fields in an alert msg Jason Haar (Jan 21)
Re: Creating a rule for RDP Jason Haar (Feb 06)

Jason Ish

Re: Multiple log files Jason Ish (Jan 09)

Jason Wallace

Re: Disabling Rules via disablesid.conf Jason Wallace (Feb 06)
Re: Disabling Rules via disablesid.conf Jason Wallace (Feb 06)
Re: Need help with rule - [124:7:1] smtp: Attempted header name buffer overflow Jason Wallace (Feb 03)
Re: Disabling Rules via disablesid.conf Jason Wallace (Feb 06)

Jean-Sébastien Nicaise

IIS unicode.map Jean-Sébastien Nicaise (Jan 06)

Jefferson, Shawn

Re: Error 500 today? Jefferson, Shawn (Jan 07)
Re: Error 500 today? Jefferson, Shawn (Jan 08)
Re: Hosts Attribute exception/override? Jefferson, Shawn (Jan 22)
Hosts Attribute exception/override? Jefferson, Shawn (Jan 22)

Jeffrey

Updating Snort Rules Offline Jeffrey (Feb 07)

Jeff Stebelton

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Jeff Stebelton (Jan 28)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Jeff Stebelton (Jan 28)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Jeff Stebelton (Jan 28)

Jeremy Hoel

Re: [Snort-users] Is ACID related to the snort's mysql support?‏ Jeremy Hoel (Mar 06)
Re: Monitoring incoming or outgoing traffic Jeremy Hoel (Jan 08)
Re: Barnyard2 Jeremy Hoel (Jan 19)
Re: Barnyard2 Jeremy Hoel (Jan 18)
Re: Barnyard2 Jeremy Hoel (Jan 18)
Re: Setting up simple LAN-sniffing for bad signatures? Jeremy Hoel (Jan 02)
Re: Red Hat Enterprise Linux 6.5 Jeremy Hoel (Mar 03)
Re: Setting up simple LAN-sniffing for bad signatures? Jeremy Hoel (Jan 02)

Jerry Jarreau

Re: Snort-users Digest, Vol 106, Issue 55 Jerry Jarreau (Mar 21)

Joel Esler

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (Jan 28)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (Jan 28)
Re: NoSQL Key Value Port Joel Esler (Feb 06)

Joel Esler (jesler)

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: Using DNS response fields in an alert msg Joel Esler (jesler) (Jan 22)
Re: Snort EOL question about VRT rules. Joel Esler (jesler) (Jan 12)
Re: Negative offset? Joel Esler (jesler) (Mar 06)
Re: Cisco Proprietary Protocol and Snort Joel Esler (jesler) (Jan 27)
Re: ShellShock Signatures Joel Esler (jesler) (Mar 05)
Re: Depth vs. offset in rules Joel Esler (jesler) (Mar 06)
Re: Monitoring incoming or outgoing traffic Joel Esler (jesler) (Jan 09)
Re: File extraction during http/ftp transaction Joel Esler (jesler) (Mar 11)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: Attack detection Joel Esler (jesler) (Feb 11)
Re: Fwd: Dos attacks Joel Esler (jesler) (Jan 31)
Re: RES: Rules Joel Esler (jesler) (Feb 12)
Re: False positives on mysql traffic Joel Esler (jesler) (Feb 25)
Re: https Joel Esler (jesler) (Jan 29)
Re: need assistance - no so rules with pulled pork Joel Esler (jesler) (Mar 05)
Re: ShellShock Signatures Joel Esler (jesler) (Mar 03)
Snort Blog: Snort 2.9.5.6 End of Life is approaching Joel Esler (jesler) (Jan 16)
Re: Unable to view the Signature Information Joel Esler (jesler) (Jan 29)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: React option doesn't work Joel Esler (jesler) (Mar 30)
Re: Snort, barnyard2, snorby issue Joel Esler (jesler) (Mar 06)
Re: More information on the rule - sid:31557 Joel Esler (jesler) (Jan 29)
Re: (no subject) Joel Esler (jesler) (Mar 10)
Re: Startup error post-package install Joel Esler (jesler) (Feb 27)
Re: DDoS Rule Joel Esler (jesler) (Feb 08)
Re: Rules Joel Esler (jesler) (Feb 11)
Re: Old Snort Rules Joel Esler (jesler) (Jan 12)
Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 23)
OpenAppID Webinar Joel Esler (jesler) (Feb 04)
Re: Frag3 target default setting Joel Esler (jesler) (Feb 28)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Feb 05)
Re: Problems using flow quantifier Joel Esler (jesler) (Mar 05)
Re: Hosts Attribute exception/override? Joel Esler (jesler) (Jan 22)
Re: Use of iis_unicode_map in HTTP Inspect on Linux IDS host Joel Esler (jesler) (Feb 28)
Re: CVE-2014-8104 Joel Esler (jesler) (Mar 07)
Re: man page doesn't list two valid alert modes Joel Esler (jesler) (Jan 04)
Re: restart snort after pulledpork updates ? Joel Esler (jesler) (Jan 21)
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Joel Esler (jesler) (Feb 17)
Re: What is snort sensor Joel Esler (jesler) (Jan 12)
Re: man page doesn't list two valid alert modes Joel Esler (jesler) (Jan 04)
Re: More information on the rule - sid:31557 Joel Esler (jesler) (Jan 29)
Re: Depth vs. offset in rules Joel Esler (jesler) (Mar 03)
Re: activate/dynamic rules problem Joel Esler (jesler) (Jan 12)
Re: CVE-2015-0204 Joel Esler (jesler) (Mar 10)
Re: OpenAppID Webinar Joel Esler (jesler) (Feb 04)
Re: Using DNS response fields in an alert msg Joel Esler (jesler) (Jan 07)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: Snort silently dying... Joel Esler (jesler) (Mar 09)
Re: Sourcefire Intrusion Agent Joel Esler (jesler) (Feb 27)
Re: error 422 Joel Esler (jesler) (Jan 21)
Re: Is ACID related to the snort's mysql support?‏ Joel Esler (jesler) (Mar 06)
Re: Error 500 today? Joel Esler (jesler) (Jan 08)
Re: Error 500 today? Joel Esler (jesler) (Jan 07)
Re: Using DNS response fields in an alert msg Joel Esler (jesler) (Jan 07)
Re: [Snort-user] ERROR: ./../rules/app-detect.rules(0) Unable to open rules file "./../rules/app-detect.rules": No such file or directory. Joel Esler (jesler) (Jan 22)
Re: FP on EXPLOIT-KIT Angler(1:31046) Joel Esler (jesler) (Jan 07)
Re: Rules Inquiry Joel Esler (jesler) (Feb 05)
Re: How to resolve flowbit dependancies using Pulled Pork? Joel Esler (jesler) (Mar 12)
Re: File extraction during http/ftp transaction Joel Esler (jesler) (Mar 11)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 18)
Re: Please remove me from Snort list Thanks Joel Esler (jesler) (Jan 29)
Re: ET POLICY Vulnerable Java Version 1.8.x Detected Joel Esler (jesler) (Mar 22)
Re: Unable to view the Signature Information Joel Esler (jesler) (Jan 28)
Re: Ghost glibc and EXIM rules Joel Esler (jesler) (Jan 29)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: snort NIDS Joel Esler (jesler) (Feb 07)
Re: pulledpork 0.7.1 -wc certificate verification problem Joel Esler (jesler) (Jan 16)
Re: install/configure Snort IPS mode on Windows OS Joel Esler (jesler) (Feb 13)
Re: Use of iis_unicode_map in HTTP Inspect on Linux IDS host Joel Esler (jesler) (Feb 28)
Re: SOLVED - Trouble with HTTP status message rule Joel Esler (jesler) (Mar 12)
Re: Startup error post-package install Joel Esler (jesler) (Feb 28)
Re: Difference between drop and reject rules Joel Esler (jesler) (Feb 07)
Re: SMTP decoder Joel Esler (jesler) (Feb 11)
Re: Snort Malicious Traffic Redirection to other IP Joel Esler (jesler) (Mar 31)
Re: snort rules Joel Esler (jesler) (Jan 04)
Re: Problems using flow quantifier Joel Esler (jesler) (Mar 05)
Re: Pulledpork: please verify that you have recently updated your root certificates! Joel Esler (jesler) (Feb 19)
Re: Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start Joel Esler (jesler) (Feb 03)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Joel Esler (jesler) (Jan 28)
Re: Hosts Attribute exception/override? Joel Esler (jesler) (Jan 22)
Re: [Snort-users] [Snort-user] registerRule(Rule **) error Joel Esler (jesler) (Jan 29)
Re: RES: RES: Rules Joel Esler (jesler) (Feb 12)

Johnathan Wiltberger

Re: Creating a rule for RDP Johnathan Wiltberger (Feb 07)
Re: Creating a rule for RDP Johnathan Wiltberger (Feb 09)

John Hall

Place to install Snort John Hall (Jan 24)

John York

Re: Snort-sigs Digest, Vol 106, Issue 20 John York (Mar 16)

Jonathon Elwood

ET POLICY Vulnerable Java Version 1.8.x Detected Jonathon Elwood (Mar 20)

Josh Kline

init script status check always exits zero Josh Kline (Jan 28)

Juan Jesus Prieto

Re: Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start Juan Jesus Prieto (Feb 02)
Re: Snort, barnyard2, snorby issue Juan Jesus Prieto (Mar 06)
Re: Upgraded to 2.9.7.0, then down graded to 2.9.6.2 and snort will not start Juan Jesus Prieto (Feb 01)

Jutichai Thongkrachai

Cannot bind address and add more OS Policy for Stream5 TCP Preprocessor Jutichai Thongkrachai (Jan 31)
Re: Snort-users Digest, Vol 104, Issue 51 Jutichai Thongkrachai (Jan 27)
Cisco Proprietary Protocol and Snort Jutichai Thongkrachai (Jan 26)
Re: Cannot bind address and add more OS Policy for Stream5 TCP Preprocessor Jutichai Thongkrachai (Feb 02)
Re: Cisco Proprietary Protocol and Snort Jutichai Thongkrachai (Jan 27)

Karolis

snort.stats key-value mapping Karolis (Mar 31)

Kelly D. Leavitt

Why would my server trigger rule Sid 17487 Kelly D. Leavitt (Feb 09)
Re: Why would my server trigger rule Sid 17487 Kelly D. Leavitt (Feb 09)

kestutis.malakauskas

Re: CVE-2015-0204 kestutis.malakauskas (Mar 10)
CVE-2015-0204 kestutis.malakauskas (Mar 10)
Re: CVE-2015-0204 kestutis.malakauskas (Mar 10)

Kumarswamy H N (kumhn)

Re: Features Snort Kumarswamy H N (kumhn) (Mar 30)
Re: Snort output problem ?? Kumarswamy H N (kumhn) (Mar 30)

L0rd Ch0de1m0rt

Negative offset? L0rd Ch0de1m0rt (Mar 03)

Lawrence Decker

Pulledpork: please verify that you have recently updated your root certificates! Lawrence Decker (Feb 18)
Re: Pulledpork: please verify that you have recently updated your root certificates! Lawrence Decker (Feb 20)

Lena Okanovic

real-time alerting and rule to monitor only specific traffic Lena Okanovic (Feb 23)
Re: real-time alerting and rule to monitor only specific traffic Lena Okanovic (Feb 26)
Re: Stuck at Commencing Packet Processing Lena Okanovic (Feb 22)
Stuck at Commencing Packet Processing Lena Okanovic (Feb 16)

liao zhuodi

Create rules for Google Hangouts liao zhuodi (Feb 11)
Re: Create rules for Google Hangouts liao zhuodi (Feb 11)

Lil Evil

Snort on a strato vserver // DAQ NFQ initialisation fails Lil Evil (Jan 21)

lists () packetmail net

Re: Using DNS response fields in an alert msg lists () packetmail net (Jan 07)
Re: Problems using flow quantifier lists () packetmail net (Mar 05)
Re: FP on EXPLOIT-KIT Angler(1:31046) lists () packetmail net (Jan 07)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 lists () packetmail net (Jan 28)
Re: Problems using flow quantifier lists () packetmail net (Mar 05)
Re: Ghost glibc and EXIM rules lists () packetmail net (Jan 29)
Re: Trouble with HTTP status message rule lists () packetmail net (Mar 12)
Re: Problems using flow quantifier lists () packetmail net (Mar 05)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 lists () packetmail net (Jan 28)
Re: Using DNS response fields in an alert msg lists () packetmail net (Jan 07)
Re: Using DNS response fields in an alert msg lists () packetmail net (Jan 07)
Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 lists () packetmail net (Jan 28)

Lukas Matt

Re: CVE-2014-8104 Lukas Matt (Mar 04)
Ghost glibc and EXIM rules Lukas Matt (Jan 29)

Madz

Analyse pcap file Madz (Jan 22)
Fwd: Dos attacks Madz (Jan 31)
Dos attacks Madz (Jan 30)

manjil bhetwal

regarding network IDS and Darpa dataser manjil bhetwal (Jan 05)

Mark Greenman

Problem with pf_ring daq Mark Greenman (Jan 04)
activate/dynamic rules problem Mark Greenman (Jan 11)
Re: Difference between drop and reject rules Mark Greenman (Feb 11)
Re: Difference between drop and reject rules Mark Greenman (Feb 12)
Re: Difference between drop and reject rules Mark Greenman (Feb 08)
Content Match Mark Greenman (Jan 31)
Difference between drop and reject rules Mark Greenman (Feb 07)
Re: Difference between drop and reject rules Mark Greenman (Feb 12)

Mark Sellers

Snort not logging to /var/log/snort Mark Sellers (Mar 18)

Mark W. Jeanmougin

Re: Sourcefire Intrusion Agent Mark W. Jeanmougin (Feb 25)

Matthias Wübbeling

Re: does alertAdd() free pointer after logging? Matthias Wübbeling (Mar 03)

mehrdad hajizadeh

Snort Malicious Traffic Redirection to other IP mehrdad hajizadeh (Mar 30)

Michael Brown

OpenAppID Michael Brown (Mar 25)

Michael Steele

Re: BASE timestamp wrong Michael Steele (Jan 15)
Re: Stuck at Commencing Packet Processing Michael Steele (Feb 22)
Re: [Snort-users] Is ACID related to the snort's mysql support?‏ Michael Steele (Mar 06)
Re: Snort and a remote mssql database server Michael Steele (Feb 17)
Re: [Snort-users] Is ACID related to the snort's mysql support?‏ Michael Steele (Mar 06)
Re: I could use help getting my snort pulled pork barnyard2 BASE running Michael Steele (Mar 16)

Michal Keníž

unified2 extra data - howto Michal Keníž (Mar 25)

Mike Cox

Resetting Snort without reloading everything Mike Cox (Mar 31)

Mike Hale

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Mike Hale (Jan 28)

Mike Michalak

Re: Barnyard2 Mike Michalak (Jan 17)
Re: Barnyard2 Mike Michalak (Jan 19)
Re: Barnyard2 Mike Michalak (Jan 18)
Barnyard2 Mike Michalak (Jan 16)
Re: Barnyard2 Mike Michalak (Jan 18)

Mike S

Looking for utility Mike S (Mar 03)

Minh Trung

Place to install Snort Minh Trung (Jan 22)
Re: Place to install Snort Minh Trung (Jan 23)
Re: Place to install Snort Minh Trung (Jan 28)

mohamed elqaissy

Snort output problem ?? mohamed elqaissy (Mar 30)

Mohammad Rastgoo

HTTP Get Flood Mohammad Rastgoo (Feb 14)
Re: HTTP Get Flood Mohammad Rastgoo (Feb 15)

Mohiuddin Ebna Kawsar

does alertAdd() free pointer after logging? Mohiuddin Ebna Kawsar (Mar 02)

Muhammad Ridwan Zalbina

(no subject) Muhammad Ridwan Zalbina (Jan 14)
Re: Snort-devel Digest, Vol 104, Issue 18 Muhammad Ridwan Zalbina (Mar 31)

Mustafa Qasim

Re: Using DNS response fields in an alert msg Mustafa Qasim (Jan 07)

Namik Benyminov

Re: (no subject) Namik Benyminov (Jan 01)
(no subject) Namik Benyminov (Jan 01)

Nick de Bruijn

Features Snort Nick de Bruijn (Mar 30)
Features of Snort Nick de Bruijn (Mar 30)

Omar Osta

Portsweep and ICMP Sweep Alerts Omar Osta (Mar 27)

Pablo Cantos Polaino

Re: unified2 extra data - howto Pablo Cantos Polaino (Mar 26)
Getting alerts for every file Snort detects and File Services preprocessor Pablo Cantos Polaino (Mar 17)
Re: Getting alerts for every file Snort detects and File Services preprocessor Pablo Cantos Polaino (Mar 31)
Getting alerts for every file Snort detects and File Services preprocessor Pablo Cantos Polaino (Mar 12)
Re: Getting alerts for every file Snort detects and File Services preprocessor Pablo Cantos Polaino (Mar 30)

Patrick Mullen

Re: Problem with rule sid 33323 Patrick Mullen (Feb 20)

PattiMichelle

Setting up simple LAN-sniffing for bad signatures? PattiMichelle (Jan 02)

Praveen D

byte_test and relative Praveen D (Jan 14)

Priyanka Raj -T (priraj - KFORCE INC at Cisco)

OpenAppID Detection Webinar Priyanka Raj -T (priraj - KFORCE INC at Cisco) (Jan 30)

Ran Regev

barnyard2, syslog and pulling the packet data Ran Regev (Jan 19)

Rata Pelua

need assistance - no so rules with pulled pork Rata Pelua (Mar 05)
Fwd: no .so rules with pulledpork Rata Pelua (Mar 05)

reniykec

Increase detection rate reniykec (Feb 23)
Attack detection reniykec (Feb 11)

Research

Sourcefire VRT Certified Snort Rules Update 2015-03-10 Research (Mar 10)
Sourcefire VRT Certified Snort Rules Update 2015-01-29 Research (Jan 29)
Re: Generator ID map file location changed ? Research (Mar 01)
Sourcefire VRT Certified Snort Rules Update 2015-03-05 Research (Mar 05)
Problems using flow quantifier Research (Mar 05)
Sourcefire VRT Certified Snort Rules Update 2015-01-15 Research (Jan 15)
Sourcefire VRT Certified Snort Rules Update 2015-02-10 Research (Feb 10)
Re: Semantics of ipvar HOME_NET Research (Mar 02)
Sourcefire VRT Certified Snort Rules Update 2015-02-05 Research (Feb 05)
Sourcefire VRT Certified Snort Rules Update 2015-01-20 Research (Jan 20)
Frag3 target default setting Research (Feb 28)
Sourcefire VRT Certified Snort Rules Update 2015-03-31 Research (Mar 31)
Sourcefire VRT Certified Snort Rules Update 2015-03-12 Research (Mar 12)
Re: Depth vs. offset in rules Research (Mar 03)
Sourcefire VRT Certified Snort Rules Update 2015-02-19 Research (Feb 22)
Depth vs. offset in rules Research (Mar 03)
Unclear on active response MAC address Research (Mar 03)
Sourcefire VRT Certified Snort Rules Update 2015-03-26 Research (Mar 26)
Re: Startup error post-package install Research (Feb 26)
Re: Problems using flow quantifier Research (Mar 05)
Use of iis_unicode_map in HTTP Inspect on Linux IDS host Research (Feb 28)
Sourcefire VRT Certified Snort Rules Update 2015-01-13 Research (Jan 13)
Generator ID map file location changed ? Research (Feb 27)
Sourcefire VRT Certified Snort Rules Update 2015-02-17 Research (Feb 17)
Sourcefire VRT Certified Snort Rules Update 2015-01-06 Research (Jan 06)
SOLVED - Trouble with HTTP status message rule Research (Mar 12)
Re: Startup error post-package install Research (Feb 26)
Re: Frag3 target default setting Research (Feb 28)
Sourcefire VRT Certified Snort Rules Update 2015-01-22 Research (Jan 22)
Re: Use of iis_unicode_map in HTTP Inspect on Linux IDS host Research (Feb 28)
Re: Startup error post-package install Research (Feb 26)
Sourcefire VRT Certified Snort Rules Update 2015-03-17 Research (Mar 17)
Sourcefire VRT Certified Snort Rules Update 2015-03-03 Research (Mar 03)
Re: Startup error post-package install Research (Feb 28)
Trouble with HTTP status message rule Research (Mar 12)
Sourcefire VRT Certified Snort Rules Update 2015-03-19 Research (Mar 19)
Re: Use of iis_unicode_map in HTTP Inspect on Linux IDS host Research (Feb 28)
Startup error post-package install Research (Feb 26)
Semantics of ipvar HOME_NET Research (Mar 02)
Sourcefire VRT Certified Snort Rules Update 2015-02-03 Research (Feb 03)
Re: Unclear on active response MAC address Research (Mar 03)
Sourcefire VRT Certified Snort Rules Update 2015-01-27 Research (Jan 27)
Sourcefire VRT Certified Snort Rules Update 2015-02-26 Research (Feb 26)
http_inspect_server syntax error ? Research (Mar 01)
Sourcefire VRT Certified Snort Rules Update 2015-02-24 Research (Feb 25)
Re: SOLVED - Trouble with HTTP status message rule Research (Mar 12)
Re: Problems using flow quantifier Research (Mar 05)
Re: http_inspect_server syntax error ? Research (Mar 01)
Sourcefire VRT Certified Snort Rules Update 2015-03-24 Research (Mar 24)
Sourcefire VRT Certified Snort Rules Update 2015-01-08 Research (Jan 08)

rezaa abedi

snort NIDS rezaa abedi (Feb 06)

Richard Giles

Creating a rule for RDP Richard Giles (Jan 22)
Re: Creating a rule for RDP Richard Giles (Jan 23)

Richard Martin

2.9.7.0 Install startup error: snort:symbol lookup error "rand_open" Richard Martin (Feb 08)

Rishabh Shah

Re: File extraction during http/ftp transaction Rishabh Shah (Mar 11)
Re: Snort unable to drop packets in inline mode Rishabh Shah (Feb 22)
Snort unable to drop packets in inline mode Rishabh Shah (Feb 21)
Re: File extraction during http/ftp transaction Rishabh Shah (Mar 11)
Snort react should return HTTP 302 instead of HTTP 403 Rishabh Shah (Feb 25)
Is it possible to extract URIs and store in a file? Rishabh Shah (Mar 22)
Re: Need an efficient way to generate rules for URL Filtering Rishabh Shah (Mar 21)
Re: File extraction during http/ftp transaction Rishabh Shah (Mar 11)
Re: Snort unable to drop packets in inline mode Rishabh Shah (Feb 25)
Re: File extraction during http/ftp transaction Rishabh Shah (Mar 11)
Re: Snort react should return HTTP 302 instead of HTTP 403 Rishabh Shah (Mar 02)
Re: Snort unable to drop packets in inline mode Rishabh Shah (Feb 25)
Need an efficient way to generate rules for URL Filtering Rishabh Shah (Mar 20)
Re: Snort unable to drop packets in inline mode Rishabh Shah (Feb 22)
File extraction during http/ftp transaction Rishabh Shah (Mar 11)
Re: Snort react should return HTTP 302 instead of HTTP 403 Rishabh Shah (Mar 03)

rmkml

Re: DNS Reverse Shell sig rmkml (Feb 04)

Robert

Which solution for blocking attacks ? Robert (Mar 09)

Robert Lasota

Odp: Re: Odp: RE: React option doesn't work Robert Lasota (Mar 27)
Odp: RE: React option doesn't work Robert Lasota (Mar 27)
Odp: Re: Odp: Re: Odp: RE: React option doesn't work Robert Lasota (Mar 27)
React option doesn't work Robert Lasota (Mar 27)
Odp: Re: Odp: Re: Odp: RE: React option doesn't work Robert Lasota (Mar 27)
Odp: Re: Odp: Re: Odp: Re: Odp: RE: React option doesn't work Robert Lasota (Mar 28)
React option doesn't work Robert Lasota (Mar 27)

Rodgers, Anthony (DTMB)

Re: Sourcefire VRT Certified Snort Rules Update 2015-01-27 Rodgers, Anthony (DTMB) (Jan 28)
Re: Using DNS response fields in an alert msg Rodgers, Anthony (DTMB) (Jan 07)
Re: Need an efficient way to generate rules for URL Filtering Rodgers, Anthony (DTMB) (Mar 21)

Rodrigo Montoro(Sp0oKeR)

Re: Trouble with HTTP status message rule Rodrigo Montoro(Sp0oKeR) (Mar 12)

Ron Sal

Re: Snort decoder Ron Sal (Jan 26)
Snort decoder Ron Sal (Jan 26)

Roshan Srivastava

Fwd: hybrid IDS using snort Roshan Srivastava (Mar 08)

Russ

Re: Difference between drop and reject rules Russ (Feb 12)
Re: Difference between drop and reject rules Russ (Feb 12)
Re: Snort-3.0: WARNING: active responses disabled since DAQ can't inject packets. Russ (Mar 26)
Re: Snort++: enum "RuleOptType" Russ (Mar 23)
Re: Snort react should return HTTP 302 instead of HTTP 403 Russ (Mar 02)
Re: Difference between drop and reject rules Russ (Feb 09)
Re: Snort 3.0: STATIC_IPS_OPTIONS, STATIC_IPS_ACTIONS Russ (Feb 12)

Russ Combs (rucombs)

Re: THREAD_LOCAL Russ Combs (rucombs) (Jan 26)
Re: autotools and cmake with enable-large-pcap difference Russ Combs (rucombs) (Jan 20)
Re: Error compiling Snort 3.0.0-a1 with enable-linux-smp-stats Russ Combs (rucombs) (Jan 20)
Re: What are the current default enabled build options? Russ Combs (rucombs) (Feb 05)
Re: InspectorType Russ Combs (rucombs) (Feb 02)
Re: THREAD_LOCAL Russ Combs (rucombs) (Jan 23)
Re: Snort 3.0: Actions Russ Combs (rucombs) (Feb 04)
Re: Not working unified2 module in snort++ (snort 3.0) Russ Combs (rucombs) (Jan 15)
Re: Snort 3.0: Actions Russ Combs (rucombs) (Feb 05)
Re: Snort 3.0: Actions Russ Combs (rucombs) (Feb 05)
Re: confirm 343ec785cc752e98b958383c9c38dfab4b0200dc Russ Combs (rucombs) (Jan 18)

s0ups .

Re: ShellShock Signatures s0ups . (Mar 03)

sajjad purmohseni

Re: TCP flags issue sajjad purmohseni (Feb 05)
TCP flags issue sajjad purmohseni (Feb 03)

Samuel M Westerfeld

Re: Creating a rule for RDP Samuel M Westerfeld (Feb 07)

Sancho Panza

Snort 3.0: Actions Sancho Panza (Feb 04)
Re: Snort 3.0: Actions Sancho Panza (Feb 05)
InspectorType Sancho Panza (Feb 02)
Snort 3.0: STATIC_IPS_OPTIONS, STATIC_IPS_ACTIONS Sancho Panza (Feb 12)
Re: Snort 3.0: Actions Sancho Panza (Feb 05)
Re: THREAD_LOCAL Sancho Panza (Jan 25)
Snort++: enum "RuleOptType" Sancho Panza (Mar 23)
THREAD_LOCAL Sancho Panza (Jan 23)

Sandeep Singh

Regarding GID 1, SID 33429 - Microsoft Windows SMB potential group policy fallback exploit attempt Sandeep Singh (Feb 13)

Scott Savarese

Re: Proposed change to sid:24348 - I don't think it encompasses all the allowed X-Forwarded-For rules Scott Savarese (Jan 10)
Proposed change to sid:24348 - I don't think it encompasses all the allowed X-Forwarded-For rules Scott Savarese (Jan 08)
Re: Proposed change to sid:24348 - I don't think it encompasses all the allowed X-Forwarded-For rules Scott Savarese (Jan 08)
Re: Creating a rule for RDP Scott Savarese (Jan 23)

setests setests

Using multiple PCRE setests setests (Jan 29)

Sharif Uddin

Re: snort and dhcp new devices on network Sharif Uddin (Mar 30)
SIEM Sharif Uddin (Mar 11)
Re: snort and dhcp new devices on network Sharif Uddin (Mar 30)
snort not logging anything in log file Sharif Uddin (Mar 13)
snort not logging anything in log file Sharif Uddin (Mar 23)
snort and dhcp new devices on network Sharif Uddin (Mar 30)

Shirkdog

Re: Pulledpork and Snort warnings Shirkdog (Mar 22)
Re: Barnyard2 Shirkdog (Jan 16)
Re: SSL problems with snort.org and pulledpork on FreeBSD Shirkdog (Jan 21)
Re: Building DAQ for freebsd - afpacket Shirkdog (Jan 22)
Re: how to run pulledpork ignoring trust certificates? Shirkdog (Mar 15)
Re: pulledpork 0.7.1 -wc certificate verification problem Shirkdog (Jan 16)
Re: Pulledpork: please verify that you have recently updated your root certificates! Shirkdog (Feb 18)
Re: how to run pulledpork ignoring trust certificates? Shirkdog (Mar 23)
Re: SSL problems with snort.org and pulledpork on FreeBSD Shirkdog (Jan 22)
Re: [Snort-users] Is ACID related to the snort's mysql support?‏ Shirkdog (Mar 06)

simegn ztsion

snort rules simegn ztsion (Jan 03)
How to replay pcap files at arbitrary speed simegn ztsion (Jan 21)

Simon Wesseldine

Re: Creating a rule for RDP Simon Wesseldine (Feb 09)

Sirvesh Tyagi

Issue while installing snort Sirvesh Tyagi (Feb 08)

snort

Re: CVE-2015-0204 snort (Mar 10)

Snort Releases

Snort 2.9.7.2 Now Available Snort Releases (Mar 12)
Snort++ Build 135 Now Available Snort Releases (Jan 29)
Snort++ Build 144 Available Now Snort Releases (Mar 31)
Snort++ Build 140 Available Now Snort Releases (Mar 02)
Snort++ Build 140 Available Now Snort Releases (Mar 02)
Snort 2.9.7.2 Now Available Snort Releases (Mar 12)
Snort++ Build 144 Available Now Snort Releases (Mar 31)
Snort++ Build 135 Now Available Snort Releases (Jan 29)

Sss kkk

(http_inspect) UNKNOWN METHOD for SSL over http proxy Sss kkk (Mar 27)
Re: (http_inspect) UNKNOWN METHOD for SSL over http proxy Sss kkk (Mar 27)

Starner, Mark

Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
$eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)
Re: $eth1_ADDRESS still a valid variable in 2.9.7.0? Starner, Mark (Feb 17)

stephane.nasdrovisky

Re: SMTP Preprocessor : X-ANONYMOUSTLS command stephane.nasdrovisky (Mar 12)

Stephen Gantz

Re: install/configure Snort IPS mode on Windows OS Stephen Gantz (Feb 13)
Re: Snort Configuration Trouble Stephen Gantz (Jan 09)
Re: Failed to load /lib_sfdynamic_preprocessor_example.so Stephen Gantz (Jan 31)
Re: commencing packet processing (pid=26029) ?? Stephen Gantz (Mar 19)
Re: Snort 2.9.7.2 Stephen Gantz (Mar 16)

Steve Gantz

Re: packet content match Steve Gantz (Jan 21)
Re: Stuck at Commencing Packet Processing Steve Gantz (Feb 16)
Re: [Snort-user] ERROR: ./../rules/app-detect.rules(0) Unable to open rules file "./../rules/app-detect.rules": No such file or directory. Steve Gantz (Jan 22)
Re: packet content match Steve Gantz (Jan 21)
Re: active response and network tap Steve Gantz (Jan 09)

Steven Sturges

Re: TCP flags issue Steven Sturges (Feb 04)

Steve Sturges (ststurge)

Re: does alertAdd() free pointer after logging? Steve Sturges (ststurge) (Mar 03)

Tawanda Purazi

Re: (http_inspect) UNKNOWN METHOD for SSL over http proxy Tawanda Purazi (Mar 27)

Terry John

(http_inspect) UNKNOWN METHOD error on squid Terry John (Mar 04)
Re: Red Hat Enterprise Linux 6.5 Terry John (Mar 04)
Re: (http_inspect) UNKNOWN METHOD error on squid Terry John (Mar 04)
Re: (http_inspect) UNKNOWN METHOD error on squid Terry John (Mar 04)

test engineer

Multiple log files test engineer (Jan 06)
Re: Multiple log files test engineer (Jan 09)

Tim Tielens

Snort table is NIL error Tim Tielens (Feb 26)

Tony Robinson

SSL problems with snort.org and pulledpork on FreeBSD Tony Robinson (Jan 21)
Building DAQ for freebsd - afpacket Tony Robinson (Jan 22)

vb

Signatures for WSNs - 802.15.4, ZigBee, 6LoWPAN... vb (Feb 17)

Victor Roemer

Re: Getting alerts for every file Snort detects and File Services preprocessor Victor Roemer (Mar 30)
Re: Getting alerts for every file Snort detects and File Services preprocessor Victor Roemer (Mar 27)
Re: Getting alerts for every file Snort detects and File Services preprocessor Victor Roemer (Mar 27)
Re: Question: Snort-Alerts do not fire when traffic goesthru proxy Victor Roemer (Mar 27)
Re: NoSQL Key Value Port Victor Roemer (Feb 06)
Re: preprocessor stream5_global prune_log_max 0 Victor Roemer (Mar 27)
Re: Getting alerts for every file Snort detects and File Services preprocessor Victor Roemer (Mar 31)
Re: Bad -M option (or manual) Victor Roemer (Mar 27)
Re: Odp: Re: Odp: RE: React option doesn't work Victor Roemer (Mar 27)

Vona, Steven A CIV NSWCCD Philadelphia, 10411

Disabling Rules via disablesid.conf Vona, Steven A CIV NSWCCD Philadelphia, 10411 (Feb 05)
Re: Disabling Rules via disablesid.conf Vona, Steven A CIV NSWCCD Philadelphia, 10411 (Feb 06)
Re: Disabling Rules via disablesid.conf Vona, Steven A CIV NSWCCD Philadelphia, 10411 (Feb 06)
Re: Disabling Rules via disablesid.conf Vona, Steven A CIV NSWCCD Philadelphia, 10411 (Feb 06)

waldo kitty

Re: help, the configuration problem waldo kitty (Jan 05)
Re: Multiple log files waldo kitty (Jan 09)
Re: [snort-users] generate .rule file for shared object rule waldo kitty (Jan 31)
Re: snort rules waldo kitty (Jan 05)
Re: Place to install Snort waldo kitty (Jan 23)
Re: [Snort-user] dynamic variable for content match waldo kitty (Jan 27)
Re: Multiple log files waldo kitty (Jan 07)
Re: How to know what is "any" ip address??? waldo kitty (Feb 03)
Re: [Snort-user] dynamic variable for content match waldo kitty (Jan 28)
Re: RES: RES: Rules waldo kitty (Feb 12)
Re: How to know what is "any" ip address??? waldo kitty (Feb 05)
Re: Proposed change to sid:24348 - I don't think it encompasses all the allowed X-Forwarded-For rules waldo kitty (Jan 08)
Re: Is it possible to extract URIs and store in a file? waldo kitty (Mar 23)
Re: SMTP decoder waldo kitty (Feb 12)
Re: Proposed change to sid:24348 - I don't think it encompasses all the allowed X-Forwarded-For rules waldo kitty (Jan 09)
Re: Old Snort Rules waldo kitty (Jan 12)
Re: restart snort after pulledpork updates ? waldo kitty (Jan 21)

walid abdalwahab

Fw: install/configure Snort IPS mode on Windows OS walid abdalwahab (Feb 13)

Ward Sladek

Re: Snort, barnyard2, snorby issue Ward Sladek (Mar 06)

Wei Chea Ang

Re: Place to install Snort Wei Chea Ang (Jan 28)

Weir, Jason

FP on 31977? Weir, Jason (Mar 16)
Sourcefire Intrusion Agent Weir, Jason (Feb 25)
Re: FP on 31977? Weir, Jason (Mar 16)

Will Metcalf

Re: ET POLICY Vulnerable Java Version 1.8.x Detected Will Metcalf (Mar 22)

xyz xyz

Re: config problem xyz xyz (Jan 04)

Y M

Re: Startup error post-package install Y M (Feb 26)
Re: IPS using DAQ AFPacket problems Y M (Jan 01)
Re: Snort Sensors do not appear to be detecting what they should Y M (Mar 11)
Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
Re: Disabling Rules via disablesid.conf Y M (Feb 06)
Re: Possible Rule Change Y M (Jan 29)
Error compiling Snort 3.0.0-a1 with enable-linux-smp-stats Y M (Jan 19)
Re: Sending syslog alerts from Snort on ArchLinux on RPI b+ Y M (Mar 23)
Re: barnyard2, syslog and pulling the packet data Y M (Jan 19)
Re: Snort silently dying... Y M (Mar 11)
Re: Generator ID map file location changed ? Y M (Mar 01)
Re: Disabling Rules via disablesid.conf Y M (Feb 05)
Re: real-time alerting and rule to monitor only specific traffic Y M (Feb 26)
Re: Snort silently dying... Y M (Mar 11)
Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
Re: Pulledpork and Snort warnings Y M (Mar 23)
Re: Problem running Snort Inline Y M (Feb 06)
autotools and cmake with enable-large-pcap difference Y M (Jan 19)
Re: http_inspect_server syntax error ? Y M (Mar 01)
Re: pulledpork config two different error messages Y M (Jan 01)
Re: (no subject) Y M (Jan 01)
Re: Updating Snort Rules Offline Y M (Feb 07)
Re: File extraction during http/ftp transaction Y M (Mar 11)
Re: (no subject) Y M (Jan 01)
Re: gen-msg.map is missing! What to do? Where to get it? Y M (Mar 11)
Re: Problem running Snort Inline Y M (Feb 05)
Re: Disabling Rules via disablesid.conf Y M (Feb 06)
Re: CVE-2015-0204 Y M (Mar 10)

Yogesh C U

Re: Getting error when try to make the file Yogesh C U (Mar 30)

Yuhui Lin

Snort-3.0: WARNING: active responses disabled since DAQ can't inject packets. Yuhui Lin (Mar 26)

Zeeshan Afzal

Re: Old Snort Rules Zeeshan Afzal (Jan 12)
Old Snort Rules Zeeshan Afzal (Jan 12)
Re: Old Snort Rules Zeeshan Afzal (Jan 12)

zT

[snort-user] is there any option to inspect packet? zT (Feb 01)
Re: [Snort-user] dynamic variable for content match zT (Jan 26)
[Snort-user] ERROR: ./../rules/app-detect.rules(0) Unable to open rules file "./../rules/app-detect.rules": No such file or directory. zT (Jan 22)
Re: [Snort-user] ERROR: ./../rules/app-detect.rules(0) Unable to open rules file "./../rules/app-detect.rules": No such file or directory. zT (Jan 22)
Failed to load /lib_sfdynamic_preprocessor_example.so zT (Jan 30)
[Snort-user] rule file: get input form terminal zT (Jan 25)
[snort-user] ERROR: Failed to load //lib_sfdynamic_preprocessor_example.so zT (Jan 30)
Re: [Snort-user] dynamic variable for content match zT (Jan 27)
Re: How to know what is "any" ip address??? zT (Feb 02)
$ sudo service snortd restart zT (Jan 24)
[Snort-user] how to get input for snort rules zT (Jan 29)
[snort-users] generate .rule file for shared object rule zT (Jan 31)
Re: test rule zT (Jan 22)
inspect packet with snort zT (Jan 16)
Re: Failed to load /lib_sfdynamic_preprocessor_example.so zT (Jan 31)
packet content match zT (Jan 21)
[Snort-user] registerRule(Rule **) error zT (Jan 29)
Re: [Snort-user] dynamic variable for content match zT (Jan 29)
[Snort-users] How to know what is "any" ip address??? zT (Feb 02)
Re: [Snort-user] dynamic variable for content match zT (Jan 28)
test rule zT (Jan 22)
[Snort-user] error with start snort zT (Jan 26)
Re: How to know what is "any" ip address??? zT (Feb 02)
Re: [Snort-user] how to get input for snort rules zT (Jan 31)
[Snort-user] dynamic variable for content match zT (Jan 26)

刘江波

取消订阅 刘江波 (Mar 09)

ぜ許〃

help, the configuration problem ぜ許〃 (Jan 04)

Previous period

Next period