security.ids.snort.sigs (date)

September 30, 2002

Re: Need some help here gang...., Matt Kettler
Re: Need some help here gang...., Matt Kettler
RE: Need some help here gang...., Miller, Eoin
RE: Need some help here gang...., McCammon, Keith
sid:306 (vqServer) reference correction, Andrew Hintz \(Drew\)
Need some help here gang...., Noller, Gregory
here's a description for sid:480, Andrew Hintz \(Drew\)
Modification to false neg. info for sid:630, Andrew Hintz \(Drew\)
here's pcap for sid:478 (broadscan), Andrew Hintz \(Drew\)

September 26, 2002

Re: Rules question, Erek Adams
Re: Rules question, Chris Green
Re: Rules question, Moyer, Shawn
Re: Rules question, Erek Adams
Re: Rules question, Moyer, Shawn
RE: Rules question, Erek Adams

September 25, 2002

RE: Rules question, Tim Bernhardson
RE: Rules question, Moyer, Shawn
RE: Rules question, Esler, Joel
Re: Rules question, Chris Baker
Rules question, Tim Bernhardson

September 24, 2002

Re: (no subject), hackerwacker

September 23, 2002

Re: Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Gary Flynn
Re: Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Mark Brochu
Re: Re: sig for CERT CA-2002-27 (OpenSSL worm probe), hackerwacker
Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Mark Brochu
FALSES ===> X11 outbound client connection detected, Noller, Gregory

September 21, 2002

RE: Large UDP packet false alarms?, Moyer, Shawn

September 20, 2002

Re: Problems with .ida rules in web-iis.rules, Erek Adams
Problems with .ida rules in web-iis.rules, Russell Fulton

September 19, 2002

Large UDP packet false alarms?, John York
RE: SMB DOS: New Tool, Wirth, Jeff
(no subject), Katsushige Abe

September 18, 2002

Re: SMB DOS: New Tool, Ian Macdonald
Re: updates snortrules-stable.tar.gz, Moyer, Shawn
updates snortrules-stable.tar.gz, Philipp Moser

September 17, 2002

missing classes in new rules, Kreimendahl, Chad J
Apache/mod-ssl probe signature, one more.., Wirth, Jeff
Linux.Slapper.Worm, Tim Bogart
Re: Local scan only, Ian Macdonald
Re: Stupid question about Snort, Michael casale
Re: Stupid question about Snort, Chris Green
Re: Snort-sigs digest, Vol 1 #348 - 2 msgs, Gerritsj1
Stupid question about Snort, Sam Ng
Re: SSL worm sigs, Shane Williams

September 16, 2002

RE: Apache Scalp distributing ->bugtrac.c UDP DOS tool sig yet?, Robert Wagner
RE: Apache Scalp distributing ->bugtrac.c UDP DOS tool sig yet?, Robert Wagner
Sig for openssl exploit, Shane Williams
Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Shane Williams
Re: SSL worm sigs, Shane Williams
Re: How does Snort protect itself ?, Michael casale
Re: How does Snort protect itself ?, Chris Green
nested tagging?, JC
SSL worm sigs, Brian Caswell
Fw: @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability (a090902-1), Ian Macdonald
How does Snort protect itself ?, KD Rajkumar
Local scan only, rick bohaty
Re: Something strange with snort, daniel_clemens

September 15, 2002

Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Erik Alexander Løkken
Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Matthew Jonkman
sig for CERT CA-2002-27 (OpenSSL worm probe), Brian Coyle

September 14, 2002

Re: Something strange with snort, Russell Fulton
Something strange with snort, Philipp Moser

September 13, 2002

Re: tip of the day, Ian Macdonald
New Apache/OpenSSL worm backdoor sig, Jon
RE: tip of the day, Goldmoon
Re: tip of the day, Andreas Östling
RE: tip of the day, Esler, Joel
tip of the day, Andreas Östling

September 12, 2002

ORACLE misparsed login response, Matthew Jonkman
SQL Backdoor (very beta), Thomas Sjögren

September 11, 2002

SID: 1156, WEB-MISC apache DOS attempt, Sam Ng
RE: Stream4 and dsize, Sam Ng

September 10, 2002

update WEB-IIS view source via translate header, Ian Macdonald
Webdav stuff,, Ian Macdonald
Re: SID: 407, John Sage
Anyone tried tagging?, Zann
Re: SID: 407, Matt Kettler
RE: SID: 407, Erek Adams
RE: SID: 407, Erickson Brent W KPWA

September 09, 2002

SID: 407, Erek Adams
RE: Rule for Yahoo Login (secure), Hicks, John
Re: Rule for Yahoo Login (secure), Ian Macdonald
Re: Rule for Yahoo Login (secure), Matt Kettler
Re: Rule for Yahoo Login (secure), spyguy
RE: Rule for Yahoo Login (secure), Matthew Wagenknecht

September 08, 2002

How does Snort protect itself ?, KD Rajkumar

September 07, 2002

Re: Rules: Excluding Hosts, Joe Warner
Re: Rules: Excluding Hosts, Matt Kettler
Rules: Excluding Hosts, Joe Warner
Re: Both netbios ports, Thomas Sjögren
Rule for Yahoo Login (secure), spyguy
RE: Stream4 and dsize, Ian Macdonald
Re: Rule for Yahoo Login (secure), Ian Macdonald
Re: Rule for Yahoo Login (secure), Matt Kettler
Re: Rule for Yahoo Login (secure), Matt Kettler

September 06, 2002

Snort on FreeBSD, Ha Hoang
Re: Snort on FreeBSD, Matt Kettler
RE: Stream4 and dsize, Russell Fulton
RE: very new to snort, need help, McCammon, Keith
Re: very new to snort, need help, Erek Adams
very new to snort, need help, Ha Hoang
RE: Both netbios ports, Moyer, Shawn
RE: Stream4 and dsize, Sam Ng
Re: Unknown unidentified hacks?, Russell Fulton

September 05, 2002

Internet explorer local file read compromise, Ian Macdonald
Re: Unknown unidentified hacks?, Ian Macdonald
Unknown unidentified hacks?, Noller, Gregory
Re: virus content more than a packet, Matt Kettler
Re: BrownOrifice, Ian Macdonald
virus content more than a packet, Zann
Re: Both netbios ports, Tod Beardsley

September 04, 2002

Re: Getting lots of hits on sid:1841, Chris Green
Re: Multiple CONTENT checks in a rule, Paul Smith
Re: Multiple CONTENT checks in a rule, Chris Green
Re: Stream4 and dsize, Chris Green
Multiple CONTENT checks in a rule, Paul Smith
Both netbios ports, Thomas Sjögren
Stream4 and dsize, Sam Ng
Re: Rules for detecting MS Sql and Oracle server errors in asp code., Ian Macdonald

September 03, 2002

RE: rule for @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability, McCammon, Keith
rule for @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability, Ian Macdonald
Rules for detecting MS Sql and Oracle server errors in asp code., Ian Macdonald
Re: [AP] Oracle Reports Server Information Disclosure Vulnerability, Ian Macdonald
Fw: [AP] Oracle Reports Server Information Disclosure Vulnerability, Ian Macdonald
Re: Getting lots of hits on sid:1841, Brian
Re: web-attacks ps rules, Brian
Re: Where'd the 1.8.xx sigs go?, Brian
Re: Rule errors :unknown keyword 'flow", Moyer, Shawn
Re: Rule errors :unknown keyword 'flow", Brian
RE: Rule errors :unknown keyword 'flow", Brian Bevers
Re: Rule errors :unknown keyword 'flow", Moyer, Shawn
Re: Getting lots of hits on sid:1841, John Sage
Re: Rule errors :unknown keyword 'flow", Erek Adams
Rule errors :unknown keyword 'flow", Tim

September 02, 2002

Re: Getting lots of hits on sid:1841, Russell Fulton
Re: Getting lots of hits on sid:1841, John Sage
Getting lots of hits on sid:1841, Russell Fulton
web-attacks ps rules, Joe McAlerney