Home page logo
/

1152 messages starting Oct 22 10 and ending Nov 02 10
Date index | Thread index | Author index

김무성

10G virtual network traffic 김무성 (Oct 22)
which SQL injection detection rule is best when considering performance, false-positive, real attack 김무성 (Dec 01)

Ahmed Qaisi

I'm tired from snort!! Ahmed Qaisi (Oct 26)
Re: I'm tired from snort!! Ahmed Qaisi (Oct 26)

Alan Ptak

Re: SID Identification Alan Ptak (Oct 19)
Re: Is Snort susceptible to AET's? Alan Ptak (Oct 20)

Alejandro Cabrera Obed

URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
Snort Report or Base ??? Alejandro Cabrera Obed (Oct 28)
Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 29)
Snort 2.9 + Debian Alejandro Cabrera Obed (Dec 16)
Rules for Snort 2.9.0.2 Alejandro Cabrera Obed (Dec 20)

alexandre suzuki

Just Analyzing tcpdump files according to defined rules. alexandre suzuki (Oct 07)

Alex Kirk

Re: snort-2.9.0 missing --enable-inline Alex Kirk (Oct 06)
Re: GPL sid 2472 optimization. Alex Kirk (Oct 11)
Re: FP 12634 Alex Kirk (Oct 13)
Re: pcre high cpu usage Alex Kirk (Oct 18)
Re: pcre high cpu usage Alex Kirk (Oct 19)
Re: pcre high cpu usage Alex Kirk (Oct 19)
Re: FP 17154 Alex Kirk (Oct 21)
Re: FP? 1675 Alex Kirk (Oct 21)
Re: Possible FP 17363 Alex Kirk (Oct 25)
Re: [Spam] Re: Possible FP 17363 Alex Kirk (Oct 26)
Re: FP on sig 17567 Alex Kirk (Nov 17)
Re: Problem with stream5 Alex Kirk (Nov 18)
Re: Issue while detecting patterns in a simple HTTP Page [Web client based] Alex Kirk (Nov 22)
Re: Are commas allowed in signature descriptions? Alex Kirk (Dec 08)
Re: Are commas allowed in signature descriptions? Alex Kirk (Dec 09)

Alex Tatistcheff

Re: Snort 2.9.0 Now Available Alex Tatistcheff (Oct 05)
Re: Host Attribute Table Question Alex Tatistcheff (Nov 12)
Re: Ourmon Alex Tatistcheff (Dec 10)

Andersen Klaus

Re: Snort 2.9 Setup Guide Andersen Klaus (Oct 20)

Andres Carrera

Ourmon Andres Carrera (Nov 18)
Re: [Snort-users] Ourmon Andres Carrera (Dec 08)

Andres Carrera Rivera

Snort Inline As an IPS Andres Carrera Rivera (Oct 01)
Re: Snort Inline As an IPS Andres Carrera Rivera (Oct 01)
Re: Snort Inline As an IPS Andres Carrera Rivera (Oct 01)
Spade Drop Anomalies Andres Carrera Rivera (Oct 14)
Re: H-Snort / Hybrid Snort Andres Carrera Rivera (Nov 26)
H-Snort / Hybrid Snort Andres Carrera Rivera (Nov 27)
Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)
Re: Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)
Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 02)
Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 02)
Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 02)
Re: I need some opinions Andres Carrera Rivera (Dec 06)
Re: Snort preprocessor perfmonitor Andres Carrera Rivera (Dec 09)

Andy Berryman

Building a host attribute table? Andy Berryman (Oct 13)
Is Snort susceptible to AET's? Andy Berryman (Oct 20)
Host Attribute Table Question Andy Berryman (Nov 11)
Re: Host Attribute Table Question Andy Berryman (Nov 11)
FP on sig 17567 Andy Berryman (Nov 17)
Re: Changes in the latest rule packs Andy Berryman (Dec 06)
New Sig Doc is one giant file? Andy Berryman (Dec 06)
Re: New Sig Doc is one giant file? Andy Berryman (Dec 07)

Anthony Rees

Re: How o views snort log from mysql Anthony Rees (Oct 30)
Re: OT: What tap would you recommend? Anthony Rees (Nov 05)

Atkins, Dwane P

Snort recommendations Atkins, Dwane P (Nov 04)
Re: Snort recommendations Atkins, Dwane P (Nov 04)
libdnet.1: cannot open shared object file: no such file or directory Atkins, Dwane P (Nov 09)
Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Re: Install Snort on Ubuntu with mysql and SnortReports Atkins, Dwane P (Nov 10)
Snorby and Snort Atkins, Dwane P (Nov 10)
Re: Snorby and Snort Atkins, Dwane P (Nov 11)
Tweak mysql database Atkins, Dwane P (Dec 21)

Azher Mughal

Snort libmysql error Azher Mughal (Dec 15)
Re: Snort libmysql error Azher Mughal (Dec 15)
Re: Snort 2.9.0.3 Now Available Azher Mughal (Dec 26)

Barney Pause

sfportscan not generating alerts or logs Barney Pause (Oct 06)

Barry Demers

I'm overwhelmed by all this, but determined. Perhaps a little direction? Barry Demers (Dec 17)

beenph

Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 20)
Re: payload logging, barnyard2 beenph (Oct 29)

Bhagya Bantwal

Re: 'compress_depth' Bhagya Bantwal (Oct 08)
Re: Bug with file_data pointer being set in 2.9.0? Bhagya Bantwal (Oct 27)
Re: HTTP Inspect and packet reassembly Bhagya Bantwal (Oct 29)
Re: Snort 2.9, barnyard2, and unknown record types Bhagya Bantwal (Nov 03)
Re: Snort instance crashes Bhagya Bantwal (Dec 30)

Bill Scherr IV

Re: [Snort-devel] I need some opinions Bill Scherr IV (Dec 06)

Billy Marshall

Re: Barnyard2 and multiple sensors Billy Marshall (Nov 02)
Snort has different IPs than Wireshark Billy Marshall (Nov 30)
Re: Snort has different IPs than Wireshark Billy Marshall (Nov 30)

Bobby Venal

upgrade question Bobby Venal (Oct 26)
SMTP content-type overflow rule question Bobby Venal (Dec 03)

Brad P

Re: Install Snort on Ubuntu with mysql and SnortReports Brad P (Nov 10)

Castle, Shane

Re: Snort 2.9.0 packages for RHEL? Castle, Shane (Oct 18)
Re: Snort 2.9.0 packages for RHEL? Castle, Shane (Oct 18)
Re: snort 2.9.0.1 packages for RHEL5.x Castle, Shane (Nov 04)
Linux recommendations Castle, Shane (Nov 09)
Re: Install Snort on Ubuntu with mysql and SnortReports Castle, Shane (Nov 10)
Any BASE honchos here? Castle, Shane (Nov 10)
Re: Snort has different IPs than Wireshark Castle, Shane (Nov 30)
Re: [Snort-devel] Snort.org has a new blog! Castle, Shane (Dec 14)
Re: Best practices for very high volume install.. Castle, Shane (Dec 20)
Re: Snort with two instances Castle, Shane (Dec 22)
Re: Unsubscribe Tami.McGee () ftb ca gov Castle, Shane (Dec 29)

Champ Clark III [Softwink]

Building wireless IDS systems... Champ Clark III [Softwink] (Nov 11)

Chan, Wilson

Updating sid-msg.map Chan, Wilson (Nov 16)

Chris Copeland

capturing on the wrong nic Chris Copeland (Oct 19)
Re: capturing on the wrong nic Chris Copeland (Oct 19)

Chris Stevens

FP? 1675 Chris Stevens (Oct 20)

Christopher A. Libby

1:17239 False Positive Christopher A. Libby (Oct 12)
Re: 1:17239 False Positive Christopher A. Libby (Oct 12)
False Positives on 1:17246 Christopher A. Libby (Oct 14)
Re: Holy Crap Christopher A. Libby (Oct 15)

CleBeer

Re: snort-2.9.0 missing --enable-inline CleBeer (Oct 06)

C. L. Martinez

Libpcap shipped with RHEL6 GA C. L. Martinez (Nov 12)

Crook, Parker

Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
Re: Building a host attribute table? Crook, Parker (Oct 13)
Re: Will this work - negated hosts? Crook, Parker (Oct 26)
Re: Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. Crook, Parker (Nov 30)
Security Analogies Crook, Parker (Dec 17)
Re: Best practices for very high volume install.. Crook, Parker (Dec 21)
Re: Rule Migration Cheat Sheet? Crook, Parker (Dec 22)
New snort.conf Crook, Parker (Dec 29)
Re: New snort.conf Crook, Parker (Dec 30)

Crusty Saint

Re: New Proposed Classification.config file setup Crusty Saint (Dec 28)

CunningPike

Suggested pcre addition to 1:6251 CunningPike (Nov 27)
Re: Linux recommendations CunningPike (Dec 20)

c.willie

Error in encode.c in Snort 2.9.0 on Ubuntu 10.04.1 LST c.willie (Oct 25)

Dan Dwelley

Using SNORT inline Dan Dwelley (Oct 29)

Danny Paul

Snort 2.9.0 ipvar unknown rule type Danny Paul (Oct 19)
Re: Snort 2.9.0 ipvar unknown rule type Danny Paul (Oct 19)
Re: Snort 2.9.0 ipvar unknown rule type Danny Paul (Oct 19)

Darren Spruell

Re: [Emerging-Sigs] [Snort-sigs] New Classification System Proposal Darren Spruell (Dec 24)

David C. Maple

Re: Snort with two instances David C. Maple (Dec 22)

David Gullett

Snort 2.9 Setup Guide David Gullett (Oct 19)
Re: Snort 2.9 Setup Guide David Gullett (Oct 24)

Dustin Webber

Snorby 2.0.0.pre Dustin Webber (Nov 29)
Snorby 2.0.0 Released Dustin Webber (Dec 06)
Re: Tweak mysql database Dustin Webber (Dec 21)
Re: Snort populates Mysql a lot Dustin Webber (Dec 23)

Edward Fjellskål

Re: Snort IPv6 database schema Edward Fjellskål (Nov 02)
Re: [Snort-users] Ourmon Edward Fjellskål (Dec 08)
Re: Snort 2.9.0.3 Now Available Edward Fjellskål (Dec 27)

egoitz

Snort and multiple logging egoitz (Oct 06)
Re: Snort and multiple logging egoitz (Oct 06)
Re: Snort and multiple logging egoitz (Oct 06)
Re: Snort and multiple logging egoitz (Oct 06)

elof

Best script to pre-load signature metadata into a database elof (Oct 07)
Re: Best script to pre-load signature metadata into a database elof (Oct 07)

Eoin Miller

Re: Snort 2.9.0 Now Available Eoin Miller (Oct 04)
Re: compiling daq in old custom environment... Eoin Miller (Oct 05)
Re: Snort and multiple logging Eoin Miller (Oct 06)
FP's with sid:17239 - IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt Eoin Miller (Oct 12)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Eoin Miller (Oct 20)
Re: Barnyard2 and multiple sensors Eoin Miller (Oct 21)
Re: HTTP Inspect and packet reassembly Eoin Miller (Oct 29)
Re: HTTP Inspect and packet reassembly Eoin Miller (Oct 31)
Re: OT: What tap would you recommend? Eoin Miller (Nov 05)
Re: Snort 2.9.0.1 Now Available Eoin Miller (Nov 08)
Re: Snort 2.9.0.1 Now Available Eoin Miller (Nov 08)
Re: Linux recommendations Eoin Miller (Nov 09)
Re: [Snort-users] 2.9.0.1 performance issue Eoin Miller (Nov 18)
Re: OT: What tap would you recommend? Eoin Miller (Nov 27)
Re: [Emerging-Sigs] Attack from .jp IPs Eoin Miller (Dec 07)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Eoin Miller (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Eoin Miller (Dec 17)
Re: Snort with two instances Eoin Miller (Dec 22)
Re: Rule Migration Cheat Sheet? Eoin Miller (Dec 22)
Re: New snort.conf Eoin Miller (Dec 30)

Eric L. Howard

Re: Using detection_filter instead of threshold Eric L. Howard (Oct 27)
Re: Using detection_filter instead of threshold Eric L. Howard (Oct 27)
Re: Stream5 confusion Eric L. Howard (Dec 28)

evejou

Question regarding distances after a byte_jump... evejou (Dec 16)
Re: Question regarding distances after a byte_jump... evejou (Dec 16)
Re: Question regarding distances after a byte_jump... evejou (Dec 17)

evilghost () packetmail net

Re: [Emerging-Sigs] Attack from .jp IPs evilghost () packetmail net (Dec 08)
Re: [Emerging-Sigs] congratulations to snort! for getting thesourceforge.net project of the month! evilghost () packetmail net (Dec 17)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
Re: Snort populates Mysql a lot evilghost () packetmail net (Dec 23)
Re: Snort instance crashes evilghost () packetmail net (Dec 30)

Fábio Ferrão

Problem with stream5 Fábio Ferrão (Nov 18)

Fingle Nark

PATCH: more compact ac-bnfa trans list Fingle Nark (Oct 27)
Re: PATCH: more compact ac-bnfa trans list Fingle Nark (Oct 28)

firnsy

Re: Snort 2.9, barnyard2, and unknown record types firnsy (Nov 03)
Call for Snort 2.9.x U2 files containing type 110 records. firnsy (Nov 22)
Re: unified2 processing firnsy (Nov 26)

Florian Westphal

[PATCH 1/1] daq_nfq: fix cfg->timeout usage and remove extra select call Florian Westphal (Dec 17)
Re: [PATCH 1/1] daq_nfq: fix cfg->timeout usage and remove extra select call Florian Westphal (Dec 17)

Frank Eberle

2.9.0.1 performance issue Frank Eberle (Nov 18)

Frank Knobbe

SnortSam Loss and Re-Creation Frank Knobbe (Oct 03)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Frank Knobbe (Dec 27)

Giles Coochey

Re: Attack from .jp IPs Giles Coochey (Dec 07)

Gisle Vanem

Re: No bridging support with Daq? Gisle Vanem (Dec 17)

Greg Lane

SID Identification Greg Lane (Oct 19)

Gregory W. MacPherson

Re: [Emerging-Sigs] New Proposed Classification.config file setup Gregory W. MacPherson (Dec 28)

Gregory Zill

Re: Snort populates Mysql a lot Gregory Zill (Dec 23)

Guise McAllaster

Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. Guise McAllaster (Nov 29)

Hafez Kamal

[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal (Nov 11)
[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal (Nov 11)
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal (Nov 18)
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal (Nov 18)

Hayes, Bert (ISO)

Rule Migration Cheat Sheet? Hayes, Bert (ISO) (Dec 22)

hermit

Re: Linux recommendations hermit (Nov 10)

infosec posts

Re: Rule 17494 infosec posts (Oct 02)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 27)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Using detection_filter instead of threshold infosec posts (Oct 28)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 infosec posts (Nov 03)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 infosec posts (Nov 03)

James Kaufman

Re: Snort 2.9.0.3 Now Available James Kaufman (Dec 29)

James Lay

Snort 2.9.0 DCE RPC error [SOLVED] and more James Lay (Oct 05)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more James Lay (Oct 05)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more James Lay (Oct 05)
Fine tuning Snort James Lay (Oct 07)
Re: Fine tuning Snort James Lay (Oct 07)
Re: Fine tuning Snort James Lay (Oct 08)
Re: Fine tuning Snort James Lay (Oct 08)
Re: Fine tuning Snort James Lay (Oct 08)
Re: Fine tuning Snort James Lay (Oct 08)
Re: Fine tuning Snort James Lay (Oct 09)
Re: 1:17239 False Positive James Lay (Oct 12)
Re: Oddness with 16295 James Lay (Nov 11)
Re: Snort not logging all alerts in pcap (was Oddness with 16295) James Lay (Nov 15)
New snort install ipvar issue James Lay (Dec 24)
Re: New snort install ipvar issue James Lay (Dec 24)
Re: New snort install ipvar issue James Lay (Dec 24)
Re: New snort install ipvar issue James Lay (Dec 24)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day James Lay (Dec 30)

James Thornton

Multiple Snort Instances - One Interface James Thornton (Oct 29)
Re: Multiple Snort Instances - One Interface James Thornton (Oct 29)

Jamie Riden

Re: Attack from .jp IPs Jamie Riden (Dec 07)
Re: [Emerging-Sigs] Attack from .jp IPs Jamie Riden (Dec 08)
Re: Snort.org has a new blog! Jamie Riden (Dec 14)

Jason Brvenik

Re: Snort 2.9.0 DCE RPC error [SOLVED] and more Jason Brvenik (Oct 05)
Re: Duplicate downloaded rules Jason Brvenik (Oct 19)
Re: Using detection_filter instead of threshold Jason Brvenik (Oct 27)
Re: Using detection_filter instead of threshold Jason Brvenik (Oct 28)
Re: OT: What tap would you recommend? Jason Brvenik (Nov 27)

Jason Haar

snort-2.9.0 on RHEL5 Jason Haar (Oct 08)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Jason Haar (Oct 21)
Re: Barnyard2 and multiple sensors Jason Haar (Oct 21)
Re: Snort 2.9.0.1 Now Available Jason Haar (Nov 02)
Re: Linux recommendations Jason Haar (Nov 09)
Re: symbol error with 2.9.1 Jason Haar (Nov 27)
symbol error with 2.9.1 Jason Haar (Nov 27)

Jason Wallace

snort-2.9.0 missing --enable-inline Jason Wallace (Oct 06)
Re: snort-2.9.0 missing --enable-inline Jason Wallace (Oct 06)
snort-2.9.0 prereqs Jason Wallace (Oct 12)
afpacket vs. NFQ Jason Wallace (Oct 12)
afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Oct 13)
Re: snort-2.9.0 prereqs Jason Wallace (Oct 14)
Re: afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Oct 16)
Re: afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Oct 19)
Re: Pulledpork next release? Jason Wallace (Oct 21)
snort-2.9.0 and libpcap Jason Wallace (Oct 21)
Re: afpacket DAQ - large "Outstanding" number/percent Jason Wallace (Nov 02)
Re: Starting Snort 2.9.0.1 Jason Wallace (Nov 04)
Re: [Emerging-Sigs] lots or rules loaded and snort performance Jason Wallace (Nov 06)
Re: Updating sid-msg.map Jason Wallace (Nov 18)
Re: Suggested pcre addition to 1:6251 Jason Wallace (Nov 27)
Re: [Emerging-Sigs] Attack from .jp IPs Jason Wallace (Dec 07)
Re: No bridging support with Daq? Jason Wallace (Dec 16)
Re: No bridging support with Daq? Jason Wallace (Dec 16)
Re: No bridging support with Daq? Jason Wallace (Dec 16)

Jefferson, Shawn

Rule 17494 Jefferson, Shawn (Oct 01)
Re: Rule 17494 Jefferson, Shawn (Oct 01)
Re: Snort and multiple logging Jefferson, Shawn (Oct 06)
Re: Fine tuning Snort Jefferson, Shawn (Oct 08)
Snort 2.8.6 performance Jefferson, Shawn (Oct 08)
Snort 2.9.0 DAQ with MMAP pcap? Jefferson, Shawn (Oct 08)
Re: Snort 2.8.6 performance Jefferson, Shawn (Oct 08)
Re: Snort 2.8.6 performance Jefferson, Shawn (Oct 08)
Pulledpork next release? Jefferson, Shawn (Oct 21)
Re: Pulledpork next release? Jefferson, Shawn (Oct 21)
Snort 2.9.0.1 Rules? Jefferson, Shawn (Nov 02)
Re: Snort recommendations Jefferson, Shawn (Nov 04)
Re: OT: What tap would you recommend? Jefferson, Shawn (Nov 05)
Re: Ourmon Jefferson, Shawn (Dec 08)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jefferson, Shawn (Dec 20)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jefferson, Shawn (Dec 21)
Re: Best practices for very high volume install.. Jefferson, Shawn (Dec 21)
Re: Best practices for very high volume install.. Jefferson, Shawn (Dec 21)

Jeff Kell

Re: Rule 17494 Jeff Kell (Oct 01)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Jeff Kell (Oct 20)

Jim Hranicky

flexresp3: Reset with TTL of 0 Jim Hranicky (Oct 26)
Re: flexresp3: Reset with TTL of 0 Jim Hranicky (Oct 26)
Re: Barnyard2 and multiple sensors Jim Hranicky (Oct 28)
Re: Barnyard2 and multiple sensors Jim Hranicky (Oct 29)
Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)
Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)

Jimmy Tharel

so_rule problem Jimmy Tharel (Oct 01)

JJC

Re: Rule 17494 JJC (Oct 01)
Re: Rule 17494 JJC (Oct 01)
Re: FP 17246 JJC (Oct 14)
Re: Reporting/stats from logs JJC (Oct 19)
Re: Reporting/stats from logs JJC (Oct 19)
Re: Barnyard2 and multiple sensors JJC (Oct 21)
Re: Pulledpork next release? JJC (Oct 21)
PulledPork 0.5.0 the Drowning Rat is now floating in the wild! JJC (Oct 21)
Re: 17494 Falsing on non IE6 systems JJC (Oct 27)
Re: Snort 2.9.0.1 Rules? JJC (Nov 02)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Nov 04)
Re: Snorby and Snort JJC (Nov 11)
Re: Snorby and Snort JJC (Nov 11)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Dec 10)
Re: snort SID 119-15 JJC (Dec 16)

JJ Cummings

Re: Disablesid not working JJ Cummings (Oct 14)
Re: !!Rolling back Snort rule files!! JJ Cummings (Oct 29)
Re: !!Rolling back Snort rule files!! JJ Cummings (Oct 29)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJ Cummings (Dec 12)

J. L. Cabral

Snort 2.9 versions to choose J. L. Cabral (Dec 20)
Re: Snort 2.9 versions to choose J. L. Cabral (Dec 20)
Snort with two instances J. L. Cabral (Dec 22)
Snort populates Mysql a lot J. L. Cabral (Dec 23)
Re: Snort populates Mysql a lot J. L. Cabral (Dec 23)
Get warnings in real-time J. L. Cabral (Dec 27)
Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 29)
Snort instance crashes J. L. Cabral (Dec 30)
Re: Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 30)
Re: Snort instance crashes J. L. Cabral (Dec 30)
Re: Snort populates Mysql a lot J. L. Cabral (Dec 30)

Joel Esler

Re: Rule 17494 Joel Esler (Oct 01)
Re: Rule 17494 Joel Esler (Oct 02)
Re: Snort 2.9.0 Now Available Joel Esler (Oct 04)
Re: snort website contact (was: Re: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder) Joel Esler (Oct 05)
Re: Fwd: daq/snort 2.9.0 on Solaris sparc ? Joel Esler (Oct 06)
Re: sfportscan not generating alerts or logs Joel Esler (Oct 06)
Re: Just Analyzing tcpdump files according to defined rules. Joel Esler (Oct 07)
Re: Best script to pre-load signature metadata into a database Joel Esler (Oct 07)
Re: Fine tuning Snort Joel Esler (Oct 08)
Re: Fine tuning Snort Joel Esler (Oct 09)
Re: FP's with sid:17239 - IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt Joel Esler (Oct 12)
Re: 1:17239 False Positive Joel Esler (Oct 12)
Re: 1:17239 False Positive Joel Esler (Oct 12)
Re: FP's with sid:17239 - IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt Joel Esler (Oct 12)
Re: FP 17246 Joel Esler (Oct 14)
Re: FP 17246 Joel Esler (Oct 14)
Re: Download issues? Joel Esler (Oct 15)
Re: FP 3:16663 Joel Esler (Oct 15)
Re: pcre high cpu usage Joel Esler (Oct 18)
Re: capturing on the wrong nic Joel Esler (Oct 19)
Re: Barnyard2 and multiple sensors Joel Esler (Oct 21)
Re: Pulledpork next release? Joel Esler (Oct 21)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: Possible FP 17363 Joel Esler (Oct 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: [Spam] Re: Possible FP 17363 Joel Esler (Oct 26)
Re: 17494 Falsing on non IE6 systems Joel Esler (Oct 27)
Re: 17494 Falsing on non IE6 systems Joel Esler (Oct 27)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Using detection_filter instead of threshold Joel Esler (Oct 27)
Re: Using detection_filter instead of threshold Joel Esler (Oct 28)
Re: Using detection_filter instead of threshold Joel Esler (Oct 28)
Re: Using detection_filter instead of threshold Joel Esler (Oct 28)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 28)
Re: URL to download VRT rules Joel Esler (Oct 28)
Re: URL to download VRT rules Joel Esler (Oct 28)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 29)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 29)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 29)
Re: !!Rolling back Snort rule files!! Joel Esler (Oct 29)
Re: !!Rolling back Snort rule files!! Joel Esler (Oct 29)
Re: HTTP Inspect and packet reassembly Joel Esler (Oct 31)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 Joel Esler (Nov 03)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 Joel Esler (Nov 03)
Snort.org was updated today, with new features! Joel Esler (Nov 03)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Joel Esler (Nov 04)
Re: Ddos? Joel Esler (Nov 05)
Re: Ddos? Joel Esler (Nov 05)
Re: Snorby and Snort Joel Esler (Nov 10)
Re: Oddness with 16295 Joel Esler (Nov 11)
Re: Host Attribute Table Question Joel Esler (Nov 11)
New OpenSource Community Manager Announcement Joel Esler (Nov 15)
Re: Updating sid-msg.map Joel Esler (Nov 16)
Re: Updating sid-msg.map Joel Esler (Nov 17)
Re: Oinkmaster downloads intermittently failing Joel Esler (Nov 26)
Re: Oinkmaster downloads intermittently failing Joel Esler (Nov 26)
Re: H-Snort / Hybrid Snort Joel Esler (Nov 26)
Re: OT: What tap would you recommend? Joel Esler (Nov 26)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 27)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 27)
Re: Dropped packets again Joel Esler (Nov 27)
Re: Oinkmaster downloads intermittently failing Joel Esler (Nov 27)
Re: [Emerging-Sigs] (no subject) Joel Esler (Nov 29)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 30)
Re: Issues with the Snort Manual (Patch) Joel Esler (Nov 30)
Snort 2.9.0.2 to be released Joel Esler (Dec 01)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 01)
Re: Snort 2.9.0.2 to be released Joel Esler (Dec 01)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 01)
Re: Snort as a Service on Ubuntu 9 Joel Esler (Dec 01)
Re: dropped packets in Perfmonitor Joel Esler (Dec 01)
Re: snort 2.8.6.1 frag3 policy linux Joel Esler (Dec 01)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 02)
Re: [Emerging-Sigs] Best way to achieve this. Joel Esler (Dec 03)
Re: dropped packets in Perfmonitor Joel Esler (Dec 03)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Joel Esler (Dec 03)
Re: SMTP content-type overflow rule question Joel Esler (Dec 03)
Re: Snort 2.9.0.2 to be released Joel Esler (Dec 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Joel Esler (Dec 05)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Joel Esler (Dec 05)
I need some opinions Joel Esler (Dec 06)
Re: I need some opinions Joel Esler (Dec 06)
Re: I need some opinions Joel Esler (Dec 06)
Re: I need some opinions Joel Esler (Dec 07)
Re: [Emerging-Sigs] Attack from .jp IPs Joel Esler (Dec 07)
Re: ERROR! daq_static library not found Joel Esler (Dec 07)
Housekeeping Joel Esler (Dec 08)
Re: Rate limiting alerts Joel Esler (Dec 09)
Re: How do I filter either Kiwi Syslog or Snort to stop this recurring Auth_Alert? Joel Esler (Dec 10)
Re: Binary File Processed Nicely but Alerts Not Showing Up in Kiwi Joel Esler (Dec 10)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Joel Esler (Dec 13)
Re: Zero Kiwi Log Output But SSL Preprocessor Finds 84 Server Application Alerts Joel Esler (Dec 13)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Joel Esler (Dec 14)
Re: Tagged packets alerts Joel Esler (Dec 14)
Snort.org has a new blog! Joel Esler (Dec 14)
Re: [Snort-devel] Snort.org has a new blog! Joel Esler (Dec 14)
Re: snort Port Based Pattern Matching Memory Joel Esler (Dec 14)
Re: snort Port Based Pattern Matching Memory Joel Esler (Dec 14)
Re: Snort.org has a new blog! Joel Esler (Dec 14)
Re: How do I automate reading multiple captures? Joel Esler (Dec 15)
Re: Snort 2.9 + Debian Joel Esler (Dec 16)
Re: Question regarding distances after a byte_jump... Joel Esler (Dec 17)
Re: congratulations to snort! for getting the sourceforge.net project of the month! Joel Esler (Dec 17)
Re: Question regarding distances after a byte_jump... Joel Esler (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Joel Esler (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Joel Esler (Dec 17)
Snort 2.9.0.3 is coming soon! Joel Esler (Dec 17)
Re: Snort 2.9.0.3 is coming soon! Joel Esler (Dec 17)
Re: Minor corrections to the 2.9.0.2 manual Joel Esler (Dec 17)
Re: Security Analogies Joel Esler (Dec 17)
Re: Undocumented parameters to the 'flow' option? Joel Esler (Dec 18)
Re: unclassified alerts Joel Esler (Dec 20)
Re: Snort 2.9 versions to choose Joel Esler (Dec 20)
Re: Rules for Snort 2.9.0.2 Joel Esler (Dec 20)
Re: Best practices for very high volume install.. Joel Esler (Dec 21)
Re: [PATCH]: Add "iis_encode" parameter to manual for http_encode Joel Esler (Dec 21)
Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 21)
Re: [PATCH]: Add "iis_encode" parameter to manual for http_encode Joel Esler (Dec 21)
Re: [PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joel Esler (Dec 21)
Re: snort prune open sessions Joel Esler (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 21)
Re: Undocumented parameters to the 'flow' option? Joel Esler (Dec 21)
Re: [PATCH]: Re-word uricontent's description a bit more in the manual Joel Esler (Dec 22)
Re: [PATCH]: Add missing semi-colons to manual for a few options Joel Esler (Dec 22)
Re: Snort CVSweb broke? Joel Esler (Dec 22)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Joel Esler (Dec 22)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
Re: Rule Migration Cheat Sheet? Joel Esler (Dec 22)
ATTN: Snort Package Maintainers! Joel Esler (Dec 22)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Joel Esler (Dec 22)
Re: Rule Migration Cheat Sheet? Joel Esler (Dec 22)
Re: Rule Migration Cheat Sheet? Joel Esler (Dec 22)
Re: Snort populates Mysql a lot Joel Esler (Dec 23)
Fwd: gen-msg.map missing entries for ssl preprocessor? Joel Esler (Dec 23)
Re: Snort populates Mysql a lot Joel Esler (Dec 23)
Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
Re: [Emerging-Sigs] New Classification System Proposal Joel Esler (Dec 23)
New Proposed Classification.config file setup Joel Esler (Dec 23)
Re: New Proposed Classification.config file setup Joel Esler (Dec 24)
Re: Snort 2.9.0.3 Now Available Joel Esler (Dec 28)
Re: Snort 2.9.0.3 Now Available Joel Esler (Dec 29)
Re: Patch to running Snort on Solaris 10 SPARC Joel Esler (Dec 29)
Re: [Emerging-Sigs] Multiple rule issues after upgrade Joel Esler (Dec 29)
Re: New snort.conf Joel Esler (Dec 29)
Re: New snort.conf Joel Esler (Dec 30)

Joe Pampel

Re: OT: What tap would you recommend? Joe Pampel (Nov 05)
Re: Best practices for very high volume install.. Joe Pampel (Dec 20)

John Forristel

sfPortscan logfilein 2.9.0 John Forristel (Oct 19)

John Gay

Re: New snort install ipvar issue John Gay (Dec 24)
Re: New snort install ipvar issue John Gay (Dec 24)
Re: New snort install ipvar issue John Gay (Dec 24)
Re: Disabling Snort signatures with Oinkmster John Gay (Dec 29)

John Hally

Re: OT: What tap would you recommend? John Hally (Nov 05)

José R . Cristo Almaguer

Snort 2.9.0 José R . Cristo Almaguer (Oct 08)
'compress_depth' José R . Cristo Almaguer (Oct 08)
Runing snort José R . Cristo Almaguer (Oct 08)
Starting Snort 2.9.0.1 José R . Cristo Almaguer (Nov 04)

Josh Little

Re: Fine tuning Snort Josh Little (Oct 08)
Re: False Positives on 1:17246 Josh Little (Oct 14)
Re: [Emerging-Sigs] Attack from .jp IPs Josh Little (Dec 08)

Joshua.Kinard

Ip_proto's 'lsrre' parameter Joshua.Kinard (Oct 18)
Re: Ip_proto's 'lsrre' parameter Joshua.Kinard (Oct 23)
Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 27)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 29)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 29)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Nov 30)
Re: Issues with the Snort Manual (Patch) Joshua.Kinard (Dec 09)
Minor corrections to the 2.9.0.2 manual Joshua.Kinard (Dec 14)
Re: Minor corrections to the 2.9.0.2 manual Joshua.Kinard (Dec 17)
Undocumented parameters to the 'flow' option? Joshua.Kinard (Dec 17)
[PATCH]: Add "iis_encode" parameter to manual for http_encode Joshua.Kinard (Dec 21)
[PATCH]: Change reserved bits in flags keyword to match RFC 3168 Joshua.Kinard (Dec 21)
Re: Undocumented parameters to the 'flow' option? Joshua.Kinard (Dec 21)
[PATCH]: Re-word uricontent's description a bit more in the manual Joshua.Kinard (Dec 21)
[PATCH]: Add missing semi-colons to manual for a few options Joshua.Kinard (Dec 21)
Snort CVSweb broke? Joshua.Kinard (Dec 21)
Re: New Proposed Classification.config file setup Joshua.Kinard (Dec 24)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Joshua.Kinard (Dec 27)

JS

Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified JS (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified JS (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified JS (Dec 17)

Jun Wan

pulledpork setup guide Jun Wan (Oct 25)
Re: Barnyard2 and multiple sensors Jun Wan (Oct 27)
Re: [Emerging-Sigs] Snort 2.9 compatibility with ET rules? Jun Wan (Oct 30)
Re: How o views snort log from mysql Jun Wan (Oct 30)
(no subject) Jun Wan (Nov 29)
ET rules in emerging.conf deactivated after updating via Oinkmaster&cron Jun Wan (Nov 29)
Re: ET rules in emerging.conf deactivated after updating via Oinkmaster&cron Jun Wan (Nov 30)
Re: [Emerging-Sigs] (no subject) Jun Wan (Nov 30)
issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 01)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 01)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 02)
Re: issues with Snort report 1.3&VRT rules&ET rules&threshold.conf Jun Wan (Dec 03)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 20)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 20)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 20)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Jun Wan (Dec 25)
too many Alerts (129:12:0)---more than 7000 alerts /per day Jun Wan (Dec 30)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day Jun Wan (Jan 01)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day Jun Wan (Jan 01)

Kelvie Wong

[RFC Feature PATCH]: 'drop' option for tagged packets. Kelvie Wong (Oct 25)
[PATCHES] Fixes for daq_nfq Kelvie Wong (Oct 25)
Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Nov 02)

Kevin Ross

Re: Linux recommendations Kevin Ross (Dec 08)
Re: Readers of the VRT blog Kevin Ross (Dec 08)
Re: Distributed Snort possibility? Kevin Ross (Dec 11)
Re: More packet drops Kevin Ross (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Kevin Ross (Dec 17)

Korodev

Re: Multiple Snort Instances - One Interface Korodev (Nov 11)

Kum Weng Luey

ERROR! daq_static library not found Kum Weng Luey (Dec 07)

Kungu Panda

max flowbits fatal errors Kungu Panda (Oct 07)
Re: max flowbits fatal errors Kungu Panda (Oct 07)
Tagged packets alerts Kungu Panda (Dec 14)
Re: Tagged packets alerts Kungu Panda (Dec 14)
gen-msg.map missing entries for ssl preprocessor? Kungu Panda (Dec 23)

L0rd Ch0de1m0rt

Re: Possible FP 12280? L0rd Ch0de1m0rt (Oct 22)
Re: [Spam] Re: Possible FP 17363 L0rd Ch0de1m0rt (Oct 26)
Re: 17494 Falsing on non IE6 systems L0rd Ch0de1m0rt (Oct 27)
Using detection_filter instead of threshold L0rd Ch0de1m0rt (Oct 27)
Re: Using detection_filter instead of threshold L0rd Ch0de1m0rt (Oct 27)
HTTP Inspect and packet reassembly L0rd Ch0de1m0rt (Oct 28)
Re: HTTP Inspect and packet reassembly L0rd Ch0de1m0rt (Oct 29)
Re: !!Rolling back Snort rule files!! L0rd Ch0de1m0rt (Oct 29)
Re: !!Rolling back Snort rule files!! L0rd Ch0de1m0rt (Oct 29)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 01)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 03)
Compiling snort without DAQ L0rd Ch0de1m0rt (Nov 03)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 04)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
Re: Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 08)
Re: [Snort-users] 2.9.0.1 performance issue L0rd Ch0de1m0rt (Nov 18)
Re: [Emerging-Sigs] Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. L0rd Ch0de1m0rt (Nov 30)
Question about the 'tag' keyword L0rd Ch0de1m0rt (Dec 04)
Re: I need some opinions L0rd Ch0de1m0rt (Dec 06)
Re: I need some opinions L0rd Ch0de1m0rt (Dec 06)
Attack from .jp IPs L0rd Ch0de1m0rt (Dec 07)
Re: [Emerging-Sigs] Multiple rule issues after upgrade L0rd Ch0de1m0rt (Dec 29)

Lai, Raymond

Unsubscribe Lai, Raymond (Oct 30)

Lawrence R. Hughes, Sr.

dropped packets in Perfmonitor Lawrence R. Hughes, Sr. (Dec 01)
snort 2.8.6.1 frag3 policy linux Lawrence R. Hughes, Sr. (Dec 01)
snort rule 128-6 reporting but no description at VRT Lawrence R. Hughes, Sr. (Dec 14)
snort Port Based Pattern Matching Memory Lawrence R. Hughes, Sr. (Dec 14)
Re: snort Port Based Pattern Matching Memory Lawrence R. Hughes, Sr. (Dec 14)
snort memory resident Lawrence R. Hughes, Sr. (Dec 15)
snort SID 119-15 Lawrence R. Hughes, Sr. (Dec 16)
snort stream5 small_segments x bytes x Lawrence R. Hughes, Sr. (Dec 16)
snort prune open sessions Lawrence R. Hughes, Sr. (Dec 21)
snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)
Re: snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)

Lay, James

FP 12634 Lay, James (Oct 12)
FP 17246 Lay, James (Oct 14)
Re: FP 17246 Lay, James (Oct 14)
Duplicate downloaded rules Lay, James (Oct 19)
Reporting/stats from logs Lay, James (Oct 19)
Re: Duplicate downloaded rules Lay, James (Oct 19)
Re: Duplicate downloaded rules Lay, James (Oct 19)
Re: Duplicate downloaded rules Lay, James (Oct 20)
FP 17154 Lay, James (Oct 20)
Possible FP 12280? Lay, James (Oct 22)
Possible 17154 FP? Lay, James (Oct 22)
Possible FP 17363 Lay, James (Oct 25)
Possible 16295 FP Lay, James (Oct 25)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: Possible FP 17363 Lay, James (Oct 26)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: [Spam] Re: Possible FP 17363 Lay, James (Oct 26)
Re: 17494 Falsing on non IE6 systems Lay, James (Oct 27)
Excessive Read Requests Lay, James (Nov 01)
Re: Excessive Read Requests Lay, James (Nov 01)
Re: [Spam] Re: Excessive Read Requests Lay, James (Nov 02)
FP 13628 Lay, James (Nov 09)
Proxy question Lay, James (Nov 09)
Oddness with 16295 Lay, James (Nov 10)
Re: Oddness with 16295 Lay, James (Nov 11)
Snort not logging all alerts in pcap (was Oddness with 16295) Lay, James (Nov 11)
Re: Updating sid-msg.map Lay, James (Nov 17)
Dropped packets again Lay, James (Nov 26)
Confusion on Protocol Mismatch Lay, James (Dec 10)
Re: Confusion on Protocol Mismatch Lay, James (Dec 10)
Re: How do I filter either Kiwi Syslog or Snort to stop this recurring Auth_Alert? Lay, James (Dec 10)
More packet drops Lay, James (Dec 15)
FATALs with snort-2.9.0.3 Lay, James (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
Re: Snort with two instances Lay, James (Dec 22)
Stream5 confusion Lay, James (Dec 28)
Re: Stream5 confusion Lay, James (Dec 28)
Duplicate sids (again) Lay, James (Dec 29)
Multiple rule issues after upgrade Lay, James (Dec 29)
Re: [Emerging-Sigs] Multiple rule issues after upgrade Lay, James (Dec 29)

Leon Ward

Re: dropped packets in Perfmonitor Leon Ward (Dec 03)
Re: Snort 2.9.0.3 Now Available Leon Ward (Dec 27)

ll

about the sfportscan ll (Dec 07)

Luis

Fwd: daq/snort 2.9.0 on Solaris sparc ? Luis (Oct 06)
daq/snort 2.9.0 on Solaris sparc ? Luis (Oct 06)
Fwd: daq/snort 2.9.0 on Solaris sparc ? Luis (Oct 06)

Luis Daniel Lucio Quiroz

Re: Snort 2.9.0 Now Available Luis Daniel Lucio Quiroz (Oct 11)

Marcos Rodriguez

Re: Snort 2.9.0 Now Available Marcos Rodriguez (Oct 04)
Re: Just Analyzing tcpdump files according to defined rules. Marcos Rodriguez (Oct 07)

Martin Holste

Re: [Emerging-Sigs] which SQL injection detection rule is best when considering performance, false-positive, real attack Martin Holste (Dec 08)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Martin Holste (Dec 26)
Re: [Emerging-Sigs] [Snort-devel] New Proposed Classification.config file setup Martin Holste (Dec 27)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Martin Holste (Dec 28)

Martin Roecker

(snort_decoder) WARNING: IP dgm len > captured len! Martin Roecker (Oct 12)
Re: (snort_decoder) WARNING: IP dgm len > captured len! Martin Roecker (Oct 12)

Martin Roesch

Re: Is Snort susceptible to AET's? Martin Roesch (Oct 20)
Re: Attack from .jp IPs Martin Roesch (Dec 07)
Re: New Proposed Classification.config file setup Martin Roesch (Dec 24)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Martin Roesch (Dec 27)

matan monitz

Re: HTTP Inspect and packet reassembly matan monitz (Oct 29)
possible fp on 17297 matan monitz (Nov 16)
Re: possible fp on 17297 matan monitz (Nov 18)
Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)

Matthew Jonkman

Re: Using detection_filter instead of threshold Matthew Jonkman (Oct 27)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Matthew Jonkman (Nov 03)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Matthew Jonkman (Nov 04)
Re: Are commas allowed in signature descriptions? Matthew Jonkman (Dec 17)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
Re: Best practices for very high volume install.. Matthew Jonkman (Dec 21)
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 22)
Re: [Emerging-Sigs] New Classification System Proposal Matthew Jonkman (Dec 23)
Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Matthew Jonkman (Dec 23)
Re: [Emerging-Sigs] Duplicate sids (again) Matthew Jonkman (Dec 29)
Re: [Emerging-Sigs] Multiple rule issues after upgrade Matthew Jonkman (Dec 29)

Matt Lenco

How do I filter either Kiwi Syslog or Snort to stop this recurring Auth_Alert? Matt Lenco (Dec 10)
Binary File Processed Nicely but Alerts Not Showing Up in Kiwi Matt Lenco (Dec 10)
Zero Kiwi Log Output But SSL Preprocessor Finds 84 Server Application Alerts Matt Lenco (Dec 13)
Re: Zero Kiwi Log Output But SSL Preprocessor Finds 84 Server Application Alerts Matt Lenco (Dec 13)
How do I automate reading multiple captures? Matt Lenco (Dec 15)
Error: Can't Initialize DAQ pcap (-1) bad dump file format Matt Lenco (Dec 20)
-pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Re: -pcap-dir=c:\Network_Device_Logs -pcap-show isn't working, hangs at "commencing packet processing" Matt Lenco (Dec 21)
Analyzing SNORT output and Alerts in Kiwi Syslog Matt Lenco (Dec 22)
HTTP Headers Not Seen in SNORT Post-Processing Logs Though HTTP 443 is Exploited Matt Lenco (Dec 23)

Matt Olney

Re: Snort 2.8.6 performance Matt Olney (Oct 08)
Re: HTTP Inspect and packet reassembly Matt Olney (Oct 29)
Re: HTTP Inspect and packet reassembly Matt Olney (Oct 29)
Re: [Snort-users] 2.9.0.1 performance issue Matt Olney (Nov 18)
Re: Attack from .jp IPs Matt Olney (Dec 07)

Matt Watchinski

Re: gen-msg.map missing entries for ssl preprocessor? Matt Watchinski (Dec 23)
Re: Snort populates Mysql a lot Matt Watchinski (Dec 23)
Re: too many Alerts (129:12:0)---more than 7000 alerts /per day Matt Watchinski (Dec 30)

McGee.Tami

Unsubscribe Tami.McGee () ftb ca gov McGee.Tami (Dec 29)

Michael Altizer

Re: snort-2.9.0 on RHEL5 Michael Altizer (Oct 08)
Re: Snort 2.9.0 Now Available Michael Altizer (Oct 08)
Re: afpacket DAQ - large "Outstanding" number/percent Michael Altizer (Oct 15)
Re: afpacket DAQ - large "Outstanding" number/percent Michael Altizer (Oct 19)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 19)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 20)
Re: snort-2.9.0 and libpcap Michael Altizer (Oct 21)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 22)
[PATCH] Add TX_RING support to AFPacket DAQ module Michael Altizer (Nov 03)

Michael Green

Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Michael Green (Oct 04)

Michael Lubinski

unclassified alerts Michael Lubinski (Dec 19)

Michael Steele

Re: Binary File Processed Nicely but Alerts Not Showing Up in Kiwi Michael Steele (Dec 11)

Miguel Alvarez

Snort 2.9.0.0 segfaulting Miguel Alvarez (Oct 18)
OT: What tap would you recommend? Miguel Alvarez (Nov 05)

Mike Cox

Re: [Emerging-Sigs] Attack from .jp IPs Mike Cox (Dec 07)

Mike Guiterman

RSVP for a Snort Community Pig Roast - November 12, 2010 Mike Guiterman (Oct 26)
Re: RSVP for a Snort Community Pig Roast - November 12, 2010 Mike Guiterman (Oct 26)

Mike Kun

Re: Snort and multiple logging Mike Kun (Oct 06)
Disablesid not working Mike Kun (Oct 14)
Rate limiting alerts Mike Kun (Dec 09)

Mike Lococo

Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Mike Lococo (Oct 04)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Mike Lococo (Oct 05)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Mike Lococo (Oct 20)
Re: Barnyard2 and multiple sensors Mike Lococo (Oct 21)
Re: Barnyard2 and multiple sensors Mike Lococo (Oct 31)
Re: Snort 2.9.0.1 Now Available Mike Lococo (Nov 01)
Re: Snort 2.9.0.1 Now Available Mike Lococo (Nov 02)
Re: Snort 2.9.0.1 Now Available Mike Lococo (Nov 02)
DAQ and libpcap 1.1.1 vs 1.0.0 Mike Lococo (Nov 05)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Mike Lococo (Nov 08)
Re: Readers of the VRT blog Mike Lococo (Dec 08)
Re: Snort with two instances Mike Lococo (Dec 24)

Miso Patel

!!Rolling back Snort rule files!! Miso Patel (Oct 29)
Re: !!Rolling back Snort rule files!! Miso Patel (Oct 29)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Miso Patel (Nov 03)
Re: [Emerging-Sigs] Attack from .jp IPs Miso Patel (Dec 07)

NA

No bridging support with Daq? NA (Dec 16)
Re: No bridging support with Daq? NA (Dec 16)
Re: No bridging support with Daq? NA (Dec 17)

Nerijus Krukauskas

Re: Just Analyzing tcpdump files according to defined rules. Nerijus Krukauskas (Oct 07)
Re: daq_static error on snort build Nerijus Krukauskas (Oct 08)
Re: Holy Crap Nerijus Krukauskas (Oct 15)

Nick Moore

Re: Snort and multiple logging Nick Moore (Oct 06)
Re: How o views snort log from mysql Nick Moore (Oct 30)
Re: Snort 2.9 + Debian Nick Moore (Dec 16)

Nigel Houghton

Re: so_rule problem Nigel Houghton (Oct 01)
Re: so_rule problem Nigel Houghton (Oct 01)
Re: rules update schedule (was: Re: so_rule problem) Nigel Houghton (Oct 01)
EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 04)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 05)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 05)
Re: [Snort-users] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Nigel Houghton (Oct 05)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more Nigel Houghton (Oct 05)
Re: [Snort-sigs] snort website contact (was: Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder) Nigel Houghton (Oct 05)
Re: FP 17246 Nigel Houghton (Oct 14)
Re: False Positives on 1:17246 Nigel Houghton (Oct 14)
Re: FP 17246 Nigel Houghton (Oct 14)
Re: FP 17246 Nigel Houghton (Oct 14)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 Nigel Houghton (Nov 03)
Re: Ddos? Nigel Houghton (Nov 05)
Re: FP 13628 Nigel Houghton (Nov 09)
Re: Updating sid-msg.map Nigel Houghton (Nov 16)
Changes in the latest rule packs Nigel Houghton (Dec 03)
Readers of the VRT blog Nigel Houghton (Dec 03)
Re: New Sig Doc is one giant file? Nigel Houghton (Dec 06)
Re: New Sig Doc is one giant file? Nigel Houghton (Dec 07)
Re: snort SID 119-15 Nigel Houghton (Dec 16)

Olivier Bilodeau

Snort 2.9.0 packages for RHEL? Olivier Bilodeau (Oct 18)

Patrick Mullen

Re: [PATCH] so_rules/src/Makefile Patrick Mullen (Oct 07)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-18 Patrick Mullen (Nov 18)

Paul Halliday

SQueRT 0.6 Released. Paul Halliday (Oct 15)
Re: Any BASE honchos here? Paul Halliday (Nov 10)
Re: OT: What tap would you recommend? Paul Halliday (Nov 27)
Are commas allowed in signature descriptions? Paul Halliday (Dec 08)
Re: [Emerging-Sigs] New Classification System Proposal Paul Halliday (Dec 23)
SQueRT 0.7b Released. Paul Halliday (Dec 24)

Pedro Marinho

lots or rules loaded and snort performance Pedro Marinho (Nov 05)
Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)
Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)

Pradeep Lamabam

payload logging, barnyard2 Pradeep Lamabam (Oct 29)
unified2 processing Pradeep Lamabam (Nov 27)

Ralf Spenneberg

Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 19)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 19)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Ralf Spenneberg (Oct 22)

Randal T. Rioux

Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder Randal T. Rioux (Oct 05)
DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 Randal T. Rioux (Oct 10)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 Randal T. Rioux (Oct 11)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 [solved] Randal T. Rioux (Oct 13)
Re: afpacket DAQ - large "Outstanding" number/percent Randal T. Rioux (Oct 14)
Holy Crap Randal T. Rioux (Oct 15)
OpenBSD 4.7 / Snort 2.9 -- libsf_engine.so missing Randal T. Rioux (Oct 15)
Re: I'm tired from snort!! Randal T. Rioux (Oct 26)
Re: RSVP for a Snort Community Pig Roast - November 12, 2010 Randal T. Rioux (Oct 26)
Re: Snort 2.9.0.1 Now Available Randal T. Rioux (Nov 04)
Re: Linux recommendations Randal T. Rioux (Nov 10)
Re: OT: What tap would you recommend? Randal T. Rioux (Nov 27)
Re: Off-topic - VRT Blog, "Rise of citizen cyberwarrior", criticism of the security efforts by the government. Randal T. Rioux (Nov 30)
Re: Snort 2.9.0.2 to be released Randal T. Rioux (Dec 01)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 05)
Re: Snort 2.9.0.2 to be released Randal T. Rioux (Dec 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 12)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 12)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassifiede Randal T. Rioux (Dec 20)
Re: [Emerging-Sigs] New Classification System Proposal Randal T. Rioux (Dec 23)
AIX Snort / libdnet Update Randal T. Rioux (Dec 26)
Re: Unsubscribe Tami.McGee () ftb ca gov Randal T. Rioux (Dec 29)
Re: Unsubscribe Tami.McGee () ftb ca gov Randal T. Rioux (Dec 30)

Ray Caparros

Re: How o views snort log from mysql Ray Caparros (Oct 30)
Re: How o views snort log from mysql Ray Caparros (Oct 30)
Re: OT: What tap would you recommend? Ray Caparros (Nov 06)

Research

Sourcefire VRT Certified Snort Rules Update 2010-10-05 Research (Oct 05)
Sourcefire VRT Certified Snort Rules Update 2010-10-12 Research (Oct 12)
Sourcefire VRT Certified Snort Rules Update 2010-10-26 Research (Oct 26)
Sourcefire VRT Certified Snort Rules Update 2010-10-28 Research (Oct 28)
Sourcefire VRT Certified Snort Rules Update 2010-11-02 Research (Nov 02)
Sourcefire VRT Certified Snort Rules Update 2010-11-02 Research (Nov 02)
Sourcefire VRT Certified Snort Rules Update 2010-11-04 Research (Nov 04)
Sourcefire VRT Certified Snort Rules Update 2010-11-09 Research (Nov 09)
Sourcefire VRT Certified Snort Rules Update 2010-11-18 Research (Nov 18)
Sourcefire VRT Certified Snort Rules Update 2010-11-18 Research (Nov 18)
Sourcefire VRT Certified Snort Rules Update 2010-11-23 Research (Nov 27)
Sourcefire VRT Certified Snort Rules Update 2010-12-02 Research (Dec 02)
Sourcefire VRT Certified Snort Rules Update 2010-12-09 Research (Dec 09)
Sourcefire VRT Certified Snort Rules Update 2010-12-14 Research (Dec 14)
Sourcefire VRT Certified Snort Rules Update 2010-12-20 Research (Dec 20)
Sourcefire VRT Certified Snort Rules Update 2010-12-22 Research (Dec 22)

Richard Bejtlich

Re: Snort recommendations Richard Bejtlich (Nov 07)
Re: Any BASE honchos here? Richard Bejtlich (Nov 10)
Re: Readers of the VRT blog Richard Bejtlich (Dec 03)

Richard Tyrrell

Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Oct 29)
Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Dec 14)

Rich Graves

Re: Snort 2.9, RHEL 5 and afpacket DAQ Rich Graves (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Rich Graves (Oct 20)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Rich Graves (Oct 21)
Re: Snort 2.9.0.1 Now Available Rich Graves (Nov 02)
Snort 2.9, barnyard2, and unknown record types Rich Graves (Nov 02)
Re: SMTP content-type overflow rule question Rich Graves (Dec 04)

rmkml

Re: FP 17246 rmkml (Oct 14)
Re: Possible FP 17363 rmkml (Oct 25)
Re: Possible 16295 FP rmkml (Oct 25)
Re: FP 17363 rmkml (Oct 29)
Re: FP on 17468 rmkml (Nov 03)
Re: FP on 17468 rmkml (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems rmkml (Nov 05)
Re: FP 13628 rmkml (Nov 09)
Re: Oddness with 16295 rmkml (Nov 10)
Re: Snort not logging all alerts in pcap (was Oddness with 16295) rmkml (Nov 13)
Re: possible fp on 17297 rmkml (Nov 16)
Re: Dropped packets again rmkml (Nov 27)
Re: Suggested pcre addition to 1:6251 rmkml (Nov 27)

Rob MacGregor

Re: OT: What tap would you recommend? Rob MacGregor (Nov 05)
Re: Unsubscribe Tami.McGee () ftb ca gov Rob MacGregor (Dec 29)

Ropetin Again

Re: OT: What tap would you recommend? Ropetin Again (Nov 05)

Ross Lawrie

Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Dec 06)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Dec 10)

Russ Combs

Re: Snort 2.9.0 Now Available Russ Combs (Oct 04)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
Re: compiling daq in old custom environment... Russ Combs (Oct 05)
Re: snort-2.9.0 missing --enable-inline Russ Combs (Oct 06)
Re: snort-2.9.0 missing --enable-inline Russ Combs (Oct 06)
Re: snort-2.9.0 missing --enable-inline Russ Combs (Oct 06)
Re: daq/snort 2.9.0 on Solaris sparc ? Russ Combs (Oct 06)
Re: problem with Flexresp3 Russ Combs (Oct 07)
Re: max flowbits fatal errors Russ Combs (Oct 07)
Re: daq_static error on snort build Russ Combs (Oct 07)
Re: Snort 2.9.0 DAQ with MMAP pcap? Russ Combs (Oct 08)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 Russ Combs (Oct 10)
Re: Building a host attribute table? Russ Combs (Oct 14)
Re: DAQ w/ Snort 2.9 on OpenBSD 4.7 AMD64 [solved] Russ Combs (Oct 14)
Re: snort-2.9.0 prereqs Russ Combs (Oct 14)
Re: max flowbits fatal errors Russ Combs (Oct 14)
Re: OpenBSD 4.7 / Snort 2.9 -- libsf_engine.so missing Russ Combs (Oct 15)
Re: Snort 2.9.0.0 segfaulting Russ Combs (Oct 18)
Re: Snort 2.9, RHEL 5 and afpacket DAQ Russ Combs (Oct 18)
Re: capturing on the wrong nic Russ Combs (Oct 19)
Re: Snort 2.9.0 ipvar unknown rule type Russ Combs (Oct 19)
Re: Snort 2.9.0 ipvar unknown rule type Russ Combs (Oct 19)
Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Russ Combs (Oct 20)
Re: Error in encode.c in Snort 2.9.0 on Ubuntu 10.04.1 LST Russ Combs (Oct 25)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Oct 25)
Re: Snort 2.9.0.0 segfaulting [SEC=UNCLASSIFIED] Russ Combs (Oct 25)
Re: upgrade question Russ Combs (Oct 26)
Re: flexresp3: Reset with TTL of 0 Russ Combs (Oct 26)
Re: Installation problem Russ Combs (Oct 27)
Re: PATCH: more compact ac-bnfa trans list Russ Combs (Oct 27)
Re: Excessive Read Requests Russ Combs (Nov 01)
Re: Excessive Read Requests Russ Combs (Nov 01)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Nov 02)
Re: Using SNORT inline Russ Combs (Nov 02)
Re: Compiling snort without DAQ Russ Combs (Nov 03)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Russ Combs (Nov 03)
Re: Snort 2.9.0 ipvar unknown rule type Russ Combs (Nov 03)
Re: (snort_decoder) WARNING: IP dgm len > captured len! Russ Combs (Nov 03)
Re: [Emerging-Sigs] Snort 2.9.0.1 Now Available Russ Combs (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 Russ Combs (Nov 04)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 05)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 05)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Russ Combs (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Russ Combs (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 Russ Combs (Nov 08)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 08)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 09)
Re: Snort 2.9.0.1 Now Available Russ Combs (Nov 09)
Re: Libpcap shipped with RHEL6 GA Russ Combs (Nov 15)
Re: 2.9.0.1 performance issue Russ Combs (Nov 18)
Re: [Snort-users] 2.9.0.1 performance issue Russ Combs (Nov 18)
Re: symbol error with 2.9.1 Russ Combs (Nov 26)
Re: symbol error with 2.9.1 Russ Combs (Nov 27)
Re: Snort has different IPs than Wireshark Russ Combs (Nov 30)
Re: snort 2.9.0.2 packages for RHEL5.x Russ Combs (Dec 03)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 03)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 06)
Re: Snort 2.9.0.2 to be released Russ Combs (Dec 06)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 06)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Dec 09)
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 10)
Re: IPv6 Teredo tunneling crashing snort? Russ Combs (Dec 13)
Re: Snort 2.9 + Debian Russ Combs (Dec 16)
Re: No bridging support with Daq? Russ Combs (Dec 16)
Re: No bridging support with Daq? Russ Combs (Dec 16)
Re: No bridging support with Daq? Russ Combs (Dec 16)
Re: [PATCH 1/1] daq_nfq: fix cfg->timeout usage and remove extra select call Russ Combs (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Russ Combs (Dec 17)
Re: Snort 2.9.0.2 / barnyard2 / base 1.4.5 signature not displayed and is unclassified Russ Combs (Dec 17)

Russell Fulton

Barnyard2 and multiple sensors Russell Fulton (Oct 21)
Re: Barnyard2 and multiple sensors Russell Fulton (Oct 21)
Re: Barnyard2 and multiple sensors Russell Fulton (Oct 21)
Re: Barnyard2 and multiple sensors Russell Fulton (Oct 29)
barnyard2 and bpf filters Russell Fulton (Nov 03)
Re: Readers of the VRT blog Russell Fulton (Dec 06)

Ryan Jordan

Re: Snort 2.9.0 packages for RHEL? Ryan Jordan (Oct 18)
Re: Issues with the Snort Manual (Patch) Ryan Jordan (Dec 08)
Re: Confusion on Protocol Mismatch Ryan Jordan (Dec 10)
Re: IPv6 Teredo tunneling crashing snort? Ryan Jordan (Dec 13)
Re: snort rule 128-6 reporting but no description at VRT Ryan Jordan (Dec 14)
Re: Minor corrections to the 2.9.0.2 manual Ryan Jordan (Dec 16)
Re: No bridging support with Daq? Ryan Jordan (Dec 17)
Re: No bridging support with Daq? Ryan Jordan (Dec 17)
Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)
Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)

Salahudin Wan Khairuzzaman

Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 02)
Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 02)
Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 09)
Re: Snort preprocessor perfmonitor Salahudin Wan Khairuzzaman (Dec 09)

Sandro guly Zaccarini

Re: Readers of the VRT blog Sandro guly Zaccarini (Dec 06)
Re: [Emerging-Sigs] Attack from .jp IPs Sandro guly Zaccarini (Dec 07)
Re: snort SID 119-15 Sandro guly Zaccarini (Dec 16)

ScottO

Re: Fine tuning Snort ScottO (Oct 08)
Re: payload logging, barnyard2 ScottO (Oct 29)

Seth Hall

Re: Snort 2.9, barnyard2, and unknown record types Seth Hall (Nov 03)

Snort Releases

Snort 2.9.0 Now Available Snort Releases (Oct 04)
Snort 2.9.0 Now Available Snort Releases (Oct 04)
Snort 2.9.0.1 Now Available Snort Releases (Nov 01)
Snort 2.9.0.1 Now Available Snort Releases (Nov 01)
Snort 2.9.0.2 Now Available Snort Releases (Dec 01)
Snort 2.9.0.2 Now Available Snort Releases (Dec 01)
Snort 2.9.0.3 Now Available Snort Releases (Dec 20)
Snort 2.9.0.3 Now Available Snort Releases (Dec 20)

snort user

orig_tcph in Packet structure snort user (Nov 19)

Stephan

Patch to running Snort on Solaris 10 SPARC Stephan (Dec 29)

Steve McChortle

Disabling GID3 rules Steve McChortle (Nov 03)
Re: [Emerging-Sigs] Attack from .jp IPs Steve McChortle (Dec 07)

Steven Sturges

Re: daq/snort 2.9.0 on Solaris sparc ? Steven Sturges (Oct 06)
Re: Anyones doomsday machine running low on IDS analyst tears? Steven Sturges (Oct 07)
Re: Ip_proto's 'lsrre' parameter Steven Sturges (Oct 21)
Re: Ip_proto's 'lsrre' parameter Steven Sturges (Oct 26)
Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 02)
Re: Snort 2.9.0.1 Now Available Steven Sturges (Nov 08)
Re: orig_tcph in Packet structure Steven Sturges (Nov 19)

Sujit Ghosal

Re: Issue while detecting patterns in a simple HTTP Page [Web client based] Sujit Ghosal (Nov 22)
Issue while detecting patterns in a simple HTTP Page [Web client based] Sujit Ghosal (Nov 22)
Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 05)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 13)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 14)
Re: Snort doesn't trigger while the payload size is big (even for ~4-5KB files) Sujit Ghosal (Dec 14)

Terry Burton

[PATCH] so_rules/src/Makefile Terry Burton (Oct 05)

tgiles

daq_static error on snort build tgiles (Oct 07)
Re: daq_static error on snort build tgiles (Oct 08)

Tica

problem with Flexresp3 Tica (Oct 07)

Tomas Heredia

Re: Rule 17494 Tomas Heredia (Oct 01)
pcre high cpu usage Tomas Heredia (Oct 18)
Re: pcre high cpu usage Tomas Heredia (Oct 18)
Re: pcre high cpu usage Tomas Heredia (Oct 19)
Re: pcre high cpu usage Tomas Heredia (Oct 19)
Re: pcre high cpu usage Tomas Heredia (Oct 19)
PCRE Offloading Tomas Heredia (Oct 19)

Tom Le

Re: [Emerging-Sigs] Attack from .jp IPs Tom Le (Dec 08)

turki

Distributed Snort possibility? turki (Dec 11)

Ufi

IPv6 Teredo tunneling crashing snort? Ufi (Dec 13)
Re: IPv6 Teredo tunneling crashing snort? Ufi (Dec 13)

Victor Julien

Re: [Snort-sigs] [Emerging-Sigs] New Classification System Proposal Victor Julien (Dec 23)

vincent

snort 2.9.0.1 packages for RHEL5.x vincent (Nov 04)
Re: snort 2.9.0.1 packages for RHEL5.x vincent (Nov 04)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 04)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 06)
Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 08)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 09)
Re: DAQ and libpcap 1.1.1 vs 1.0.0 vincent (Nov 09)
Re: Libpcap shipped with RHEL6 GA vincent (Nov 13)
snort 2.9.0.2 packages for RHEL5.x vincent (Dec 03)
Re: Snort libmysql error vincent (Dec 15)
Re: Snort libmysql error vincent (Dec 15)
Re: Snort 2.9.0.3 Now Available vincent (Dec 21)
Re: Snort 2.9.0.3 Now Available vincent (Dec 26)
Re: Snort 2.9.0.3 Now Available vincent (Dec 27)
Re: Snort 2.9.0.3 Now Available vincent (Dec 28)
Re: Snort 2.9.0.3 Now Available vincent (Dec 29)

vishesh kumar

Installation problem vishesh kumar (Oct 27)
Re: Installation problem vishesh kumar (Oct 27)
Re: Installation problem vishesh kumar (Oct 27)
Re: Installation problem vishesh kumar (Oct 28)
Re: Installation problem vishesh kumar (Oct 30)
How o views snort log from mysql vishesh kumar (Oct 30)
Re: How o views snort log from mysql vishesh kumar (Oct 30)

waldo kitty

Re: so_rule problem waldo kitty (Oct 01)
rules update schedule (was: Re: so_rule problem) waldo kitty (Oct 01)
Re: Rule 17494 waldo kitty (Oct 01)
Re: Rule 17494 waldo kitty (Oct 01)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
Re: [Snort-users] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder waldo kitty (Oct 05)
Re: EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder waldo kitty (Oct 05)
Re: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder waldo kitty (Oct 05)
snort website contact (was: Re: [Snort-sigs] EOL for Snort 2.8.5.3 and Snort 2.8.6.0 rules reminder) waldo kitty (Oct 05)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
Re: [Snort-sigs] snort website contact waldo kitty (Oct 05)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more waldo kitty (Oct 05)
Re: Snort 2.9.0 DCE RPC error [SOLVED] and more waldo kitty (Oct 05)
Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
compiling daq in old custom environment... waldo kitty (Oct 05)
Re: compiling daq in old custom environment... waldo kitty (Oct 05)
Re: compiling daq in old custom environment... waldo kitty (Oct 05)
Re: compiling daq in old custom environment... waldo kitty (Oct 05)
Re: Just Analyzing tcpdump files according to defined rules. waldo kitty (Oct 07)
Re: Just Analyzing tcpdump files according to defined rules. waldo kitty (Oct 07)
Re: Fine tuning Snort waldo kitty (Oct 07)
Re: Fine tuning Snort waldo kitty (Oct 08)
Re: snort-2.9.0 on RHEL5 waldo kitty (Oct 08)
Re: Fine tuning Snort waldo kitty (Oct 08)
PSNG_ICMP_PORTSWEEP waldo kitty (Oct 08)
Re: Snort 2.8.6 performance waldo kitty (Oct 08)
Re: 1:17239 False Positive waldo kitty (Oct 12)
FP 3:16663 waldo kitty (Oct 14)
Re: Snort 2.9.0 ipvar unknown rule type waldo kitty (Oct 20)
FP 17363 waldo kitty (Oct 29)
Re: FP 17363 waldo kitty (Oct 29)
Re: !!Rolling back Snort rule files!! waldo kitty (Oct 29)
Re: !!Rolling back Snort rule files!! waldo kitty (Oct 29)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available waldo kitty (Nov 04)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available waldo kitty (Nov 04)
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available waldo kitty (Nov 04)
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02 waldo kitty (Nov 04)
Re: Linux recommendations waldo kitty (Nov 10)
Re: Updating sid-msg.map waldo kitty (Nov 17)
Re: Updating sid-msg.map waldo kitty (Nov 17)
Re: Updating sid-msg.map waldo kitty (Nov 18)
Re: Issue while detecting patterns in a simple HTTP Page [Web client based] waldo kitty (Nov 22)
Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 30)
Re: [Emerging-Sigs] (no subject) waldo kitty (Dec 01)
Re: I need some opinions waldo kitty (Dec 07)
Re: about the sfportscan waldo kitty (Dec 07)
Re: Are commas allowed in signature descriptions? waldo kitty (Dec 09)
congratulations to snort! for getting the sourceforge.net project of the month! waldo kitty (Dec 16)
Re: Snort 2.9.0.3 Now Available waldo kitty (Dec 26)
Re: Snort 2.9.0.3 Now Available waldo kitty (Dec 28)
Re: Disabling Snort signatures with Oinkmster waldo kitty (Dec 31)

Weir, Jason

Re: FP 12634 Weir, Jason (Oct 12)
Re: FP 12634 Weir, Jason (Oct 13)
Any plans to update 11951? Weir, Jason (Oct 13)
Re: FP 17246 Weir, Jason (Oct 14)
Re: FP 17246 Weir, Jason (Oct 14)
Re: FP 17246 Weir, Jason (Oct 14)
Re: FP 17246 Weir, Jason (Oct 14)
FP on 5803 Weir, Jason (Oct 14)
Re: FP 17246 Weir, Jason (Oct 14)
Download issues? Weir, Jason (Oct 15)
Re: Duplicate downloaded rules Weir, Jason (Oct 19)
Re: Duplicate downloaded rules Weir, Jason (Oct 19)
Re: Duplicate downloaded rules Weir, Jason (Oct 19)
Re: SID Identification Weir, Jason (Oct 19)
Re: Possible FP 17363 Weir, Jason (Oct 26)
Will this work - negated hosts? Weir, Jason (Oct 26)
Re: Possible FP 17363 Weir, Jason (Oct 26)
Re: Will this work - negated hosts? Weir, Jason (Oct 26)
Re: [Spam] Re: Possible FP 17363 Weir, Jason (Oct 26)
Re: Will this work - negated hosts? Weir, Jason (Oct 26)
17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Oct 27)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: URL to download VRT rules Weir, Jason (Oct 28)
Re: !!Rolling back Snort rule files!! Weir, Jason (Oct 29)
Re: !!Rolling back Snort rule files!! Weir, Jason (Oct 29)
Re: URL to download VRT rules Weir, Jason (Oct 29)
Re: 17494 Falsing on non IE6 systems Weir, Jason (Nov 01)
FP on 17468 Weir, Jason (Nov 03)
Re: FP on 17468 Weir, Jason (Nov 04)
Ddos? Weir, Jason (Nov 05)
Re: Ddos? Weir, Jason (Nov 05)
Re: Linux recommendations Weir, Jason (Nov 09)
Re: Oinkmaster downloads intermittently failing Weir, Jason (Nov 26)
Re: Oinkmaster downloads intermittently failing Weir, Jason (Nov 26)
Oinkmaster downloads intermittently failing Weir, Jason (Nov 27)
Re: Confusion on Protocol Mismatch Weir, Jason (Dec 10)
Re: Best practices for very high volume install.. Weir, Jason (Dec 21)
Re: [Emerging-Sigs] Duplicate sids (again) Weir, Jason (Dec 29)
Re: Disabling Snort signatures with Oinkmster Weir, Jason (Dec 29)

Will Metcalf

Re: Snort Inline As an IPS Will Metcalf (Oct 01)
Re: Snort Inline As an IPS Will Metcalf (Oct 01)
Anyones doomsday machine running low on IDS analyst tears? Will Metcalf (Oct 06)
Re: Anyones doomsday machine running low on IDS analyst tears? Will Metcalf (Oct 06)
Re: Anyones doomsday machine running low on IDS analyst tears? Will Metcalf (Oct 07)
GPL sid 2472 optimization. Will Metcalf (Oct 11)
Re: afpacket vs. NFQ Will Metcalf (Oct 12)
One of the 2483 unnamed Interocitor parts... Will Metcalf (Oct 15)
Bug with file_data pointer being set in 2.9.0? Will Metcalf (Oct 22)
Re: Bug with file_data pointer being set in 2.9.0? Will Metcalf (Oct 22)
Re: ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) Will Metcalf (Oct 22)
Re: Bug with file_data pointer being set in 2.9.0? Will Metcalf (Oct 28)
Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
Re: Multiple Snort Instances - One Interface Will Metcalf (Nov 01)

Wil Schultz

Best practices for very high volume install.. Wil Schultz (Dec 20)

Yun Zheng Hu

Re: HTTP Inspect and packet reassembly Yun Zheng Hu (Oct 28)
Re: HTTP Inspect and packet reassembly Yun Zheng Hu (Oct 29)
Snort IPv6 database schema Yun Zheng Hu (Nov 02)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault