security.ids.snort.sigs (date)

November 28, 2002

Snort online sig DB., Mathew Johnston
Re: OTHER-IDS SecureNetPro traffic, Erek Adams
Re: EXPERIMENTAL SIDs, Russell Fulton
OTHER-IDS SecureNetPro traffic, Rodrigo Buarque Ramos
EXPERIMENTAL SIDs, Rodrigo Buarque Ramos

November 27, 2002

RE: Port 57 Scans, Hicks, John
Re: Port 57 Scans, Matt Kettler
Re: Rules to detect W32/Opaserv.worm attack, Joe Stewart
Rules to detect W32/Opaserv.worm attack, jo cam

November 26, 2002

(no subject), Joseph Nuara
Re: List of port, Matt Kettler
Re: Re: [Snort-users] Snort doesn't detect W32/Opaserv.worm attack, Joe Stewart
Help Snortcenter, Colin . Slevin
Can't download snortrules.tar.gz, Scott Nursten
Re: Snort doesn't detect W32/Opaserv.worm attack, Scott Nursten
List of port, Adrien Dauchez
need sig for windows rpc d o s., lipan
Re: signature request, Brian

November 25, 2002

signature request, Don
snort-rules CURRENT update @ Mon Nov 25 06:25:08 2002, bmc

November 24, 2002

Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Brian
Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Brian
Re: Sig for CVE-1999-0675, Brian
Re: Uricontent issue in sid 1519, Brian
Re: Question about signature ID 107, Brian

November 23, 2002

Sig for CVE-1999-0675, Ashley Thomas

November 22, 2002

Re: Rule Needed: IE Cross Site Scripting Exploit, Matt Kettler
RE: Alert 110:2, Matt Kettler
Rule Needed: IE Cross Site Scripting Exploit, Chip Kelly

November 21, 2002

Re: Multiple Content entries, Brian
Re: Multiple Content entries, Matt Kettler
RE: MDAC signature, Slighter, Tim
Multiple Content entries, John Hally
Re: false +ves with new buffer overflow rules, Brian
false +ves with new buffer overflow rules, Russell Fulton
Re: MDAC signature, Brian
Help, Colin . Slevin
Re: MDAC signature, Dan Lawrence
MDAC signature, Slighter, Tim
RE: Alert 110:2, Mathew Johnston
Re: Writing a sig for Hotbar, Chris Green
Re: How does snort handles anti-IDS software?, Chris Green

November 20, 2002

Writing a sig for Hotbar, Brian Blake
Re: How does snort handles anti-IDS software?, Matt Kettler
Re: How does snort handles anti-IDS software?, tangpl

November 19, 2002

Re: Questionable classification (Mail rejected), Matt Kettler
Re: Snort rules database online, Brian
Re: http UserAgent, remember-handsworth
Snort rules database online, Mathew Johnston
Alert 110:2, Mathew Johnston
snort-rules CURRENT update @ Tue Nov 19 06:25:08 2002, bmc
http UserAgent, John Hally
RE: Questionable classification (Mail rejected), Moyer, Shawn
Re: Questionable classification (Mail rejected), Cody Hatch
Re: Questionable classification (Mail rejected), Matt Kettler
RE: Questionable classification [Live nude girls! Ge t the lotion!], Moyer, Shawn
Re: Questionable classification, Cody Hatch

November 18, 2002

Re: Questionable classification, Matt Kettler
Re: Questionable classification, Erek Adams
Questionable classification, Cody Hatch
Questionable classification, Cody Hatch
Re: How does snort handles anti-IDS software?, Chris Green
Re: Rule policy, Erek Adams
Re: snort-rules STABLE update @ Sat Nov 16 19:30:32 2002, Michael Scheidell
How does snort handles anti-IDS software?, Roanne Tang

November 17, 2002

snort-rules STABLE update @ Sat Nov 16 19:30:32 2002, bmc
Re: kadmind exploit rules, Chris Green
snort-rules CURRENT update @ Sat Nov 16 19:30:32 2002, bmc

November 15, 2002

Re: Rule policy, Mathew Johnston
Re: Rule policy, Brian
Re: Rule policy, Mathew Johnston
DNS, Joseph Gresham
Re: Rule policy, Matt Kettler

November 14, 2002

Re: Rule policy, Mathew Johnston
Re: kadmind exploit rules, Brian
Re: Rule policy, Brian
Rule policy, Mathew Johnston
kadmind exploit rules, remember-handsworth
RE: Klez Incoming, Sean T. Ballard
Re: Klez Incoming, Shane Williams
Bug: mysql quoting in barnyard || sid-msg.map in snort, Jens Krabbenhoeft

November 13, 2002

snort-rules STABLE update @ Wed Nov 13 13:04:43 2002, bmc
snort-rules CURRENT update @ Wed Nov 13 13:04:43 2002, bmc
Re: KaZaA 2.0 Connections, Sam Evans
Re: X11 outbound client connection detected - remove from snort 1.9 r uleset?, Brian

November 12, 2002

Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Andreas Östling
Re: KaZaA 2.0 Connections, Chris Green
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Brian
Re: KaZaA 2.0 Connections, Leandro Souza Costa
Blocking P2P Gnutella w/ snort, O'Flynn, Derek
Re: [Snort-sigs] snort rules update notification, Chris Green
snort rules update notification, Brian
snort-rules CURRENT update @ Tue Nov 12 06:25:07 2002, bmc
Re: hotmail logging, Brian
Re: Re: Autoupdate snort signature (esa valimaki), Brian
Re: sid:306 (vqServer) reference correction, Brian

November 11, 2002

(no subject), Christian Gast
RE: KaZaA 2.0 Connections, O'Flynn, Derek
RE: KaZaA 2.0 Connections, Coyle, Brian
Re: send rules, Brian
Teardrop sig needed, Ed Davison
Re: KaZaA 2.0 Connections, Phillip G Deneault
KaZaA 2.0 Connections, Leandro Souza Costa
send rules, alejandro corletti
RE: Creation of "log all from * except", Perciaccante, Robert
Re: teardrop sig needed, Ed Davison

November 10, 2002

Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Jason Haar
RE: Creation of "log all from * except", Russell Fulton
RE: Creation of "log all from * except", Perciaccante, Robert
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Russell Fulton
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Moyer, Shawn
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, スティーブ　ブラウン
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Brian

November 08, 2002

Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Erik Fichtner
RE: Creation of "log all from * except", Robert Wagner
RE: Creation of "log all from * except", Perciaccante, Robert
Re: W32/Braid@MM, remember-handsworth
Re: Creation of "log all from * except", Todd Holloway
Creation of "log all from * except", Perciaccante, Robert
RE: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Keith T. Morgan
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Jason Haar
Re: ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Brian
ATTACK RESPONSES 403 Forbidden looks inappropriate to me, Jason Haar
Re: new version for sid 1243, Russell Fulton

November 07, 2002

W32/Braid@MM, Tim Bogart
Re: new version for sid 1243, Russell Fulton
Re: Sid 853: wrap access, Brian
Re: new version for sid 1243, Chris Green
Re: Sid 853: wrap access, Steve Brown
new version for sid 1243, Russell Fulton

November 06, 2002

Re: Sid 853: wrap access, Brian
sid 308, ports reversed, Mathew Johnston
Missing revision numbers, Kreimendahl, Chad J
Sid 853: wrap access, Steve Brown

November 05, 2002

Yay, more missing classifications, Kreimendahl, Chad J
Re: No sid for new rule, Chris Green
Re: No sid for new rule, Brian
No sid for new rule, Russell Fulton

November 04, 2002

RE: Best snortsig for detecting FTP servers running on other port than 21?, O'Flynn, Derek
Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Mathew Johnston
OpenSSL Signature, Alexandre de Abreu
Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Mathew Johnston
Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Mathew Johnston
Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Mathew Johnston

November 02, 2002

Re: teardrop rule needed, Dragos Ruiu

November 01, 2002

teardrop rule needed, Ed Davison
Re: Sig ID 113 should have INTERNAL/EXTERNAL swapped., Brian
Uricontent issue in sid 1519, Sean Wheeler
RE: Combination of snort and argus, Lars Jørgensen IT