security.ids.snort.sigs (thread)

SID 332 and 325 seems the same, Anton Chuvakin
Snort on Win2k FTP server (not a router pc), Walter Pouwels
- Re: Snort on Win2k FTP server (not a router pc), Matt Kettler
SID 328, Anton Chuvakin
SID 327, Anton Chuvakin
SID 326, Anton Chuvakin
SID 325, Anton Chuvakin
Reference correction, sid 1293, 1294, 1295, Dale L. Handy, P.E.
YOONG Choen Hin/Engr - Sys/iSTT/ST Group is out of the office., yoong . choen . hin
- YOONG Choen Hin/Engr - Sys/iSTT/ST Group is out of the office., yoong . choen . hin
What are the alert message capabilities, Sewell, Michael K
- Re: What are the alert message capabilities, Matt Kettler
web-attacks.rules, Sonia K. Tsui
Root kit and "hackers defender" detection, Tony Johansson
- RE: Root kit and "hackers defender" detection, Robert Wagner
- RE: Root kit and "hackers defender" detection, Matt Kettler
which rule sets to use with 1.9 ?, Russell Fulton
rule possibly misfiring, Kreimendahl, Chad J
- Re: rule possibly misfiring, Chris Green
- RE: rule possibly misfiring, Kreimendahl, Chad J
  - Re: rule possibly misfiring, Chris Green
- RE: rule possibly misfiring, Kreimendahl, Chad J
  - Re: rule possibly misfiring, Chris Green
RE: MS-SQL Slammer worm signature, Arjen De Landgraaf
Slammer worm rule, Marcus Wu
spp_portscan2: portscan2-ignorehosts doesn't work, Roman Varga
- Re: spp_portscan2: portscan2-ignorehosts doesn't work, Matt Kettler
UDP-storm snortsig?, Jonas Vreintaal
proposed change to rule, Kreimendahl, Chad J
- Re: proposed change to rule, Chris Green
- RE: proposed change to rule, Kreimendahl, Chad J
  - Re: proposed change to rule, Chris Green
- RE: proposed change to rule, Kreimendahl, Chad J
  - Re: proposed change to rule, Chris Green
Re: SQL BO attacks, Stephane Nasdrovisky
MS-SQL Slammer Signature, soc.sql
nmap -b snort rule, cress1
- Re: nmap -b snort rule, Andreas Östling
RE: snort-rules CURRENT update @ Mon Jan 27 06:25:07 2003, Lars Jørgensen IT
- RE: snort-rules CURRENT update @ Mon Jan 27 06:25:07 2003, Erek Adams
  - Re: snort-rules CURRENT update @ Mon Jan 27 06:25:07 2003, Bennett Todd
    - Re: snort-rules CURRENT update @ Mon Jan 27 06:25:07 2003, Erek Adams
snort-rules CURRENT update @ Mon Jan 27 06:25:07 2003, bmc
ATTACK RESPONSES id check returned <blah> sigs, Jon
- Re: ATTACK RESPONSES id check returned <blah> sigs, Jason Brvenik
  - Re: ATTACK RESPONSES id check returned <blah> sigs, Jason
  - Re: ATTACK RESPONSES id check returned <blah> sigs, Jon
Re: snort-rules STABLE update @ Sat Nov 16 19:30:32 2002, Brian
Re: redundant oracle rules: 1692 & 1693, Brian
Re: Signature 1567 vs. 1568 (root.asp), Brian
- Re: Signature 1567 vs. 1568 (root.asp), Rich Adamson
RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
- Re: RE: [snort-cvs] CVS: snort - cazz, Brian
- RE: RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
  - Re: RE: [snort-cvs] CVS: snort - cazz, Brian
- RE: RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
snort-rules CURRENT update @ Sat Jan 25 21:26:07 2003, bmc
SQLSLAMMER signature, Dirk Mueller
- RE: SQLSLAMMER signature, Kreimendahl, Chad J
- RE: SQLSLAMMER signature, Michael . Advani
  - Re: SQLSLAMMER signature, Dirk Mueller
SID 322, Anton Chuvakin
SID 323, Anton Chuvakin
- Re: SID 323, Brian
  - MS-SQL Slammer worm signature, Jukka Juslin
    - Re: MS-SQL Slammer worm signature, Jonas Eriksson
P2P File Sharing Signatures?, Lorraine Cannavale
- RE: P2P File Sharing Signatures?, Terence Runge
Yahoo Instant Messenger Login, spy guy
- Re: Yahoo Instant Messenger Login, Erek Adams
RE: ATTACK RESPONSES id check returned root (sid:498 ), joe . pepin
ATTACK RESPONSES id check returned root (sid:498), m@xx
- Re: ATTACK RESPONSES id check returned root (sid:498), Jon
  - Re: ATTACK RESPONSES id check returned root (sid:498), Jason Haar
    - Re: ATTACK RESPONSES id check returned root (sid:498), Brian
- Re: ATTACK RESPONSES id check returned root (sid:498), Erek Adams
- Re: ATTACK RESPONSES id check returned root (sid:498), Brian
Re: TEST RULE for WhiteHat Security XST, Michael Scheidell
- Re: TEST RULE for WhiteHat Security XST, Brian
What is "FTP file_id.diz access" about?, Jason Haar
- Re: What is "FTP file_id.diz access" about?, Matt Kettler
  - Re: What is "FTP file_id.diz access" about?, Jim Forster
    - Re: What is "FTP file_id.diz access" about?, Jason Haar
    - Re: What is "FTP file_id.diz access" about?, Matt Kettler
    - Re: What is "FTP file_id.diz access" about?, Jim Forster
    - Re: What is "FTP file_id.diz access" about?, Brian
- RE: What is "FTP file_id.diz access" about?, Andrew Hintz \(Drew\)
Snort Signatures for Snort 1.8, Ahmed, Sajid
- Re: Snort Signatures for Snort 1.8, Erek Adams
Snort SID 998 (SAM Attempt), Mark Wilson
- Re: Snort SID 998 (SAM Attempt), Brian
mpg123 overflow signature, Erik Walthinsen
Info for SID 1432, Rui Martins
UPnP Rules, Andrew Rucker Jones
Snort on FTP server, Walter Pouwels
thousands of false positive alerts: spp_asn1: ASN.1 Attack: Datum length > packet length, Roman Varga
- Re: thousands of false positive alerts: spp_asn1: ASN.1 Attack: Datum length > packet length, Matt Kettler
snort-rules CURRENT update @ Tue Jan 21 17:12:16 2003, bmc
Local CodeRed infection, bthaler
- RE: Local CodeRed infection, Robert Wagner
  - Re: Local CodeRed infection, bthaler
    - Re: Local CodeRed infection, DataShark
- Re: Local CodeRed infection, Bamm Visscher
  - Re: Local CodeRed infection, bthaler
  - Re: Re: [Snort-sigs] Local CodeRed infection, Chris Green
Updates to the rules on the Website and CVS?, Christopher Lyon
SID 307 and SID 1382 misplaced?, Jon
RE: Welcome to the Snort-sigs mailing list (Digest mode), x x
SID 321, Anton Chuvakin
- Re: SID 321, Jim Becher
  - Re: SID 321, Anton Chuvakin
SID 320, Anton Chuvakin
a whole slew of old sig docs, Jon
SID 1292, Anton Chuvakin
SID 497, Anton Chuvakin
SID 496, Anton Chuvakin
SID 498, Anton Chuvakin
SID 495, Anton Chuvakin
RIAA "hack-back" sig anyone?, Florin Andrei
- Re: RIAA "hack-back" sig anyone?, dreamwvr@xxxxxxxxxxxx
  - Re: RIAA "hack-back" sig anyone?, Sam Evans
    - Re: Re: RIAA "hack-back" sig anyone?, Javier Liendo
    - Re: Re: RIAA "hack-back" sig anyone?, Hugo van der Kooij
    - Re: Re: RIAA "hack-back" sig anyone?, Florin Andrei
SID 494, Anton Chuvakin
wrong signature, Ashley Thomas
Russell Fulton's " patch or sig changes, Jon
SIDs 981-983 changes, Jon
- RE: SIDs 981-983 changes, Kreimendahl, Chad J
SID 1156, Apurv Singh
Does anyone have a good p2p specific sig?, David Chait
SID 362, Anton Chuvakin
SID 356, Anton Chuvakin
SID 335, Anton Chuvakin
ID Check returned X signatures, Mathew Johnston
- Re: ID Check returned X signatures, Anton A. Chuvakin
- Re: ID Check returned X signatures, Russell Fulton
SID 334, Anton Chuvakin
Reference for sid 1200, Mathew Johnston
- Re: Reference for sid 1200, Michael Scheidell
BLA, Tim Bogart
Slapper signature ??, Ashley Thomas
- Re: Slapper signature ??, Jukka Juslin
  - Re: [Snort-sigs] Slapper signature ??, Ashley Thomas
RE: EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt, Svein Erik Søberg
snort v1.9 and iptables, Roanne Tang
- Re: snort v1.9 and iptables, Roanne Tang
  - Re: Re: snort v1.9 and iptables, Rich Adamson
    - Re: Re: snort v1.9 and iptables, Roanne Tang
    - Re: Re: snort v1.9 and iptables, Russell Fulton
    - Re: Re: snort v1.9 and iptables, Jed Haile
    - Re: Re: snort v1.9 and iptables, スティーブ　ブラウン
  - Re: Re: snort v1.9 and iptables, Russell Fulton
- RE: Re: snort v1.9 and iptables, Mustafa Özbakır
  - Snort-inline error, Roanne Tang
    - Re: Snort-inline error, Roanne Tang
    - Re: Snort-inline error, Roanne Tang