security.ids.snort.sigs (thread)

Land Attack, Ashley Thomas
- Re: Land Attack, Phil Wood
  - Re: Land Attack, Ashley Thomas
Help with content rules looking for the absence of a hex pattern (large ICMP modification), Matt Kettler
Nubie questions, Tom Shaw
Fwd: Re: [Snort-users] L3 Retriever Ping False Alarms, netsec novice
- Re: Fwd: Re: [Snort-users] L3 Retriever Ping False Alarms, Ed Davison
- Re: Fwd: Re: [Snort-users] L3 Retriever Ping False Alarms, netsec novice
Re: [Snort-users] Content list 2, larc
"WEB-ATTACKS mail command attempt" - False Positives, Lars Borland
Rule for LIOTEN.WORM, Donovan.Tyler
Signature 1567 vs. 1568 (root.asp), Melanie Rieback
- RE: Signature 1567 vs. 1568 (root.asp), Hicks, John
Content Rule, Aditya
SID 604 points to wrong reference., Mathew Johnston
Yahoo IM Client Logon, spy guy
- RE: Yahoo IM Client Logon, Kreimendahl, Chad J
- RE: Yahoo IM Client Logon, David Augros
  - RE: Yahoo IM Client Logon, spy guy
- RE: Yahoo IM Client Logon, Kreimendahl, Chad J
  - Re: Yahoo IM Client Logon, J Irving
RE: EXPERIMENTAL WEB-CLIENT javascript URL host spoo fing attempt, Hicks, John
[OT] Am I the only one getting rejection notices from geo-spectrum.com?, Matt Kettler
Preprocessors and SIDs, Rodrigo Buarque Ramos
- Re: Preprocessors and SIDs, Matt Kettler
  - Re: Preprocessors and SIDs, Nigel Houghton
ntpdx overflow attempt sig triggered by ntpdc query, James-lists
- ntpdx overflow attempt sig triggered by ntpdc query, james
redundant oracle rules: 1692 & 1693, Andrew Hintz \(Drew\)
- redundant oracle rules: 1692 & 1693, Andrew Hintz \(Drew\)
EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt, Svein Erik Søberg
- Re: EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt, remember-handsworth
  - Re: EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt, Matt Kettler
    - Re: EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt, Matt Kettler
    - Re: EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt, Michael Scheidell
Signature: EXPLOIT ssh CRC32 overflow filler, Jukka Juslin
- Re: Signature: EXPLOIT ssh CRC32 overflow filler, Matt Kettler
Re: [Snort-sigs] kadmind exploit rules, anakata
- Re: kadmind exploit rules, Chris Green
MSADC, remember-handsworth
- Re: MSADC, Russell Fulton
snort-rules CURRENT update @ Fri Dec 6 06:25:07 2002, bmc
Mail-Worm Holar.C, ElbTec GmbH
hacking up the portscan preprocessor, John Hally
Help w/multiple content matching, John Hally
- Re: Help w/multiple content matching, Jens Krabbenhoeft
Snort Alert [1:1411:0] ) (etc) alerts, Michael Boman
- Re: Snort Alert [1:1411:0] ) (etc) alerts, Jens Krabbenhoeft
Content list 2, Aditya
- Re: Content list 2, larc
Sid 488, Mathew Johnston
- Re: Sid 488, Byron Copeland
SID 1288 WEB-FRONTPAGE /_vti_bin/ access, Hicks, John
SIDs 1293 & 1294 too general?, Bob Dehnhardt
FYI: Packet Log of port 57 Scans, Robert Wagner
Web Rules confusing me, Brian Jameson
- Re: Web Rules confusing me, Matt Kettler
- Web Rules confusing me, Brian Jameson
  - Re: Web Rules confusing me, Phillip G Deneault
Please Help me, Hany Tawakkol
(no subject), John Hally
- (no subject), John Hally
RE: Port 57 Scans, Tim Hillyard, Monitored Security
- Re: Port 57 Scans, Mike Rondello
- Re: Port 57 Scans, Mike Rondello
Re: Snort online sig DB., Brian
Autoreply: Re: EXPERIMENTAL SIDs, rolandomorales
Re: EXPERIMENTAL SIDs, Chris Green