security.ids.snort.sigs (thread)

sid:306 (vqServer) reference correction, Andrew Hintz \(Drew\)
Need some help here gang...., Noller, Gregory
- Re: Need some help here gang...., Matt Kettler
- Re: Need some help here gang...., Matt Kettler
- RE: Need some help here gang...., McCammon, Keith
- RE: Need some help here gang...., Miller, Eoin
here's a description for sid:480, Andrew Hintz \(Drew\)
Modification to false neg. info for sid:630, Andrew Hintz \(Drew\)
here's pcap for sid:478 (broadscan), Andrew Hintz \(Drew\)
Rules question, Tim Bernhardson
- Re: Rules question, Chris Baker
- RE: Rules question, Esler, Joel
- RE: Rules question, Moyer, Shawn
- RE: Rules question, Tim Bernhardson
  - RE: Rules question, Erek Adams
  - Re: Rules question, Moyer, Shawn
    - Re: Rules question, Erek Adams
    - Re: Rules question, Moyer, Shawn
    - Re: Rules question, Erek Adams
  - Re: Rules question, Chris Green
FALSES ===> X11 outbound client connection detected, Noller, Gregory
Problems with .ida rules in web-iis.rules, Russell Fulton
- Re: Problems with .ida rules in web-iis.rules, Erek Adams
Large UDP packet false alarms?, John York
- RE: Large UDP packet false alarms?, Moyer, Shawn
(no subject), Katsushige Abe
- Re: (no subject), hackerwacker
Re: SMB DOS: New Tool, Ian Macdonald
- RE: SMB DOS: New Tool, Wirth, Jeff
updates snortrules-stable.tar.gz, Philipp Moser
- Re: updates snortrules-stable.tar.gz, Moyer, Shawn
missing classes in new rules, Kreimendahl, Chad J
Apache/mod-ssl probe signature, one more.., Wirth, Jeff
Linux.Slapper.Worm, Tim Bogart
Re: Snort-sigs digest, Vol 1 #348 - 2 msgs, Gerritsj1
Stupid question about Snort, Sam Ng
- Re: Stupid question about Snort, Chris Green
- Re: Stupid question about Snort, Michael casale
RE: Apache Scalp distributing ->bugtrac.c UDP DOS tool sig yet?, Robert Wagner
- RE: Apache Scalp distributing ->bugtrac.c UDP DOS tool sig yet?, Robert Wagner
Sig for openssl exploit, Shane Williams
nested tagging?, JC
SSL worm sigs, Brian Caswell
- Re: SSL worm sigs, Shane Williams
- Re: SSL worm sigs, Shane Williams
Fw: @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability (a090902-1), Ian Macdonald
Local scan only, rick bohaty
- Re: Local scan only, Ian Macdonald
sig for CERT CA-2002-27 (OpenSSL worm probe), Brian Coyle
- Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Matthew Jonkman
  - Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Erik Alexander Løkken
- Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Shane Williams
- Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Mark Brochu
  - Re: Re: sig for CERT CA-2002-27 (OpenSSL worm probe), hackerwacker
    - Re: Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Mark Brochu
    - Re: Re: sig for CERT CA-2002-27 (OpenSSL worm probe), Gary Flynn
Something strange with snort, Philipp Moser
- Re: Something strange with snort, Russell Fulton
- Re: Something strange with snort, daniel_clemens
New Apache/OpenSSL worm backdoor sig, Jon
tip of the day, Andreas Östling
- RE: tip of the day, Esler, Joel
  - Re: tip of the day, Andreas Östling
  - RE: tip of the day, Goldmoon
    - Re: tip of the day, Ian Macdonald
ORACLE misparsed login response, Matthew Jonkman
SQL Backdoor (very beta), Thomas Sjögren
SID: 1156, WEB-MISC apache DOS attempt, Sam Ng
update WEB-IIS view source via translate header, Ian Macdonald
Webdav stuff,, Ian Macdonald
Anyone tried tagging?, Zann
SID: 407, Erek Adams
- RE: SID: 407, Erickson Brent W KPWA
  - RE: SID: 407, Erek Adams
- Re: SID: 407, Matt Kettler
  - Re: SID: 407, John Sage
How does Snort protect itself ?, KD Rajkumar
- How does Snort protect itself ?, KD Rajkumar
  - Re: How does Snort protect itself ?, Chris Green
- Re: How does Snort protect itself ?, Michael casale
Rules: Excluding Hosts, Joe Warner
- Re: Rules: Excluding Hosts, Matt Kettler
  - Re: Rules: Excluding Hosts, Joe Warner
Rule for Yahoo Login (secure), spyguy
- Re: Rule for Yahoo Login (secure), Matt Kettler
- Re: Rule for Yahoo Login (secure), Ian Macdonald
  - Re: Rule for Yahoo Login (secure), Matt Kettler
    - Re: Rule for Yahoo Login (secure), spyguy
    - Re: Rule for Yahoo Login (secure), Matt Kettler
- RE: Rule for Yahoo Login (secure), Matthew Wagenknecht
  - Re: Rule for Yahoo Login (secure), Ian Macdonald
- RE: Rule for Yahoo Login (secure), Hicks, John
RE: very new to snort, need help, McCammon, Keith
Internet explorer local file read compromise, Ian Macdonald
Unknown unidentified hacks?, Noller, Gregory
- Re: Unknown unidentified hacks?, Ian Macdonald
  - Re: Unknown unidentified hacks?, Russell Fulton
Re: BrownOrifice, Ian Macdonald
virus content more than a packet, Zann
- Re: virus content more than a packet, Matt Kettler
Multiple CONTENT checks in a rule, Paul Smith
- Re: Multiple CONTENT checks in a rule, Chris Green
  - Re: Multiple CONTENT checks in a rule, Paul Smith
Both netbios ports, Thomas Sjögren
- Re: Both netbios ports, Tod Beardsley
- RE: Both netbios ports, Moyer, Shawn
  - very new to snort, need help, Ha Hoang
    - Re: very new to snort, need help, Erek Adams
    - Snort on FreeBSD, Ha Hoang
    - Re: Snort on FreeBSD, Matt Kettler
  - Re: Both netbios ports, Thomas Sjögren
Stream4 and dsize, Sam Ng
- Re: Stream4 and dsize, Chris Green
  - RE: Stream4 and dsize, Sam Ng
    - RE: Stream4 and dsize, Russell Fulton
    - RE: Stream4 and dsize, Ian Macdonald
    - RE: Stream4 and dsize, Sam Ng
rule for @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability, Ian Macdonald
- RE: rule for @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability, McCammon, Keith
Rules for detecting MS Sql and Oracle server errors in asp code., Ian Macdonald
- Re: Rules for detecting MS Sql and Oracle server errors in asp code., Ian Macdonald
Fw: [AP] Oracle Reports Server Information Disclosure Vulnerability, Ian Macdonald
- Re: [AP] Oracle Reports Server Information Disclosure Vulnerability, Ian Macdonald
Re: Where'd the 1.8.xx sigs go?, Brian
Rule errors :unknown keyword 'flow", Tim
- Re: Rule errors :unknown keyword 'flow", Erek Adams
- Re: Rule errors :unknown keyword 'flow", Moyer, Shawn
  - RE: Rule errors :unknown keyword 'flow", Brian Bevers
  - Re: Rule errors :unknown keyword 'flow", Brian
    - Re: Rule errors :unknown keyword 'flow", Moyer, Shawn
Getting lots of hits on sid:1841, Russell Fulton
- Re: Getting lots of hits on sid:1841, John Sage
- Re: Getting lots of hits on sid:1841, Russell Fulton
  - Re: Getting lots of hits on sid:1841, John Sage
- Re: Getting lots of hits on sid:1841, Brian
- Re: Getting lots of hits on sid:1841, Chris Green
web-attacks ps rules, Joe McAlerney
- Re: web-attacks ps rules, Brian