Snort: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

1399 messages starting Jan 25 11 and ending Mar 17 11
Date index | Thread index | Author index

ab1197590 () gmail com

Re: Snort rule syntax to match multiple itypes that are NOT consecutive ab1197590 () gmail com (Jan 25)
Re: Showing dump of only matched paquets. ab1197590 () gmail com (Mar 22)
Snort rule syntax to match multiple itypes that are NOT consecutive ab1197590 () gmail com (Jan 21)
Re: Showing dump of only matched paquets. ab1197590 () gmail com (Mar 22)

AD

Archive of snort-users in mbox or maildir format AD (Feb 24)

Agus

Re: switch port as network tap? Agus (Feb 15)

Agustin Roca

Re: barnyard patches? http://colin.grady.us/ offline ? Agustin Roca (Mar 31)

Ahmed Qaisi

Multi Snort Clients Ahmed Qaisi (Jan 27)
Re: Multi Snort Clients Ahmed Qaisi (Jan 27)

Alan Ptak

Re: (no subject) Alan Ptak (Mar 02)
Re: (no subject) Alan Ptak (Mar 02)
Download latest source for barnyard2 (securixlive.com is down) Alan Ptak (Feb 02)
Re: Snort Make Error Alan Ptak (Jan 15)
Re: oinkmaster and so rules.. FAQ broken? Alan Ptak (Feb 09)
Re: oinkmaster and so rules.. FAQ broken? Alan Ptak (Feb 08)
Re: Pattern Matcher Performance (config detection) Alan Ptak (Feb 24)
Re: pulled pork error Alan Ptak (Feb 12)

Alex Kirk

Re: Unknown class type Alex Kirk (Feb 07)
Re: snort rule tuning and weeding out false positives Alex Kirk (Mar 17)
Re: searching for " in content Alex Kirk (Jan 10)
Re: masses of FPs with 2.9.0.2 "NETBIOS Windows .* dll" rules Alex Kirk (Jan 25)
Re: FP on 5803 Alex Kirk (Feb 17)
Re: does snort pick up lthe izamoon attack? Alex Kirk (Mar 31)
Re: Snort rule syntax to match multiple itypes that are NOT consecutive Alex Kirk (Jan 25)
Re: Snort rule syntax to match multiple itypes that are NOT consecutive Alex Kirk (Jan 25)
Re: Unknown class type Alex Kirk (Feb 07)
Re: Using snort to detect ethercat Alex Kirk (Jan 27)
Re: FP on 18372 Alex Kirk (Feb 16)

Alfonso Alejandro Reyes Jimenez

Re: ..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)
..:: Unclassified rules ::.. Alfonso Alejandro Reyes Jimenez (Mar 24)

Al MailingList

Re: Cloud Environment Al MailingList (Feb 24)

Andres Carrera Rivera

Snort A Log Andres Carrera Rivera (Feb 03)

Anthony Camilo

Re: Snort-sigs Digest, Vol 57, Issue 17 Anthony Camilo (Feb 10)

anvin igcar

Re: how to test snort rules? anvin igcar (Feb 08)
GOT THE GRAPH anvin igcar (Feb 09)
how to test snort rules? anvin igcar (Feb 08)
Snort rule Facebook Block anvin igcar (Feb 15)
How to display .log files into graphs? anvin igcar (Jan 11)
how to extract tcpdump/ libpcap formatted data anvin igcar (Jan 16)
Base 1.4.5 Graphs. No heading, labels anvin igcar (Feb 09)
Base1.4.5 error. What does this mean? anvin igcar (Feb 09)
empty alert file anvin igcar (Jan 17)
Error getting stat on pcap file anvin igcar (Jan 17)
Re: Base 1.4.5 Graphs. No heading, labels anvin igcar (Feb 09)
Re: Snort 2.9.0.3 Now Available anvin igcar (Jan 07)
SNORT and BASE(Graph not getting displayed) anvin igcar (Jan 04)
fatal error while running barnyard anvin igcar (Jan 17)
Base 1.4.5 Graphs. No heading, labels anvin igcar (Feb 09)
Configure snort --enable-inline anvin igcar (Feb 16)
snort -r output error anvin igcar (Jan 16)
BASE Problem anvin igcar (Jan 05)
What is the output anvin igcar (Jan 05)

Atkins, Dwane P

Snort Reporting and logs Atkins, Dwane P (Jan 12)
Re: Barnyard2 will not start Atkins, Dwane P (Feb 14)
Issue with snort.conf Atkins, Dwane P (Jan 05)
Snort Question Atkins, Dwane P (Jan 21)
Why does the Snort process stop? Atkins, Dwane P (Jan 25)
Reconfigure SNORT Atkins, Dwane P (Jan 05)
Barnyard issue Atkins, Dwane P (Jan 18)
Trigger events Atkins, Dwane P (Jan 05)
Barnyard2 will not start Atkins, Dwane P (Feb 11)
Re: Snort and Barnyard - why do our logs stop Atkins, Dwane P (Jan 24)
Re: Upgrading Barnyard2 Atkins, Dwane P (Jan 21)
Re: SegFault Atkins, Dwane P (Feb 17)
Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
Upgrading Barnyard2 Atkins, Dwane P (Jan 21)
Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
Snort and Barnyard - why do our logs stop Atkins, Dwane P (Jan 24)
SegFault Atkins, Dwane P (Feb 17)
Re: SegFault Atkins, Dwane P (Feb 17)
Re: Snort and Barnyard - why do our logs stop Atkins, Dwane P (Jan 25)
Re: Snort Reporting and logs Atkins, Dwane P (Jan 13)
Re: Barnyard issue Atkins, Dwane P (Jan 19)

Bamm Visscher

Re: Snort Deployment Configurations Bamm Visscher (Feb 07)
Re: Snort Deployment Configurations Bamm Visscher (Feb 07)
Re: BASE or Snort Report ??? Bamm Visscher (Jan 05)
Re: bpf filter to filter on *starting* port? Bamm Visscher (Feb 08)

beenph

Re: [Emerging-Sigs] New Proposed Classification.config file setup beenph (Jan 05)
Re: snort logging both to syslog and unified2 beenph (Jan 19)
Re: Why does the Snort process stop? beenph (Jan 25)
Re: Reliability of signatures beenph (Feb 04)
Re: Barnyard2 will not start beenph (Feb 14)
Re: odd issue with barnyard2 pid files beenph (Feb 08)
Re: barnyard patches? http://colin.grady.us/ offline ? beenph (Mar 31)
Re: Barnyard issue beenph (Jan 18)
Re: Barnyard issue beenph (Jan 19)
Re: Homebrew Snort Reactive/Unified2 output beenph (Mar 30)
Re: Barnyard issue beenph (Jan 19)
Re: Snort and Barnyard - why do our logs stop beenph (Jan 25)
Re: Snort and Barnyard - why do our logs stop beenph (Jan 25)
Re: Download latest source for barnyard2 (securixlive.com is down) beenph (Feb 03)
Re: Download latest source for barnyard2 (securixlive.com is down) beenph (Feb 03)
Re: Getting more context in snort alerts. beenph (Jan 10)
Re: Barnyard2 will not start beenph (Feb 12)
Re: Snort and Barnyard - why do our logs stop beenph (Jan 25)
Re: Reliability of signatures beenph (Feb 04)
Re: rules management tools beenph (Mar 31)

Bhagya Bantwal

Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
Re: [Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1 Bhagya Bantwal (Mar 18)
Re: Barnyard issue Bhagya Bantwal (Jan 18)
Re: Problems with multipleconfigs. Bhagya Bantwal (Mar 11)
Re: [Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1 Bhagya Bantwal (Mar 16)
Re: BUG: snort fails to build if --disable-dynamicplugin is passed to ./configure Bhagya Bantwal (Feb 17)
Re: Issue with snort.conf Bhagya Bantwal (Jan 05)

Big Irish Dog

Night Dragon Sig/Rule ? Big Irish Dog (Feb 11)

Bouma, Wobbe

Using snort to detect ethercat Bouma, Wobbe (Jan 27)
setting up portscan Bouma, Wobbe (Jan 27)

Brian Fagan

Snort 2.8.6 Brian Fagan (Jan 13)
Snort 2.8.6 Brian Fagan (Jan 13)

Burke, Leonard

Re: Snort-users Digest, Vol 58, Issue 73 Burke, Leonard (Mar 31)

carlopmart

Re: Trying to build daq with nfq support carlopmart (Mar 31)
Re: Problems with multipleconfigs. carlopmart (Mar 11)
Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)
Re: Trying to build daq with nfq support carlopmart (Mar 31)
Trying to build daq with nfq support carlopmart (Mar 31)
Re: Trying to build daq with nfq support carlopmart (Mar 31)
Re: Trying to build daq with nfq support carlopmart (Mar 31)
Re: Please, make rpms packages for RHEL6 carlopmart (Feb 22)
A question about multipleconfigs and network interfaces carlopmart (Mar 12)
Re: Trying to build daq with nfq support carlopmart (Mar 31)
Re: Problems with multipleconfigs. carlopmart (Mar 11)
Re: [Snort-Users] Re: too many stream5_tcp alerts carlopmart (Mar 17)
Re: Problems with multipleconfigs. carlopmart (Mar 12)
Re: [Snort-Users] Re: too many stream5_tcp alerts carlopmart (Mar 18)
OT: questions about cxtracker carlopmart (Mar 22)
Re: Trying to build daq with nfq support (Solved) carlopmart (Mar 31)
Re: Problems with multipleconfigs. carlopmart (Mar 10)
Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
Re: Problems with multipleconfigs. carlopmart (Mar 10)
Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)
Re: Trying to build daq with nfq support carlopmart (Mar 31)
Please, make rpms packages for RHEL6 carlopmart (Feb 21)
Using pulledpork in offline mode carlopmart (Mar 14)
Problems with multipleconfigs. carlopmart (Mar 10)
Re: [Snort-Users] Re: too many stream5_tcp alerts carlopmart (Mar 17)
Re: Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
How can I configure ssh preprocessor?? carlopmart (Mar 30)
too many stream5_tcp alerts carlopmart (Mar 16)
Re: Problems with multipleconfigs. carlopmart (Mar 11)
Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)

Castle, Shane

Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Castle, Shane (Jan 06)
Signals Castle, Shane (Feb 01)
Re: [Snort-users] Barnyard, /usr/bin/ld: cannot find –lmysqlclient Castle, Shane (Jan 11)
Re: "stuck at RHEL5"? Castle, Shane (Jan 24)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Castle, Shane (Jan 06)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Castle, Shane (Jan 28)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Castle, Shane (Jan 06)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Castle, Shane (Jan 06)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Castle, Shane (Jan 06)
Matt Jonkman in the new Hakin9 Castle, Shane (Jan 31)

ccie 6862

Is there an easy way of knowing if your definitions are updated? ccie 6862 (Jan 13)

Champ Clark III [Softwink]

Re: Multi Snort Clients Champ Clark III [Softwink] (Jan 27)
Re: sid-msg.map incomplete again Champ Clark III [Softwink] (Jan 25)
Re: Why does the Snort process stop? Champ Clark III [Softwink] (Jan 25)
Re: Snort and Barnyard - why do our logs stop Champ Clark III [Softwink] (Jan 25)
Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 04)
Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 05)
Re: BASE or Snort Report ??? Champ Clark III [Softwink] (Jan 04)
Re: Snort and Barnyard - why do our logs stop Champ Clark III [Softwink] (Jan 24)

childrenofchaos

Snort behind router childrenofchaos (Mar 12)
snort 2.9.0.4 not logging childrenofchaos (Mar 14)

Chris Jacob

Re: Intermittent Pulled Pork Error Chris Jacob (Feb 16)

Chris Wilson

Re: über-packet Chris Wilson (Mar 04)

cihan . ayyildiz

Re: Segfault issue again with afpacket cihan . ayyildiz (Mar 11)
Re: segfault issue cihan . ayyildiz (Mar 07)
Re: segfault issue cihan . ayyildiz (Mar 07)
Segfault issue again with afpacket cihan . ayyildiz (Mar 10)
Re: segfault issue cihan . ayyildiz (Mar 07)
Re: segfault issue cihan . ayyildiz (Mar 06)
Re: segfault issue cihan . ayyildiz (Mar 06)
Re: segfault issue cihan . ayyildiz (Mar 07)
segfault issue cihan . ayyildiz (Mar 06)

CleBeer

Re: rules management tools CleBeer (Mar 31)
Error to build snort 2.9.0.4 using --enable-rzb-saac option CleBeer (Feb 11)
Re: Error to build snort 2.9.0.4 using --enable-rzb-saac option CleBeer (Feb 11)

Code Six

Snort Problem running on Ubuntu - Latest Stable version Code Six (Mar 25)

Colin Grady

Re: barnyard patches? http://colin.grady.us/ offline? Colin Grady (Mar 28)
Re: barnyard patches? http://colin.grady.us/ offline? Colin Grady (Mar 28)
Re: barnyard patches? http://colin.grady.us/ offline? Colin Grady (Mar 28)

Crook, Parker

Re: what does this mean? Crook, Parker (Jan 20)
frag3 preprocessor type definitions Crook, Parker (Jan 13)

Crusty Saint

Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Crusty Saint (Jan 28)
SiD:4129 - No FP - No FN but wrong Crusty Saint (Mar 28)
Re: FTP passive data transfer FP's and flowbits Crusty Saint (Jan 11)
Re: stuck with google is your friend time only Crusty Saint (Mar 31)
Tcp errors by the dozen, but all false positives ? Crusty Saint (Jan 10)
Re: "stuck at RHEL5"? Crusty Saint (Jan 24)
Re: rules management tools Crusty Saint (Mar 31)
Re: [Emerging-Sigs] Reliability of signatures Crusty Saint (Feb 10)
FYI : bollocks sells like hot bread Crusty Saint (Jan 07)
mail adress Crusty Saint (Jan 11)
Re: more stonesoft AET ( was +20, now +100 ) Crusty Saint (Feb 15)
Re: Snort Deployment Configurations Crusty Saint (Feb 07)
[ guide ] compile snort 2.9.03 on Debian Stable Crusty Saint (Jan 11)
Re: run snort on dual core intel atom cpus? Crusty Saint (Feb 15)
Re: Move snort to IPS Crusty Saint (Mar 21)
Re: SiD:4129 - No FP - No FN but wrong Crusty Saint (Mar 29)
snort sysconfig runtime options Crusty Saint (Jan 06)
more stonesoft AET ( was +20, now +100 ) Crusty Saint (Feb 15)
Re: Reliability of signatures Crusty Saint (Feb 04)
stuck with google is your friend time only Crusty Saint (Mar 31)
snort on a span/monitor port on cisco : false positives thru the roof ? Crusty Saint (Jan 24)
Re: VRT history Crusty Saint (Mar 29)
Re: Reliability of signatures Crusty Saint (Feb 04)
Re: snort on a span/monitor port on cisco : false positives thru the roof ? Crusty Saint (Jan 26)
Re: "stuck at RHEL5"? Crusty Saint (Jan 25)
Re: FTP passive data transfer FP's and flowbits Crusty Saint (Jan 26)
Re: SegFault Crusty Saint (Feb 17)
compile options Crusty Saint (Jan 05)
Re: MY PROJECT TOPIC Crusty Saint (Jan 10)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Crusty Saint (Mar 21)
Re: BASE or Snort Report ??? Crusty Saint (Jan 06)
Re: snort sysconfig runtime options Crusty Saint (Jan 06)
VRT history Crusty Saint (Mar 29)
Re: stuck with google is your friend time only Crusty Saint (Mar 31)
Re: SiD:4129 - No FP - No FN but wrong Crusty Saint (Mar 29)
Re: Reliability of signatures Crusty Saint (Feb 04)

CunningPike

Re: FTP passive data transfer FP's and flowbits CunningPike (Jan 14)

Dale Handy

Re: MY PROJECT TOPIC Dale Handy (Jan 09)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Dale Handy (Jan 31)

Daniel Shepherd

Re: Feasibility of bogus cookie checking Daniel Shepherd (Mar 31)

Dave Venman

Re: (no subject) Dave Venman (Mar 03)

Don Florence

searching for " in content Don Florence (Jan 10)
nuking snort Don Florence (Jan 27)
including payload content in alert Don Florence (Jan 06)

Dragos Ruiu

Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11) Dragos Ruiu (Jan 13)

DTakemori

non TCP/UDP/ICMP pass rules not working? DTakemori (Feb 04)

Edward Fjellskål

Re: Getting more context in snort alerts. Edward Fjellskål (Jan 10)
Re: Snort 2.9.0.4 Build 111 posted Edward Fjellskål (Feb 28)
Re: Getting more context in snort alerts. Edward Fjellskål (Jan 11)
Snort 2.9.0.4 for Ubuntu 10.04 updated Edward Fjellskål (Feb 11)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Edward Fjellskål (Feb 09)
Re: Tag Feature question Edward Fjellskål (Mar 02)
Re: Snort 2.9.0.4 Build 111 posted Edward Fjellskål (Feb 28)
Re: thinning out the rules Edward Fjellskål (Jan 20)
Re: What makes a complete IDS package? Edward Fjellskål (Mar 18)
Re: oinkmaster and so rules.. FAQ broken? Edward Fjellskål (Feb 09)
Re: [ guide ] compile snort 2.9.03 on Debian Stable Edward Fjellskål (Jan 11)

Edward Kryda

Re: Why does the Snort process stop? Edward Kryda (Jan 25)

elof

Re: Bug report - no content match on http_inspect port elof (Mar 04)
Bug report - no content match on http_inspect port elof (Mar 04)
Re: Bug report - no content match on http_inspect port elof (Mar 07)
über-packet elof (Mar 04)
Re: Bug report - no content match on http_inspect port elof (Mar 04)

Eoin Miller

Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Eoin Miller (Feb 08)
Re: How to display .log files into graphs? Eoin Miller (Jan 12)

Erik Johnson

Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
Sensitive Data Preprocessor: logging single matches Erik Johnson (Feb 25)
Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 01)
Re: Sensitive Data Preprocessor: logging single matches Erik Johnson (Mar 09)

evilghost () packetmail net

Trigger events evilghost () packetmail net (Jan 05)
Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get evilghost () packetmail net (Mar 13)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 18)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing evilghost () packetmail net (Jan 04)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 19)
Re: Richard Tyrrell/Telford/Syan Ltd is out of theoffice. evilghost () packetmail net (Feb 14)
Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? evilghost () packetmail net (Mar 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 19)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing evilghost () packetmail net (Jan 03)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 18)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
Re: [Emerging-Sigs] GPL rules - whomaintainsthem?Nobody? evilghost () packetmail net (Mar 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
Re: Snort.org Blog: Google Groups are alive! evilghost () packetmail net (Feb 09)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 18)
Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get evilghost () packetmail net (Mar 13)
Re: Coverage for the "Night Dragon" Trojan evilghost () packetmail net (Feb 10)
Re: Voip attack evilghost () packetmail net (Mar 09)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
Re: MY PROJECT TOPIC evilghost () packetmail net (Jan 03)

firewalZ

Re: SNORT and BASE(Graph not getting displayed) firewalZ (Jan 08)

Florian Pritz

2.9.0.4 tarball changed Florian Pritz (Feb 20)

Frank Knobbe

Re: SnortSam Patch for Snort 2, 9 Needs Testing and Feed Back Frank Knobbe (Feb 05)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Frank Knobbe (Jan 30)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Frank Knobbe (Jan 30)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Frank Knobbe (Jan 28)

Fraser, Hugh

Re: Reliability of signatures Fraser, Hugh (Feb 07)
Re: Reliability of signatures Fraser, Hugh (Feb 07)
Re: Reliability of signatures Fraser, Hugh (Feb 07)
Reliability of signatures Fraser, Hugh (Feb 04)
Re: Reliability of signatures Fraser, Hugh (Feb 07)
Re: how to test snort rules? Fraser, Hugh (Feb 09)

Garland, Ken R

Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)
Re: BASE or Snort Report ??? Garland, Ken R (Jan 04)

Gibson, Nathan J. (HSC)

Re: Snort and Barnyard - why do our logs stop Gibson, Nathan J. (HSC) (Jan 24)
Re: so_rules issue Gibson, Nathan J. (HSC) (Jan 19)
Re: BASE or Snort Report ??? Gibson, Nathan J. (HSC) (Jan 04)
Re: snort logging both to syslog and unified2 Gibson, Nathan J. (HSC) (Jan 19)
Snort Make Error Gibson, Nathan J. (HSC) (Jan 14)
Re: snort logging both to syslog and unified2 Gibson, Nathan J. (HSC) (Jan 19)

Gopiraj Annamalai

segmentation fault in Snortsp-beta3 version Gopiraj Annamalai (Jan 20)

GravyFace

Re: switch port as network tap? GravyFace (Feb 15)

Gregory W. MacPherson

Re: Barnyard, /usr/bin/ld: cannot find ???lmysqlclient Gregory W. MacPherson (Jan 11)

Gregory Zill

Import ET into Sourcefire DC Gregory Zill (Jan 17)

Gustavo Guillermo Perez

Re: Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 22)
Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 19)
Re: Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 22)
Re: Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 22)

hadi tounsi

Re: ERROR: OpenPcap() FSM compilation failed: hadi tounsi (Mar 02)
ERROR: OpenPcap() FSM compilation failed: hadi tounsi (Feb 24)

Hafez Kamal

[HITB-Announce] HITB Magazine Call for Articles Hafez Kamal (Mar 08)
[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal (Jan 30)
[HITB-Announce] HITB Magazine Issue 005 Released Hafez Kamal (Feb 09)
[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal (Jan 30)
[HITB-Announce] HITB Magazine Issue 005 Released Hafez Kamal (Feb 09)
[HITB-Announce] HITB Magazine Call for Articles Hafez Kamal (Mar 08)

Hannes Holm

Successful remote shells? Hannes Holm (Jan 04)

Igor Zinovik

community rules, where to get them Igor Zinovik (Jan 25)

Ivani A. Nascimento

Re: Enc: Problems to start snort 2.9 Ivani A. Nascimento (Mar 31)
Enc: Problems to start snort 2.9 Ivani A. Nascimento (Mar 31)

Jacob Kitchel

Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Jacob Kitchel (Mar 21)
Re: [Emerging-Sigs] Reliability of signatures Jacob Kitchel (Feb 11)
Re: [Emerging-Sigs] Reliability of signatures Jacob Kitchel (Feb 11)

James Lay

Re: What makes a complete IDS package? James Lay (Mar 19)
DAQ compile issue James Lay (Jan 09)
What makes a complete IDS package? James Lay (Mar 18)
Re: Snort not seeing libdnet James Lay (Jan 27)
Re: what does this mean? James Lay (Jan 20)
Re: DAQ compile issue James Lay (Jan 09)
Re: error while loading shared libraries James Lay (Feb 11)
Snort not seeing libdnet James Lay (Jan 27)

Jamie Riden

Re: unsubscribe Jamie Riden (Mar 04)

Jason Brvenik

Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
Re: switch port as network tap? Jason Brvenik (Feb 15)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
Re: FTP passive data transfer FP's and flowbits Jason Brvenik (Jan 11)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)

Jason Haar

Re: can snort help detect bad spans? Jason Haar (Mar 21)
Re: does snort pick up lthe izamoon attack? Jason Haar (Mar 31)
FP on 3:15450:5 - BAD-TRAFFIC Conficker C/D DNS traffic detected Jason Haar (Mar 21)
can snort help detect bad spans? Jason Haar (Mar 21)
BPF question "port > 2000"? Jason Haar (Jan 20)
Re: bpf filter to filter on *starting* port? Jason Haar (Feb 08)
Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Jason Haar (Mar 13)
Re: bpf filter to filter on *starting* port? Jason Haar (Feb 08)
FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Jason Haar (Mar 13)
masses of FPs with 2.9.0.2 "NETBIOS Windows .* dll" rules Jason Haar (Jan 25)
does snort pick up lthe izamoon attack? Jason Haar (Mar 31)
Re: masses of FPs with 2.9.0.2 "NETBIOS Windows .* dll" rules Jason Haar (Jan 25)
bpf filter to filter on *starting* port? Jason Haar (Feb 07)
Re: bpf filter to filter on *starting* port? Jason Haar (Feb 08)
Re: BPF question "port > 2000"? Jason Haar (Jan 20)
Re: Snort Deployment Configurations Jason Haar (Feb 06)

Jason Wallace

Re: Snort Deployment Configurations Jason Wallace (Feb 04)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
Support related build-time files Jason Wallace (Feb 08)
Re: Snort rule Facebook Block Jason Wallace (Feb 15)
Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
Re: pulled pork Jason Wallace (Mar 04)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Jason Wallace (Feb 08)
Snort/Packet Capture and kernel options Jason Wallace (Jan 13)
OT: Gentoo users please read Jason Wallace (Mar 29)
Re: Why does the Snort process stop? Jason Wallace (Jan 25)
Re: Problems disabling rule categories with PulledPork Jason Wallace (Mar 08)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 01)
Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
Re: thinning out the rules Jason Wallace (Jan 20)
Re: snort inline (non-drop mode) br0 Jason Wallace (Feb 01)
Re: bpf filter to filter on *starting* port? Jason Wallace (Feb 08)
Gentoo Users: snort-2.9.0.4-r1 added to portage Jason Wallace (Mar 01)
Re: Enc: Problems to start snort 2.9 Jason Wallace (Mar 31)
Re: Download latest source for barnyard2 (securixlive.com is down) Jason Wallace (Feb 02)
Re: Reliability of signatures Jason Wallace (Feb 04)
Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
Re: (no subject) Jason Wallace (Mar 03)
Re: Segfault issue again with afpacket Jason Wallace (Mar 10)
Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
Re: oinkmaster vs pulled port, round two: Jason Wallace (Feb 10)
Re: Snort 2.9.0.4 Build 111 posted Jason Wallace (Feb 28)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Jason Wallace (Feb 03)
Re: bpf filter to filter on *starting* port? Jason Wallace (Feb 08)
Re: Gentoo Linux Snort Users Jason Wallace (Feb 25)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
Re: BUG: snort fails to build if --disable-dynamicplugin is passed to ./configure Jason Wallace (Feb 18)
Re: controlling open sessions Jason Wallace (Jan 07)
Re: can snort help detect bad spans? Jason Wallace (Mar 21)
Gentoo Linux Snort Users Jason Wallace (Feb 24)
Re: Reliability of signatures Jason Wallace (Feb 04)
Re: Support related build-time files Jason Wallace (Feb 08)
Re: Gentoo Linux Snort Users Jason Wallace (Feb 24)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Jason Wallace (Feb 08)
Re: segfault issue Jason Wallace (Mar 07)

Jefferson, Shawn

Emerging Threats ruleset error Jefferson, Shawn (Jan 05)
Snort Decoder Alerts with Multiple Configs Jefferson, Shawn (Mar 21)
Re: Why does the Snort process stop? Jefferson, Shawn (Jan 25)
Re: FTP passive data transfer FP's and flowbits Jefferson, Shawn (Jan 11)
Re: Homebrew Snort Reactive/Unified2 output Jefferson, Shawn (Mar 30)
Re: BASE or Snort Report ??? Jefferson, Shawn (Jan 04)
Re: (no subject) Jefferson, Shawn (Mar 03)
Re: was--Matt Jonkman in the new Hakin9--now detecting infections Jefferson, Shawn (Feb 03)
Re: What makes a complete IDS package? Jefferson, Shawn (Mar 18)
Re: Homebrew Snort Reactive/Unified2 output Jefferson, Shawn (Mar 30)
Re: snort logging both to syslog and unified2 Jefferson, Shawn (Jan 19)
Emerging Threats Rules Problem Jefferson, Shawn (Jan 20)
Re: (no subject) Jefferson, Shawn (Mar 03)
BASE 1.4.x updates? Jefferson, Shawn (Feb 18)
Re: BASE or Snort Report ??? Jefferson, Shawn (Jan 04)
ET Users - Check your senors Jefferson, Shawn (Feb 10)
Re: Getting more context in snort alerts. Jefferson, Shawn (Jan 10)
Re: What makes a complete IDS package? Jefferson, Shawn (Mar 21)

jeff jennings

unsubscribe jeff jennings (Mar 19)

Jeff Kell

Re: Smoking Pig Update (PulledPork) Jeff Kell (Mar 29)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Jeff Kell (Jan 06)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Jeff Kell (Jan 06)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Jeff Kell (Jan 28)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jeff Kell (Mar 21)

Jerry McCaslin

Barnyard, /usr/bin/ld: cannot find –lmysqlclient Jerry McCaslin (Jan 11)

Jim Hranicky

Re: Active response not working in 2.9.0.4 ? Jim Hranicky (Mar 19)
Re: Active response not working in 2.9.0.4 ? Jim Hranicky (Mar 18)
Re: Reliability of signatures Jim Hranicky (Feb 04)
Re: Download latest source for barnyard2 (securixlive.com is down) Jim Hranicky (Feb 03)
Re: Reliability of signatures Jim Hranicky (Feb 04)
Re: Active response not working in 2.9.0.4 ? Jim Hranicky (Mar 19)
Re: [Emerging-Sigs] Reliability of signatures Jim Hranicky (Feb 04)

Jimmy

Snort with prelude on openbsd Jimmy (Mar 31)

JJC

Re: Dynamic_rules JJC (Jan 07)
Re: problem tuning out one particular rule JJC (Mar 30)
Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
PulledPork 0.6.0 the Smoking Pig is on fire! JJC (Mar 31)
Re: Intermittent Pulled Pork Error JJC (Feb 18)
Re: pulled pork JJC (Mar 05)
Re: Smoking Pig Update (PulledPork) JJC (Mar 29)
Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
Re: Download latest source for barnyard2 (securixlive.com is down) JJC (Feb 03)
Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
Re: Smoking Pig Update (PulledPork) JJC (Mar 29)
Re: (no subject) JJC (Mar 01)
Re: Is there an easy way of knowing if your definitions are updated? JJC (Jan 14)
Re: thinning out the rules JJC (Jan 20)
Re: oinkmaster and so rules.. FAQ broken? JJC (Feb 09)
PulledPork v0.6.0 the Smoking Pig is on fire! JJC (Mar 28)
Re: (no subject) JJC (Mar 03)
Re: problem tuning out one particular rule JJC (Mar 30)
Re: Cannot find alert JJC (Feb 09)
Re: Using pulledpork in offline mode JJC (Mar 15)
Smoking Pig Update (PulledPork) JJC (Mar 29)
Re: Smoking Pig Update (PulledPork) JJC (Mar 29)
Re: thinning out the rules JJC (Jan 20)
Re: oinkmaster and so rules.. FAQ broken? JJC (Feb 09)
Re: Intermittent Pulled Pork Error JJC (Feb 16)
Re: Intermittent Pulled Pork Error JJC (Feb 17)

JJ Cummings

Re: snort startup inside a vm JJ Cummings (Jan 31)
Re: Intermittent Pulled Pork Error JJ Cummings (Feb 17)
Re: Intermittent Pulled Pork Error JJ Cummings (Feb 17)

J. L. Cabral

Snort new version compilation J. L. Cabral (Jan 03)
Using "decoding and preprocessor rules" and "shared object snort rules" J. L. Cabral (Mar 28)
BASE or Snort Report ??? J. L. Cabral (Jan 04)
Re: BASE or Snort Report ??? J. L. Cabral (Jan 04)
Re: BASE or Snort Report ??? J. L. Cabral (Jan 04)

Joe Gedeon

Increase in ASN.1 alerts Joe Gedeon (Feb 02)

Joel Esler

Re: Snort Reporting and logs Joel Esler (Jan 12)
Re: Intermittent Pulled Pork Error Joel Esler (Feb 19)
Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)
Re: Intermittent Pulled Pork Error Joel Esler (Feb 17)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
Re: Reliability of signatures Joel Esler (Feb 04)
Re: Import ET into Sourcefire DC Joel Esler (Jan 17)
Re: [PATCH]: Support the hyphen character in a port range Joel Esler (Mar 06)
Re: Rules with SDF options cannot have other detection options in the same rule Joel Esler (Feb 01)
Re: Problems disabling rule categories with PulledPork Joel Esler (Mar 08)
Re: rules management tools Joel Esler (Mar 31)
Re: Snort.org Blog: Google Groups are alive! Joel Esler (Feb 09)
Re: Reconfigure SNORT Joel Esler (Jan 05)
Re: Help !! Joel Esler (Mar 07)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Joel Esler (Jan 31)
Re: What makes a complete IDS package? Joel Esler (Mar 18)
Re: FP on 18372 Joel Esler (Feb 16)
Re: Snort version vs Snort rules version Joel Esler (Jan 11)
Re: Snort 2.9.0.3 Now Available Joel Esler (Jan 03)
Re: BASE or Snort Report ??? Joel Esler (Jan 04)
Re: Snort version vs Snort rules version Joel Esler (Jan 11)
Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version Joel Esler (Mar 29)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
VRT subscriptions Joel Esler (Jan 06)
Re: netflow support in snort Joel Esler (Feb 14)
Re: Malware Sigs Plus Vuln Sigs or Vuln Sigs Only Joel Esler (Feb 03)
Re: Country Block functionality in pre-processor Joel Esler (Mar 01)
Re: Error: Unknown preprocessor: "normalize_ip4" Joel Esler (Jan 02)
Re: [Emerging-Sigs] odd snort error.... -- ignore :) Joel Esler (Jan 10)
Re: more stonesoft AET ( was +20, now +100 ) Joel Esler (Feb 15)
Re: oinkmaster and so rules.. FAQ broken? Joel Esler (Feb 08)
Re: can snort help detect bad spans? Joel Esler (Mar 21)
Re: SiD:4129 - No FP - No FN but wrong Joel Esler (Mar 28)
Re: Snort.org Blog: Google Groups are alive! Joel Esler (Feb 09)
Re: What makes a complete IDS package? Joel Esler (Mar 21)
Re: SegFault Joel Esler (Feb 17)
Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)
Re: Snort-users Digest, Vol 58, Issue 73 Joel Esler (Mar 31)
Re: Support related build-time files Joel Esler (Feb 08)
Re: Feasibility of bogus cookie checking Joel Esler (Mar 31)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 06)
Re: Freebsd snorters: test port of 2.9.0.3 available Joel Esler (Jan 29)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 18)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 28)
Re: Help !! Joel Esler (Mar 07)
Re: Problems disabling rule categories with PulledPork Joel Esler (Mar 08)
Re: snort 2.9.0.4 upgrade Joel Esler (Feb 10)
More Shared Object rule platforms supported Joel Esler (Feb 16)
Re: Upgrading Barnyard2 Joel Esler (Jan 21)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 28)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 06)
Re: FTP passive data transfer FP's and flowbits Joel Esler (Jan 26)
Re: oinkmaster and so rules.. FAQ broken? Joel Esler (Feb 08)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 28)
Re: Intermittent Pulled Pork Error Joel Esler (Feb 17)
Re: threshold.conf Joel Esler (Jan 14)
Re: Freebsd snorters: test port of 2.9.0.3 available Joel Esler (Jan 29)
Re: pulled pork Joel Esler (Feb 04)
Re: threshold now working Joel Esler (Jan 28)
Re: Rules with SDF options cannot have other detection options in the same rule Joel Esler (Feb 01)
Re: Please, make rpms packages for RHEL6 Joel Esler (Feb 21)
Re: Reliability of signatures Joel Esler (Feb 04)
Re: Rules with SDF options cannot have other detection options in the same rule Joel Esler (Feb 01)
Coverage for the "Night Dragon" Trojan Joel Esler (Feb 10)
Re: ..:: Unclassified rules ::.. Joel Esler (Mar 25)
Re: snort v2.9.0.4 Fedora 14 Segmentation Fault Joel Esler (Feb 16)
Re: "stuck at RHEL5"? Joel Esler (Jan 08)
Re: Import ET into Sourcefire DC Joel Esler (Jan 17)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
Re: Rules with SDF options cannot have other detection options in the same rule Joel Esler (Feb 01)
New Shared Object rule support in yesterday's rulepack Joel Esler (Jan 14)
Re: FP on 18372 Joel Esler (Feb 16)
Re: [Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1 Joel Esler (Mar 16)
Re: more stonesoft AET ( was +20, now +100 ) Joel Esler (Feb 15)
Re: ..:: Unclassified rules ::.. Joel Esler (Mar 24)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 28)
Re: [Emerging-Sigs] Reliability of signatures Joel Esler (Feb 11)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 18)
Re: community rules, where to get them Joel Esler (Jan 26)
Re: SNORT and BASE(Graph not getting displayed) Joel Esler (Jan 08)
Fw: Problem of log in Mysql database with the Dynamic Preprocessor Example Joel Esler (Mar 30)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
Snort 2.9.0.4 Build 111 posted Joel Esler (Feb 28)
Re: snort inline (non-drop mode) br0 Joel Esler (Feb 02)
Re: snort v2.9.0.4 Fedora 14 Segmentation Fault Joel Esler (Feb 16)
Re: Intermittent Pulled Pork Error Joel Esler (Feb 16)
Re: Bug report - no content match on http_inspect port Joel Esler (Mar 04)
Re: Smoking Pig Update (PulledPork) Joel Esler (Mar 29)
Re: SiD:4129 - No FP - No FN but wrong Joel Esler (Mar 29)
VRT Blog Post, blacklist.rules Joel Esler (Feb 08)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
Re: [Snort-sigs] Snort.org Blog: Google Groups are alive! Joel Esler (Feb 09)
Re: [Snort-devel] Snort.org Blog: Google Groups are alive! Joel Esler (Feb 09)
Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 06)
Re: frag3 preprocessor type definitions Joel Esler (Jan 13)
Re: PCaps Joel Esler (Mar 05)
Re: GPL sig 1313 Joel Esler (Mar 18)
Re: [Snort-sigs] New Classification System Finalization Joel Esler (Jan 31)
Re: Error Starting Snort with DAQ Joel Esler (Feb 02)
Re: PCaps Joel Esler (Mar 05)
Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)
Re: run snort on dual core intel atom cpus? Joel Esler (Feb 15)
Re: New Classification System Finalization Joel Esler (Jan 31)
Re: Snort Reporting and logs Joel Esler (Jan 13)
Re: (no subject) Joel Esler (Mar 01)
Re: can snort help detect bad spans? Joel Esler (Mar 21)
Re: Error: Unknown preprocessor: "normalize_ip4" Joel Esler (Jan 01)
Re: Index Snort Content Joel Esler (Feb 04)
Re: Snort Reporting and logs Joel Esler (Jan 13)
Re: frag3 preprocessor type definitions Joel Esler (Jan 14)
Re: ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. Joel Esler (Jan 04)
Snort.org Blog: White Papers on Snort.org Joel Esler (Feb 11)
Re: switch port as network tap? Joel Esler (Feb 15)
Re: Cannot find alert Joel Esler (Feb 09)
Re: Snort Deployment Configurations Joel Esler (Feb 07)
Re: oinkmaster vs pulled port, round two: Joel Esler (Feb 10)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
Re: snort inline (non-drop mode) br0 Joel Esler (Feb 01)
Re: segfault issue Joel Esler (Mar 07)
Re: Emerging Threats ruleset error Joel Esler (Jan 05)
Re: does snort pick up lthe izamoon attack? Joel Esler (Mar 31)
Snort.org Blog: Google Groups are alive! Joel Esler (Feb 09)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Joel Esler (Feb 08)
Re: nuking snort Joel Esler (Jan 28)
Re: snort inline (non-drop mode) br0 Joel Esler (Feb 02)
Reminder: Check your Snort.conf files Joel Esler (Jan 04)
Re: Announce: StreamDB Joel Esler (Feb 02)
Re: Snort Reporting and logs Joel Esler (Jan 13)
Re: controlling open sessions Joel Esler (Jan 08)
Re: What makes a complete IDS package? Joel Esler (Mar 19)
Re: BASE or Snort Report ??? Joel Esler (Jan 04)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 06)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
Re: what does this mean? Joel Esler (Jan 20)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Joel Esler (Jan 29)
Re: (no subject) Joel Esler (Mar 04)
Re: perfprofiling not working Joel Esler (Feb 18)
Re: Bug report - no content match on http_inspect port Joel Esler (Mar 04)
Re: OT: Debian\Snort Howto Joel Esler (Feb 15)
Re: oinkmaster and so rules.. FAQ broken? Joel Esler (Feb 08)
Re: including payload content in alert Joel Esler (Jan 09)
Re: Reliability of signatures Joel Esler (Feb 04)
Re: [Emerging-Sigs] Classifications and Tags Joel Esler (Mar 23)
Re: What makes a complete IDS package? Joel Esler (Mar 21)
Re: Snort version vs Snort rules version Joel Esler (Jan 11)
Re: Import ET into Sourcefire DC Joel Esler (Jan 17)
Re: Snort.org Blog: Google Groups are alive! Joel Esler (Feb 09)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
Re: Import ET into Sourcefire DC Joel Esler (Jan 17)
Re: segfault issue Joel Esler (Mar 06)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
Re: segfault issue Joel Esler (Mar 07)
Re: snort inline (non-drop mode) br0 Joel Esler (Feb 01)
Re: FTP passive data transfer FP's and flowbits Joel Esler (Jan 11)
SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Joel Esler (Jan 06)
Re: BASE or Snort Report ??? Joel Esler (Jan 04)
Re: VRT info Joel Esler (Jan 06)
Re: Night Dragon Sig/Rule ? Joel Esler (Feb 11)
Snort 2.9.0.4 Port For FreeBSD Now Available Joel Esler (Feb 16)
Re: open sessions problem Joel Esler (Jan 26)
Re: segfault issue Joel Esler (Mar 07)

Joe Pampel

Re: BASE or Snort Report ??? Joe Pampel (Jan 04)
Re: Snort Question Joe Pampel (Jan 21)

John Adams

run snort on dual core intel atom cpus? John Adams (Feb 15)

John Gay

Re: PCaps John Gay (Mar 07)
Re: thinning out the rules John Gay (Jan 25)

John Hally

Aanval Snort Signature Management John Hally (Mar 24)
Re: snort v2.9.0.4 Fedora 14 Segmentation Fault John Hally (Feb 16)
Re: snort v2.9.0.4 Fedora 14 Segmentation Fault John Hally (Feb 16)
snort v2.9.0.4 Fedora 14 Segmentation Fault John Hally (Feb 16)
Re: snort v2.9.0.4 Fedora 14 Segmentation Fault John Hally (Feb 16)

John Williams

Re: switch port as network tap? John Williams (Feb 15)
switch port as network tap? John Williams (Feb 15)
Re: switch port as network tap? John Williams (Feb 15)

John York

Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)
Re: was--Matt Jonkman in the new Hakin9--now detecting infections John York (Feb 03)

Jose J. Cintron

error loading sf-engine.dll Jose J. Cintron (Feb 24)

Josh Blender

Tag Feature question Josh Blender (Mar 01)
Re: Tag Feature question Josh Blender (Mar 02)

Joshua.Kinard

Extending Snort to other protocols? Joshua.Kinard (Feb 14)
Re: Snort 2.9.0.4 Build 111 posted Joshua.Kinard (Feb 28)
[PATCH]: Support the hyphen character in a port range Joshua.Kinard (Mar 04)

JP Vossen

Re: "stuck at RHEL5"? JP Vossen (Jan 25)
Re: "stuck at RHEL5"? JP Vossen (Jan 11)
"stuck at RHEL5"? JP Vossen (Jan 08)

Jun Wan

Snort doesn't produce alerts----WARNING: normalizations disabled because DAQ can't replace packets. Jun Wan (Jan 21)
Re: BASE or Snort Report ??? Jun Wan (Jan 06)
Re: Snort doesn't produce alerts----WARNING: normalizations disabled because DAQ can't replace packets. Jun Wan (Jan 23)
FW: Snort doesn't produce alerts----WARNING: normalizations disabled because DAQ can't replace packets. Jun Wan (Jan 23)

Kelvie Wong

Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Mar 22)
Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Mar 22)
Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Mar 23)
Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Mar 29)
Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Mar 23)

Kevin Ross

Re: Getting more context in snort alerts. Kevin Ross (Jan 11)
Re: Heap Spray String Floods Kevin Ross (Feb 23)
Re: error while loading shared libraries Kevin Ross (Feb 11)
error while loading shared libraries Kevin Ross (Feb 10)
Re: Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)
Re: Quick Question: base64 snort options Kevin Ross (Feb 24)
Re: how to test snort rules? Kevin Ross (Feb 08)
Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)
Quick Question: base64 snort options Kevin Ross (Feb 24)
Re: [Emerging-Sigs] Smoking Pig Update (PulledPork) Kevin Ross (Mar 29)
Re: [Emerging-Sigs] error while loading sharedlibraries Kevin Ross (Feb 11)
Re: error while loading shared libraries Kevin Ross (Feb 11)

Korodev

Homebrew Snort Reactive/Unified2 output Korodev (Mar 30)
Re: Homebrew Snort Reactive/Unified2 output Korodev (Mar 30)
Re: Homebrew Snort Reactive/Unified2 output Korodev (Mar 31)
Re: Question about a Snort rule Korodev (Feb 25)
Re: Homebrew Snort Reactive/Unified2 output Korodev (Mar 30)

Kungu Panda

Re: [Snort-users] New Shared Object rule support in yesterday's rulepack Kungu Panda (Jan 19)
Re: FTP passive data transfer FP's and flowbits Kungu Panda (Jan 11)
Re: FTP passive data transfer FP's and flowbits Kungu Panda (Jan 11)
FTP passive data transfer FP's and flowbits Kungu Panda (Jan 10)

L0rd Ch0de1m0rt

Re: Snort.org Blog: Google Groups are alive! L0rd Ch0de1m0rt (Feb 09)
issues with 2011033 - ET SCAN HTTP HEAD invalid method case L0rd Ch0de1m0rt (Jan 31)

Lawrence R. Hughes, Sr.

Re: snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 02)
snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 01)
snort thresholding/event_filter broken? Does thresholding work at all in snort? Lawrence R. Hughes, Sr. (Jan 25)
Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 10)
Re: thresholding not working Lawrence R. Hughes, Sr. (Jan 19)
Re: thresholding not working Lawrence R. Hughes, Sr. (Jan 19)
threshold now working Lawrence R. Hughes, Sr. (Jan 27)
Re: snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 02)
Dynamic_rules Lawrence R. Hughes, Sr. (Jan 07)
Re: snort thresholding/event_filter broken?Doesthresholding work at all in snort? Lawrence R. Hughes, Sr. (Jan 25)
Re: perfprofiling not working Lawrence R. Hughes, Sr. (Feb 21)
Re: sid-msg.map incomplete again Lawrence R. Hughes, Sr. (Jan 25)
Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
Re: snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 01)
Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
threshold.conf Lawrence R. Hughes, Sr. (Jan 14)
perfmonitor reporting too many open sessions Lawrence R. Hughes, Sr. (Jan 24)
Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
Re: perfprofiling not working Lawrence R. Hughes, Sr. (Feb 21)
thresholding (event_filter) twist? Lawrence R. Hughes, Sr. (Jan 27)
Re: snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 01)
Re: snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 01)
thresholding not working Lawrence R. Hughes, Sr. (Jan 19)
controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
snort 2.8.6.1 controlling open sessions Lawrence R. Hughes, Sr. (Jan 06)
Re: thresholding not working Lawrence R. Hughes, Sr. (Jan 19)
sid-msg.map incomplete again Lawrence R. Hughes, Sr. (Jan 25)
perfprofiling not working Lawrence R. Hughes, Sr. (Feb 18)
Re: thresholding not working Lawrence R. Hughes, Sr. (Jan 19)
open sessions problem Lawrence R. Hughes, Sr. (Jan 24)
Re: snort inline (non-drop mode) br0 Lawrence R. Hughes, Sr. (Feb 02)
stream5 flushes per-second Lawrence R. Hughes, Sr. (Jan 28)

Lay, James

Feasibility of bogus cookie checking Lay, James (Mar 31)
Ask Installer Lay, James (Feb 21)
Re: Snort A Log Lay, James (Feb 04)
Re: snort thresholding/event_filter broken? Doesthresholding work at all in snort? Lay, James (Jan 25)
Re: snort thresholding/event_filter broken?Doesthresholding work at all in snort? Lay, James (Jan 25)
Re: Feasibility of bogus cookie checking Lay, James (Mar 31)
VRT info Lay, James (Jan 06)

List Subscriptions

Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? List Subscriptions (Jan 30)
Re: [Emerging-Sigs] Reliability of signatures List Subscriptions (Feb 10)

Luis Daniel Lucio Quiroz

Re: SnortSam Patch for Snort 2, 9 Needs Testing and Feed Back Luis Daniel Lucio Quiroz (Feb 04)

Marcos Rodriguez

Re: Snort Reporting and logs Marcos Rodriguez (Jan 13)

Markus Lude

Re: what does this mean? Markus Lude (Jan 20)
Re: Smoking Pig Update (PulledPork) Markus Lude (Mar 29)

Marshall Bartoszek

Re: was--Matt Jonkman in the new Hakin9--now detecting infections Marshall Bartoszek (Feb 04)

Martin Holste

Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Martin Holste (Mar 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Holste (Mar 20)
Re: How to display .log files into graphs? Martin Holste (Jan 12)
Re: FTP passive data transfer FP's and flowbits Martin Holste (Jan 11)
Re: A question about multipleconfigs and network interfaces Martin Holste (Mar 12)
Re: Homebrew Snort Reactive/Unified2 output Martin Holste (Mar 31)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: Cloud Environment Martin Holste (Feb 24)
Re: Problems disabling rule categories with PulledPork Martin Holste (Mar 08)
Re: Download latest source for barnyard2 (securixlive.com is down) Martin Holste (Feb 03)
Re: Pattern Matcher Performance (config detection) Martin Holste (Feb 24)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Martin Holste (Mar 21)
Re: Homebrew Snort Reactive/Unified2 output Martin Holste (Mar 30)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: Snort Deployment Configurations Martin Holste (Feb 07)
Re: Snort Deployment Configurations Martin Holste (Feb 07)
Re: FTP passive data transfer FP's and flowbits Martin Holste (Jan 10)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: What makes a complete IDS package? Martin Holste (Mar 21)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: Download latest source for barnyard2 (securixlive.com is down) Martin Holste (Feb 03)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 03)
Re: Snort Deployment Configurations Martin Holste (Feb 03)
Re: BASE or Snort Report ??? Martin Holste (Jan 05)
Re: Pattern Matcher Performance (config detection) Martin Holste (Feb 24)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Martin Holste (Feb 02)
Announce: StreamDB Martin Holste (Feb 01)
Re: Problems disabling rule categories with PulledPork Martin Holste (Mar 08)
Re: oinkmaster and so rules.. FAQ broken? Martin Holste (Feb 09)
Re: Pattern Matcher Performance (config detection) Martin Holste (Feb 24)
Re: Getting more context in snort alerts. Martin Holste (Jan 10)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: [Snort-devel] [Emerging-Sigs] New Proposed Classification.config file setup Martin Holste (Jan 06)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: oinkmaster and so rules.. FAQ broken? Martin Holste (Feb 09)
Re: Snort Deployment Configurations Martin Holste (Feb 07)
Re: snort ipv6 isssue Martin Holste (Mar 26)
Re: Tag Feature question Martin Holste (Mar 02)
Re: FTP passive data transfer FP's and flowbits Martin Holste (Jan 11)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: Using snort to detect ethercat Martin Holste (Jan 29)
Re: SNORT and BASE(Graph not getting displayed) Martin Holste (Jan 09)
Re: Reliability of signatures Martin Holste (Feb 04)
Re: Reliability of signatures Martin Holste (Feb 04)

Martin Roesch

Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
Re: Homebrew Snort Reactive/Unified2 output Martin Roesch (Mar 31)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 19)
Re: Homebrew Snort Reactive/Unified2 output Martin Roesch (Mar 31)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 19)
Re: Reliability of signatures Martin Roesch (Feb 04)
Re: [Emerging-Sigs] Reliability of signatures Martin Roesch (Feb 11)

matan monitz

[Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1 matan monitz (Mar 16)
[Snort-Sigs] sid 17652 possible typo matan monitz (Mar 14)
Re: [Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1 matan monitz (Mar 16)
Re: VRT SO Rules for FreeBSD/amd64 matan monitz (Feb 07)
PHP DOS matan monitz (Jan 06)

Matthew Jonkman

Re: Fwd: pulledpork snort.rules error Matthew Jonkman (Mar 09)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 18)
Re: [Emerging-Sigs] Reliability of signatures Matthew Jonkman (Feb 10)
Re: was--Matt Jonkman in the new Hakin9--now detecting infections Matthew Jonkman (Feb 03)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: Reliability of signatures Matthew Jonkman (Feb 04)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: Import ET into Sourcefire DC Matthew Jonkman (Jan 17)
New Classification System Finalization Matthew Jonkman (Jan 31)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
Re: Emerging Threats Rules Problem Matthew Jonkman (Jan 20)
Re: Coverage for the "Night Dragon" Trojan Matthew Jonkman (Feb 10)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
Re: [Snort-sigs] New Classification System Finalization Matthew Jonkman (Jan 31)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Jan 31)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 02)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 19)
Re: [Emerging-Sigs] issues with 2011033 - ET SCAN HTTP HEAD invalid method case Matthew Jonkman (Jan 31)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: Coverage for the "Night Dragon" Trojan Matthew Jonkman (Feb 10)
Night Dragon Matthew Jonkman (Feb 10)
Re: Import ET into Sourcefire DC Matthew Jonkman (Jan 17)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: how to test snort rules? Matthew Jonkman (Feb 09)
Re: Reliability of signatures Matthew Jonkman (Feb 04)
Re: how to test snort rules? Matthew Jonkman (Feb 09)
Re: Import ET into Sourcefire DC Matthew Jonkman (Jan 17)
Re: Reliability of signatures Matthew Jonkman (Feb 04)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Matthew Jonkman (Mar 21)
Re: [Emerging-Sigs] Ask Installer Matthew Jonkman (Feb 21)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
Re: Emerging Threats ruleset error Matthew Jonkman (Jan 05)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 19)
Re: community rules, where to get them Matthew Jonkman (Jan 26)
Re: [Emerging-Sigs] Reliability of signatures Matthew Jonkman (Feb 10)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Matthew Jonkman (Jan 06)
Re: Night Dragon Sig/Rule ? Matthew Jonkman (Feb 11)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Matthew Jonkman (Jan 28)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Matthew Jonkman (Jan 28)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 18)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matthew Jonkman (Feb 04)
Re: [Emerging-Sigs] Coverage for the "Night Dragon" Trojan Matthew Jonkman (Feb 10)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 19)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 18)

Matt Olney

Re: how to test snort rules? Matt Olney (Feb 09)
Re: how to test snort rules? Matt Olney (Feb 08)
Re: how to test snort rules? Matt Olney (Feb 08)
Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
Re: Question about a Snort rule Matt Olney (Feb 25)
Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Matt Olney (Mar 13)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matt Olney (Mar 21)
Re: netflow support in snort Matt Olney (Feb 14)
Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
Re: Reliability of signatures Matt Olney (Feb 04)
Re: alert 1394 shellcode x86 inc ecx noop Matt Olney (Mar 13)
Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Matt Olney (Mar 13)
Re: Heap Spray String Floods Matt Olney (Feb 17)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Matt Olney (Feb 04)
Re: Coverage for the "Night Dragon" Trojan Matt Olney (Feb 10)
Re: Night Dragon Sig/Rule ? Matt Olney (Feb 11)
Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matt Olney (Mar 21)
Re: Heap Spray String Floods Matt Olney (Feb 17)
Re: Reliability of signatures Matt Olney (Feb 04)
Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
Re: Coverage for the "Night Dragon" Trojan Matt Olney (Feb 10)
Re: Coverage for the "Night Dragon" Trojan Matt Olney (Feb 10)

Matt Watchinski

Re: Contributing? Matt Watchinski (Mar 09)

Mehma Sarja

Country Block functionality in pre-processor Mehma Sarja (Feb 28)

Merida, Dylan

High FPs on New Stream5 Anomalies & Others Merida, Dylan (Jan 26)
Re: High FPs on New Stream5 Anomalies & Others Merida, Dylan (Jan 26)
Re: snort v2.9.0.4 Fedora 14 Segmentation Fault Merida, Dylan (Feb 16)
High FPs on New Stream5 Anomalies & Others Merida, Dylan (Jan 26)

Michael Altizer

Re: Trying to build daq with nfq support Michael Altizer (Mar 31)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 29)
Re: Problems in compiling snort-2.9.0.3 with daq-0.5 Michael Altizer (Jan 25)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Feb 01)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 30)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Michael Altizer (Feb 08)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Michael Altizer (Jan 28)
Re: not yet:: Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 30)
Re: OT: Gentoo users please read Michael Altizer (Mar 29)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 30)
External DAQ Modules Michael Altizer (Jan 14)

Michael Lubinski

alert 1394 shellcode x86 inc ecx noop Michael Lubinski (Mar 11)
Cannot find alert Michael Lubinski (Feb 09)
Re: Snort doesn't recognize traffic Michael Lubinski (Jan 24)
Re: snort startup inside a vm Michael Lubinski (Feb 03)
pulledpork snort.rules error Michael Lubinski (Mar 08)
threshold.conf and suppress 119 19 Michael Lubinski (Jan 22)
Unknown class type Michael Lubinski (Feb 07)
Re: Move snort to IPS Michael Lubinski (Mar 12)
Heap Spray String Floods Michael Lubinski (Feb 17)
Re: Snort behind router Michael Lubinski (Mar 12)
Re: Fwd: pulledpork snort.rules error Michael Lubinski (Mar 09)
gen-msg.map Michael Lubinski (Jan 30)
Move snort to IPS Michael Lubinski (Mar 12)
pulled pork Michael Lubinski (Feb 03)
Re: Heap Spray String Floods Michael Lubinski (Feb 17)
snort 2.9.0.4 upgrade Michael Lubinski (Feb 10)
Re: pulled pork Michael Lubinski (Mar 05)
Re: Unknown class type Michael Lubinski (Feb 07)
Index Snort Content Michael Lubinski (Feb 04)
Fwd: invalid keyword Michael Lubinski (Feb 11)
Dynamic Plugin: Rule not enabled Michael Lubinski (Mar 09)
sid.msg.map Michael Lubinski (Mar 11)
SHELLCODE x86 inc ecx NOOP Michael Lubinski (Feb 09)
snort startup inside a vm Michael Lubinski (Jan 31)
thinning out the rules Michael Lubinski (Jan 20)
Re: Unknown class type Michael Lubinski (Feb 07)
Contributing? Michael Lubinski (Mar 09)
invalid keyword Michael Lubinski (Feb 11)
Re: Heap Spray String Floods Michael Lubinski (Feb 17)
Re: Fwd: pulledpork snort.rules error Michael Lubinski (Mar 09)
PCaps Michael Lubinski (Mar 05)
Fwd: pulledpork snort.rules error Michael Lubinski (Mar 08)
Snort Deployment Configurations Michael Lubinski (Feb 03)
so_rules issue Michael Lubinski (Jan 19)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Michael Lubinski (Jan 31)
pulled pork error Michael Lubinski (Feb 12)
pulled pork Michael Lubinski (Mar 04)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Michael Lubinski (Jan 31)

Michael Scheidell

Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Michael Scheidell (Feb 08)
Re: solved. Re: qualifying ipfw for freebsd port of 2.9.0.3 Michael Scheidell (Feb 05)
Re: VRT SO Rules for FreeBSD/amd64 Michael Scheidell (Feb 07)
freebsd snorters: ports version for snort 2.9.0.3 that includes snortsam option available for testing Michael Scheidell (Jan 31)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 31)
SIGHUP doesn't work right with --daq ipfw Michael Scheidell (Feb 07)
Re: Reliability of signatures Michael Scheidell (Feb 04)
Re: Reliability of signatures Michael Scheidell (Feb 04)
before I downgrade to check... 2.8.4 vs 2.8.6 differences Michael Scheidell (Feb 25)
Re: [Snort-sigs] VRT SO Rules for FreeBSD/amd64 Michael Scheidell (Feb 07)
Re: qualifying ipfw for freebsd port of 2.9.0.3 Michael Scheidell (Feb 04)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Michael Scheidell (Jan 27)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Michael Scheidell (Jan 29)
Re: barnyard patches? http://colin.grady.us/ offline ? Michael Scheidell (Mar 29)
Re: qualifying ipfw for freebsd port of 2.9.0.3 Michael Scheidell (Feb 04)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Feb 01)
Re: barnyard patches? http://colin.grady.us/ offline ? Michael Scheidell (Mar 29)
Re: fwsam rules in chat.rules? Michael Scheidell (Jan 28)
anyone using snort 2.9.03 on freebsd with --daq ipfw? Michael Scheidell (Feb 08)
qualifying ipfw for freebsd port of 2.9.0.3 Michael Scheidell (Feb 04)
freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 29)
Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)
Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
Rules with SDF options cannot have other detection options in the same rule Michael Scheidell (Feb 01)
Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
Re: Reliability of signatures Michael Scheidell (Feb 04)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Michael Scheidell (Jan 28)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
oinkmaster vs pulled port, round two: Michael Scheidell (Feb 10)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
not yet:: Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 09)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
Re: snort 2.9.0.3 flexresp3 and active-response Michael Scheidell (Feb 02)
Re: Signals Michael Scheidell (Feb 01)
snort 2.9.0.3 flexresp3 and active-response Michael Scheidell (Feb 01)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Michael Scheidell (Feb 08)
Re: snort does not sent reset in freebsd/ipfw inline mode Michael Scheidell (Feb 04)
Re: qualifying ipfw for freebsd port of 2.9.0.3 Michael Scheidell (Feb 04)
Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 09)
Re: Increase in ASN.1 alerts Michael Scheidell (Feb 02)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Michael Scheidell (Jan 28)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Michael Scheidell (Feb 08)
Re: snort 2.9.0.3 bug? SIGUSR1 broken ? Michael Scheidell (Jan 29)
Re: daq inline and ipfw does not support ipv6? Michael Scheidell (Feb 04)
Re: barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 28)
Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
Re: Rules with SDF options cannot have other detection options in the same rule Michael Scheidell (Feb 01)
Re: Reliability of signatures Michael Scheidell (Feb 04)
Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 09)
solved. Re: qualifying ipfw for freebsd port of 2.9.0.3 Michael Scheidell (Feb 04)
barnyard patches? http://colin.grady.us/ offline? Michael Scheidell (Mar 27)
Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Michael Scheidell (Jan 28)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Michael Scheidell (Jan 28)
Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
Re: VRT SO Rules for FreeBSD/amd64 Michael Scheidell (Feb 07)
daq inline and ipfw does not support ipv6? Michael Scheidell (Feb 04)
snort 2.9.0.3 bug? SIGUSR1 broken? Michael Scheidell (Jan 28)
oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Michael Scheidell (Jan 28)
Re: not yet:: Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
Re: anyone using snort 2.9.03 on freebsd with --daq ipfw? Michael Scheidell (Feb 08)
fwsam rules in chat.rules? Michael Scheidell (Jan 28)
Re: Freebsd snorters: test port of 2.9.0.3 available Michael Scheidell (Jan 29)
Re: snort 2.9.0.3 bug? SIGUSR1 broken ? Michael Scheidell (Jan 29)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Michael Scheidell (Feb 08)
Re: Rules with SDF options cannot have other detection options in the same rule Michael Scheidell (Feb 01)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
Re: oinkmaster vs pulled port, round two: Michael Scheidell (Feb 10)
Re: SnortSam Patch for Snort 2, 9 Needs Testing and Feed Back Michael Scheidell (Jan 29)
Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
Freebsd snorters: Freebsd port for snort 2.9.0.3 has been posted Michael Scheidell (Feb 09)
Re: Reliability of signatures Michael Scheidell (Feb 04)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Michael Scheidell (Jan 28)
Re: oinkmaster and so rules.. FAQ broken? Michael Scheidell (Feb 08)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Michael Scheidell (Jan 28)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
Re: daq inline and ipfw does not support ipv6? Michael Scheidell (Feb 04)
Re: snort 2.9.0.4 upgrade Michael Scheidell (Feb 10)
Re: [Snort-sigs] VRT SO Rules for FreeBSD/amd64 Michael Scheidell (Feb 07)
Re: Rules with SDF options cannot have other detection options in the same rule Michael Scheidell (Feb 01)
Freebsd snorters: test port of 2.9.0.3 available Michael Scheidell (Jan 29)

Michael Steele

Error: Unknown preprocessor: "normalize_ip4" Michael Steele (Jan 01)
Re: Error: Unknown preprocessor: "normalize_ip4" Michael Steele (Jan 01)
Base 1.4.5 - Dst. countries vs. number of alerts on a worldmap - all black Michael Steele (Jan 16)

Michael Stone

Re: [Emerging-Sigs] Reliability of signatures Michael Stone (Feb 10)

Mike Cox

Re: Coverage for the "Night Dragon" Trojan Mike Cox (Feb 10)
Re: Coverage for the "Night Dragon" Trojan Mike Cox (Feb 10)
Re: Coverage for the "Night Dragon" Trojan Mike Cox (Feb 10)

Mike Iacovacci

Re: [Emerging-Sigs] Coverage for the "Night Dragon" Trojan Mike Iacovacci (Feb 11)

Mike Kun

Re: Problems disabling rule categories with PulledPork Mike Kun (Mar 08)
Problems disabling rule categories with PulledPork Mike Kun (Mar 08)

Mike Lococo

Pattern Matcher Performance (config detection) Mike Lococo (Feb 24)
Re: Pattern Matcher Performance (config detection) Mike Lococo (Feb 24)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Mike Lococo (Feb 08)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Mike Lococo (Mar 23)
Re: Smoking Pig Update (PulledPork) Mike Lococo (Mar 29)
Re: Smoking Pig Update (PulledPork) Mike Lococo (Mar 30)
Re: Pattern Matcher Performance (config detection) Mike Lococo (Feb 24)
Re: Pattern Matcher Performance (config detection) Mike Lococo (Feb 24)

Miso Patel

Question about a Snort rule Miso Patel (Feb 25)
Re: Question about a Snort rule Miso Patel (Feb 25)

NA

Re: compile options NA (Feb 07)
Snort version vs Snort rules version NA (Jan 11)
Re: Gentoo Linux Snort Users NA (Feb 24)
Re: Snort version vs Snort rules version NA (Jan 11)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? NA (Mar 22)
Re: Gentoo Linux Snort Users NA (Feb 24)
Re: Gentoo Linux Snort Users NA (Feb 24)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 NA (Jan 28)
Re: pulled pork NA (Mar 05)

Nick Moore

Re: Initial snort.conf Nick Moore (Jan 27)
Re: Trigger events Nick Moore (Jan 05)
Re: ERROR: OpenPcap() FSM compilation failed: Nick Moore (Feb 25)

Nick Randolph

Re: [Emerging-Sigs] Coverage for the "Night Dragon" Trojan Nick Randolph (Feb 11)

Nigel Houghton

Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Nigel Houghton (Mar 21)
Re: "stuck at RHEL5"? Nigel Houghton (Jan 08)
Re: Intermittent Pulled Pork Error Nigel Houghton (Feb 16)
Re: GPL sig 1313 Nigel Houghton (Mar 18)
Re: stuck with google is your friend time only Nigel Houghton (Mar 31)
Re: snort 2.9.0.3 bug? SIGUSR1 broken ? Nigel Houghton (Jan 29)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Nigel Houghton (Jan 28)
Re: [Snort-sigs] VRT SO Rules for FreeBSD/amd64 Nigel Houghton (Feb 07)
Re: sid.msg.map Nigel Houghton (Mar 12)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Nigel Houghton (Jan 03)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Nigel Houghton (Jan 03)
Re: Voip attack Nigel Houghton (Mar 08)
Re: Gentoo Linux Snort Users Nigel Houghton (Feb 24)
Re: VRT history Nigel Houghton (Mar 29)
Re: VRT info Nigel Houghton (Jan 06)
Re: Reliability of signatures Nigel Houghton (Feb 04)
Re: Reliability of signatures Nigel Houghton (Feb 04)
Re: VRT SO Rules for FreeBSD/amd64 Nigel Houghton (Feb 07)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
Re: Dynamic Plugin: Rule not enabled Nigel Houghton (Mar 10)
Re: Question about a Snort rule Nigel Houghton (Feb 25)
Re: Question about a Snort rule Nigel Houghton (Feb 25)
Re: pulled pork error Nigel Houghton (Feb 13)
Re: rules management tools Nigel Houghton (Mar 31)
Re: Reliability of signatures Nigel Houghton (Feb 04)
Re: sid-msg.map incomplete again Nigel Houghton (Jan 25)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
Re: Support related build-time files Nigel Houghton (Feb 08)
Re: stuck with google is your friend time only Nigel Houghton (Mar 31)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
Re: [Snort-users] New Shared Object rule support in yesterday's rulepack Nigel Houghton (Jan 19)
Re: sid-msg.map incomplete again Nigel Houghton (Jan 25)
Re: Snort version vs Snort rules version Nigel Houghton (Jan 11)
Re: alert 1394 shellcode x86 inc ecx noop Nigel Houghton (Mar 12)
Re: rules management tools Nigel Houghton (Mar 31)
Re: Intermittent Pulled Pork Error Nigel Houghton (Feb 16)
Re: sid-msg.map incomplete again Nigel Houghton (Jan 25)
Re: [Emerging-Sigs] New Proposed Classification.config file setup Nigel Houghton (Mar 22)
Re: VRT SO Rules for FreeBSD/amd64 Nigel Houghton (Feb 07)

Nitram Eppank

Meaning of GENERATOR_TAG and TAG_LOG_PKT Nitram Eppank (Mar 25)

Nolan, Tim

Malware Sigs Plus Vuln Sigs or Vuln Sigs Only Nolan, Tim (Feb 03)

Olaf Schreck

Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
snort 2.9.0.4 won't daemonize, OpenBSD 4.7 Olaf Schreck (Mar 21)

olli hauer

Re: [Snort-sigs] RulePack update and End of Life of 2.8.6.0 olli hauer (Jan 06)

onelson

Re: "stuck at RHEL5"? onelson (Mar 23)
Re: [Snort-devel] [Emerging-Sigs] New Proposed Classification.config file setup onelson (Mar 22)

opeyemi folajimi

MY PROJECT TOPIC opeyemi folajimi (Jan 03)

Pat John

rules management tools Pat John (Mar 31)

Paul Halliday

SQueRT 0.8 Released. Paul Halliday (Feb 10)
Re: snort inline (non-drop mode) br0 Paul Halliday (Feb 02)
Re: BASE or Snort Report ??? Paul Halliday (Jan 04)
Re: sid-msg.map incomplete again Paul Halliday (Jan 25)
SQueRT 0.8.1 Released. Paul Halliday (Mar 08)

Paul Schmehl

Re: barnyard patches? http://colin.grady.us/ offline? Paul Schmehl (Mar 28)
Re: barnyard patches? http://colin.grady.us/ offline? Paul Schmehl (Mar 28)

PAURON, GUILLAUME (GUILLAUME)

Re: Voip attack PAURON, GUILLAUME (GUILLAUME) (Mar 09)
Voip attack PAURON, GUILLAUME (GUILLAUME) (Mar 08)

Philip Neukom

Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Philip Neukom (Mar 21)

phillip () bailey st

Re: how to test snort rules? phillip () bailey st (Feb 08)

Prashant cd c.d

snort ipv6 isssue Prashant cd c.d (Mar 25)
Re: snort ipv6 isssue Prashant cd c.d (Mar 26)
Re: snort ipv6 isssue Prashant cd c.d (Mar 26)

R2U-Systems (IT-Schuth) - Marco Schuth

guardian and oinkmaster.conf R2U-Systems (IT-Schuth) - Marco Schuth (Mar 02)

Rajkumar S

IPS working with FreeBSD and IPFW on snort 2.9.0.3? Rajkumar S (Jan 27)
snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 19)
Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Jan 20)
Re: snort does not sent reset in freebsd/ipfw inline mode Rajkumar S (Feb 03)

Randal T. Rioux

Re: BASE or Snort Report ??? Randal T. Rioux (Jan 04)
Re: BASE 1.4.x updates? Randal T. Rioux (Feb 18)
Re: Richard Tyrrell/Telford/Syan Ltd is out of the office. Randal T. Rioux (Feb 14)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Randal T. Rioux (Mar 21)
Re: Question about a Snort rule Randal T. Rioux (Feb 25)
OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 02)
Re: Richard Tyrrell/Telford/Syan Ltd is out of theoffice. Randal T. Rioux (Feb 14)
Re: Intermittent Pulled Pork Error Randal T. Rioux (Feb 18)
Re: Problems disabling rule categories with PulledPork Randal T. Rioux (Mar 08)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
Re: RulePack update and End of Life of 2.8.6.0 Randal T. Rioux (Jan 06)
Re: Night Dragon Randal T. Rioux (Feb 10)
Re: VRT SO Rules for FreeBSD/amd64 Randal T. Rioux (Feb 07)
Re: snort logging both to syslog and unified2 Randal T. Rioux (Jan 19)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
Re: Richard Tyrrell/Telford/Syan Ltd is out of the office. Randal T. Rioux (Mar 25)
Re: oinkmaster and so rules.. FAQ broken? Randal T. Rioux (Feb 08)
Re: oinkmaster and so rules.. FAQ broken? Randal T. Rioux (Feb 08)
Re: oinkmaster and so rules.. FAQ broken? Randal T. Rioux (Feb 08)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Randal T. Rioux (Mar 20)
Re: MY PROJECT TOPIC Randal T. Rioux (Jan 03)
Re: Snort 2.8.6 Randal T. Rioux (Jan 13)

Randy Caskey

Re: Base 1.4.5 Graphs. No heading, labels Randy Caskey (Feb 09)

RA Operations

Aanval v6 Released - Snort and Syslog Management / Correlation RA Operations (Jan 12)

Ray Caparros

Re: Index Snort Content Ray Caparros (Feb 04)
Re: Snort A Log Ray Caparros (Feb 04)
Re: Matt Jonkman in the new Hakin9 Ray Caparros (Jan 31)
Re: Snort Deployment Configurations Ray Caparros (Feb 07)
Re: MY PROJECT TOPIC Ray Caparros (Jan 03)
Re: how to test snort rules? Ray Caparros (Feb 08)
Re: Multi Snort Clients Ray Caparros (Jan 27)

Research

Sourcefire VRT Certified Snort Rules Update 2011-01-25 Research (Jan 25)
Sourcefire VRT Certified Snort Rules Update 2011-03-24 Research (Mar 24)
Sourcefire VRT Certified Snort Rules Update 2011-02-17 Research (Feb 17)
Sourcefire VRT Certified Snort Rules Update 2011-01-11 Research (Jan 11)
Sourcefire VRT Certified Snort Rules Update 2011-01-06 Research (Jan 06)
Sourcefire VRT Certified Snort Rules Update 2011-02-01 Research (Feb 01)
Sourcefire VRT Certified Snort Rules Update 2011-01-18 Research (Jan 18)
Sourcefire VRT Certified Snort Rules Update 2011-02-08 Research (Feb 08)
Sourcefire VRT Certified Snort Rules Update 2011-03-02 Research (Mar 02)
Sourcefire VRT Certified Snort Rules Update 2011-02-01 Research (Feb 01)
Sourcefire VRT Certified Snort Rules Update 2011-02-10 Research (Feb 10)
Sourcefire VRT Certified Snort Rules Update 2011-01-07 Research (Jan 07)
Sourcefire VRT Certified Snort Rules Update 2011-02-23 Research (Feb 23)
Sourcefire VRT Certified Snort Rules Update 2011-03-29 Research (Mar 29)
Sourcefire VRT Certified Snort Rules Update 2011-03-08 Research (Mar 08)
Sourcefire VRT Certified Snort Rules Update 2011-03-15 Research (Mar 15)
Sourcefire VRT Certified Snort Rules Update 2011-03-03 Research (Mar 03)
Sourcefire VRT Certified Snort Rules Update 2011-03-22 Research (Mar 22)
Sourcefire VRT Certified Snort Rules Update 2011-01-18 Research (Jan 19)
Sourcefire VRT Certified Snort Rules Update 2011-01-04 Research (Jan 04)
Sourcefire VRT Certified Snort Rules Update 2011-01-13 Research (Jan 13)
Sourcefire VRT Certified Snort Rules Update 2011-02-15 Research (Feb 15)
Sourcefire VRT Certified Snort Rules Update 2011-03-02 Research (Mar 02)

Richard Bejtlich

Re: Getting more context in snort alerts. Richard Bejtlich (Jan 10)

Richard Lichvar

Signatures Richard Lichvar (Feb 09)

Richard Tyrrell

Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Mar 25)
Richard Tyrrell/Telford/Syan Ltd is out of the office. Richard Tyrrell (Feb 14)

Rich Graves

Re: bpf filter to filter on *starting* port? Rich Graves (Feb 09)
Re: Barnyard issue Rich Graves (Jan 19)

Risto Vaarandi

Snort 2.9.0.4 inline active response on Centos 5.5 Risto Vaarandi (Mar 07)
sec-2.6.0 released Risto Vaarandi (Mar 18)

rmkml

Re: GPL sig 1313 rmkml (Mar 18)
Re: SiD:4129 - No FP - No FN but wrong rmkml (Mar 28)
Re: Snort rule Facebook Block rmkml (Feb 15)
Re: [Snort-Sigs] sid 17652 possible typo rmkml (Mar 14)
Re: BPF question "port > 2000"? rmkml (Jan 20)

Robert Z

Re: VRT SO Rules for FreeBSD/amd64 Robert Z (Feb 07)
Re: VRT SO Rules for FreeBSD/amd64 Robert Z (Feb 07)

rob iscool

Re: qualifying ipfw for freebsd port of 2.9.0.3 rob iscool (Feb 04)
snortsam patch for Snort 2.9 needs testing rob iscool (Feb 04)
Re: SnortSam Patch for Snort 2, 9 Needs Testing and Feed Back rob iscool (Jan 29)
Re: SnortSam Patch for Snort 2, 9 Needs Testing and Feed Back rob iscool (Jan 29)
Re: Error Starting Snort with DAQ rob iscool (Feb 02)
Re: qualifying ipfw for freebsd port of 2.9.0.3 rob iscool (Feb 04)
Error Starting Snort with DAQ rob iscool (Feb 02)
Re: Error Starting Snort with DAQ rob iscool (Feb 02)
Re: freebsd snorters: ports version for snort 2.9.0.3 that includes snortsam option available for testing rob iscool (Jan 31)
Fw: qualifying ipfw for freebsd port of 2.9.0.3 rob iscool (Feb 04)
Re: qualifying ipfw for freebsd port of 2.9.0.3 rob iscool (Feb 04)
SnortSam Patch for Snort 2, 9 Needs Testing and Feed Back rob iscool (Jan 29)

Rob MacGregor

Re: fatal error while running barnyard Rob MacGregor (Jan 17)
Re: snort ipv6 isssue Rob MacGregor (Mar 26)

Russ Combs

Re: Error to build snort 2.9.0.4 using --enable-rzb-saac option Russ Combs (Feb 11)
Re: netflow support in snort Russ Combs (Feb 14)
Re: thresholding not working Russ Combs (Jan 19)
Re: controlling open sessions Russ Combs (Jan 07)
Re: snort thresholding/event_filter broken? Does thresholding work at all in snort? Russ Combs (Jan 25)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: Why does the Snort process stop? Russ Combs (Jan 25)
Re: snort 2.9.0.3 flexresp3 and active-response Russ Combs (Feb 02)
Re: thresholding not working Russ Combs (Jan 19)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Russ Combs (Jan 04)
Re: compile options Russ Combs (Feb 07)
Re: error while loading shared libraries Russ Combs (Feb 10)
Re: controlling open sessions Russ Combs (Jan 07)
Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Russ Combs (Jan 28)
Re: OT: Gentoo users please read Russ Combs (Mar 29)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Mar 23)
Re: Download latest source for barnyard2 (securixlive.com is down) Russ Combs (Feb 03)
Re: snort 2.9.0.3 bug? SIGUSR1 broken? Russ Combs (Jan 28)
Re: Configure snort --enable-inline Russ Combs (Feb 17)
Re: Snort rule Facebook Block Russ Combs (Feb 15)
Re: Support related build-time files Russ Combs (Feb 08)
Re: daq inline and ipfw does not support ipv6? Russ Combs (Feb 04)
Re: snort 2.9.0.3 flexresp3 and active-response Russ Combs (Feb 02)
Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Feb 07)
Re: DAQ compile issue Russ Combs (Jan 09)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: Error getting stat on pcap file Russ Combs (Jan 17)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Mar 22)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Mar 29)
Re: Analyzing SNORT output and Alerts in Kiwi Syslog Russ Combs (Jan 04)
Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
Re: High FPs on New Stream5 Anomalies & Others Russ Combs (Jan 26)
Re: Download latest source for barnyard2 (securixlive.com is down) Russ Combs (Feb 03)
Re: Is there an easy way of knowing if your definitions are updated? Russ Combs (Jan 17)
Re: controlling open sessions Russ Combs (Jan 07)
Re: non TCP/UDP/ICMP pass rules not working? Russ Combs (Feb 04)
Re: Enc: Problems to start snort 2.9 Russ Combs (Mar 31)
Re: Homebrew Snort Reactive/Unified2 output Russ Combs (Mar 30)
Re: snort -r output error Russ Combs (Jan 17)
Re: [PATCHES] Fixes for daq_nfq Russ Combs (Mar 22)
Re: gen-msg.map Russ Combs (Jan 31)
Re: daq inline and ipfw does not support ipv6? Russ Combs (Feb 04)
Re: Snort new version compilation Russ Combs (Jan 04)
Re: Feasibility of bogus cookie checking Russ Combs (Mar 31)
Re: how to extract tcpdump/ libpcap formatted data Russ Combs (Jan 17)
Re: Error: Unknown preprocessor: "normalize_ip4" Russ Combs (Jan 01)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Russ Combs (Jan 04)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Russ Combs (Feb 11)
Re: Snort rule Facebook Block Russ Combs (Feb 15)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Russ Combs (Feb 11)
Re: snort thresholding/event_filter broken? Doesthresholding work at all in snort? Russ Combs (Jan 25)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: Error Starting Snort with DAQ Russ Combs (Feb 02)
Re: Trying to build daq with nfq support Russ Combs (Mar 31)
Re: controlling open sessions Russ Combs (Jan 07)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Russ Combs (Jan 31)
Re: thresholding not working Russ Combs (Jan 19)
Re: Move snort to IPS Russ Combs (Mar 12)
Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
Re: snort does not sent reset in freebsd/ipfw inline mode Russ Combs (Jan 28)
Re: IPS working with FreeBSD and IPFW on snort 2.9.0.3? Russ Combs (Jan 28)
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Russ Combs (Jan 31)

Russell Fulton

odd issue with barnyard2 pid files Russell Fulton (Feb 08)
Re: not getting tagged packets in db ??? Russell Fulton (Jan 11)
not getting tagged packets in db ??? Russell Fulton (Jan 11)

Ryan Jordan

Re: Bug report - no content match on http_inspect port Ryan Jordan (Mar 04)
Re: [Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1 Ryan Jordan (Mar 16)
Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 04)
Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 03)

Ryan Steinmetz

VRT SO Rules for FreeBSD/amd64 Ryan Steinmetz (Feb 07)

Sandro guly Zaccarini

Re: BPF question "port > 2000"? Sandro guly Zaccarini (Jan 20)

sasa susmanto

(no subject) sasa susmanto (Mar 02)
(no subject) sasa susmanto (Mar 01)

Sean Ansari

Cloud Environment Sean Ansari (Feb 24)

Security () brvenik com

Re: Smoking Pig Update (PulledPork) Security () brvenik com (Mar 30)

Seth Hall

Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
Re: Download latest source for barnyard2 (securixlive.com is down) Seth Hall (Feb 03)

Snort Releases

Snort 2.9.0.4 Now Available Snort Releases (Feb 10)
Snort 2.9.0.4 Now Available Snort Releases (Feb 10)

Stark, Vernon L. (ITSD)

unsubscribe Stark, Vernon L. (ITSD) (Mar 04)

Stefan Sabolowitsch

need help with Oinkmaster, ET snortsam rules (regexec Problem) Stefan Sabolowitsch (Feb 27)

Steven Sturges

Re: compile options Steven Sturges (Jan 05)
Re: Extending Snort to other protocols? Steven Sturges (Feb 15)

sudhakar govindavajhala

Getting more context in snort alerts. sudhakar govindavajhala (Jan 10)
Problems in compiling snort-2.9.0.3 with daq-0.5 sudhakar govindavajhala (Jan 25)

Tilley, Brad

Re: BASE or Snort Report ??? Tilley, Brad (Jan 05)

Tudor Panaitescu

Re: Active response not working in 2.9.0.4 ? Tudor Panaitescu (Mar 19)
Re: snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
Active response not working in 2.9.0.4 ? Tudor Panaitescu (Mar 18)
Re: Active response not working in 2.9.0.4 ? Tudor Panaitescu (Mar 19)
Active response not working in 2.9.0.4 ? Tudor Panaitescu (Mar 17)
Re: snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
Re: Active response not working in 2.9.0.4 ? Tudor Panaitescu (Mar 19)
snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)
Re: snort logging both to syslog and unified2 Tudor Panaitescu (Jan 19)

Vasilakis Georgios

Snort doesn't recognize traffic Vasilakis Georgios (Jan 24)
ΑΠ: Snort doesn't recognize traffic Vasilakis Georgios (Jan 25)

Victor Julien

Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Victor Julien (Mar 21)

Victor Roemer

Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 02)
Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 02)
Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 01)
Re: Sensitive Data Preprocessor: logging single matches Victor Roemer (Mar 01)

vincent

Re: Snort 2.9.0.3 Now Available vincent (Jan 07)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap vincent (Feb 11)
Re: Snort 2.9.0.3 Now Available vincent (Jan 03)
Re: Snort 2.9.0.3 Now Available vincent (Jan 04)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap vincent (Feb 11)
ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. vincent (Jan 04)
Snort 2.9.0.4 Build 111 packages for RHEL5.x and RHEL6.x vincent (Mar 01)
Re: ERROR: snort.conf(79) Undefined variable in the string: !$ALL_PROX. vincent (Jan 04)
Snort 2.9.0.4 Build 111 packages for RHEL5.x and RHEL6.x vincent (Mar 01)
Snort 2.9.0.4 Build 111 packages for RHEL5.x and RHEL6.x vincent (Mar 02)
Re: Problems in compiling snort-2.9.0.3 with daq-0.5 vincent (Jan 26)

vishesh kumar

Initial snort.conf vishesh kumar (Jan 27)
Test snort rules vishesh kumar (Jan 24)

waldo kitty

Re: Homebrew Snort Reactive/Unified2 output waldo kitty (Mar 30)
Re: solved. Re: qualifying ipfw for freebsd port of 2.9.0.3 waldo kitty (Feb 04)
Re: how to test snort rules? waldo kitty (Feb 09)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
Re: Smoking Pig Update (PulledPork) waldo kitty (Mar 29)
Re: gen-msg.map waldo kitty (Jan 30)
Re: Snort Deployment Configurations waldo kitty (Feb 03)
Re: what does this mean? waldo kitty (Jan 20)
Re: threshold.conf and suppress 119 19 waldo kitty (Jan 22)
Re: snort 2.9.0.4 not logging waldo kitty (Mar 15)
Re: guardian and oinkmaster.conf waldo kitty (Mar 02)
Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
Re: what does this mean? waldo kitty (Jan 20)
Re: Smoking Pig Update (PulledPork) waldo kitty (Mar 29)
Re: Intermittent Pulled Pork Error waldo kitty (Feb 18)
Re: Rules with SDF options cannot have other detection options in the same rule waldo kitty (Feb 01)
Re: Is there an easy way of knowing if your definitions are updated? waldo kitty (Jan 14)
Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
Re: sid-msg.map incomplete again waldo kitty (Jan 25)
Re: Snort.org Blog: Google Groups are alive! waldo kitty (Feb 09)
Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
Re: [Emerging-Sigs] New Classification System Finalization waldo kitty (Jan 31)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? waldo kitty (Mar 21)
Re: Rules with SDF options cannot have other detection options in the same rule waldo kitty (Feb 01)
Re: (no subject) waldo kitty (Mar 02)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 waldo kitty (Jan 28)
Re: Intermittent Pulled Pork Error waldo kitty (Feb 17)
Re: Intermittent Pulled Pork Error waldo kitty (Feb 19)
what does this mean? waldo kitty (Jan 20)
Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
Re: Reliability of signatures waldo kitty (Feb 04)
Re: Reliability of signatures waldo kitty (Feb 04)
Re: Snort version vs Snort rules version waldo kitty (Jan 11)
Re: Snort.org Blog: Google Groups are alive! waldo kitty (Feb 09)
Re: [Snort-devel] Snort.org Blog: Google Groups are alive! waldo kitty (Feb 09)
Re: Emerging Threats Rules Problem waldo kitty (Jan 20)
Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
Re: Reliability of signatures waldo kitty (Feb 04)
Re: High FPs on New Stream5 Anomalies & Others waldo kitty (Jan 27)
Re: Is there an easy way of knowing if your definitions are updated? waldo kitty (Jan 15)
Re: How to display .log files into graphs? waldo kitty (Jan 12)
Re: Reliability of signatures waldo kitty (Feb 04)
Re: Cannot find alert waldo kitty (Feb 09)
Re: FP on 18372 waldo kitty (Feb 16)
Re: snort startup inside a vm waldo kitty (Feb 01)
Re: snort inline (non-drop mode) br0 waldo kitty (Feb 01)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 waldo kitty (Jan 28)
Re: oinkmaster and so rules.. FAQ broken? waldo kitty (Feb 08)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
Re: Is there an easy way of knowing if your definitions are updated? waldo kitty (Jan 14)
Re: snort thresholding/event_filter broken? Doesthresholding work at all in snort? waldo kitty (Jan 25)
Re: Intermittent Pulled Pork Error waldo kitty (Feb 18)

Weir, Jason

Re: Intermittent Pulled Pork Error Weir, Jason (Feb 17)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 17)
Snort 2.9.0.3 & Phil Wood's modified libpcap Weir, Jason (Feb 08)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 17)
Re: FP on 18372 Weir, Jason (Feb 16)
Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody? Weir, Jason (Mar 21)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Weir, Jason (Feb 08)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Weir, Jason (Feb 08)
Re: Snort 2.9.0.3 & Phil Wood's modified libpcap Weir, Jason (Feb 08)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 18)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 17)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 16)
OT: Debian\Snort Howto Weir, Jason (Feb 15)
Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Weir, Jason (Mar 18)
Intermittent Pulled Pork Error Weir, Jason (Feb 16)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 16)
GPL sig 1313 Weir, Jason (Mar 18)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 18)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 16)
FP on 5803 Weir, Jason (Feb 17)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
Re: what does this mean? Weir, Jason (Jan 20)
Re: Intermittent Pulled Pork Error Weir, Jason (Feb 16)
FP on 18372 Weir, Jason (Feb 16)
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
Re: thresholding not working Weir, Jason (Jan 19)
Re: GPL sig 1313 Weir, Jason (Mar 18)

Will Metcalf

Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Will Metcalf (Jan 31)
Re: snort inline (non-drop mode) br0 Will Metcalf (Feb 01)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Will Metcalf (Jan 28)
Re: Question about a Snort rule Will Metcalf (Feb 25)
Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0 Will Metcalf (Jan 28)
Re: OT: Gentoo users please read Will Metcalf (Mar 29)
Re: [Emerging-Sigs] Matt Jonkman in the new Hakin9 Will Metcalf (Feb 04)

Yandry

Help !! Yandry (Mar 07)
Help !! Yandry (Mar 07)

Youngquist, Jason R.

problem tuning out one particular rule Youngquist, Jason R. (Mar 30)
snort rule tuning and weeding out false positives Youngquist, Jason R. (Mar 17)

Previous period

Next period