security.ids.snort.sigs (thread)

RE: [Snort-devel] rules problem relating to offset?, Kreimendahl, Chad J
rules problem relating to offset?, Kreimendahl, Chad J
- Re: rules problem relating to offset?, Chris Green
- Re: [Snort-devel] rules problem relating to offset?, Brian
no classtype 4 webdavrules in snortrules-stable - Mon Mar 31 01:15:29 2003 GMT, Sean Wheeler
snort-rules CURRENT update @ Sat Mar 29 06:25:06 2003, bmc
snort-rules CURRENT update @ Fri Mar 28 06:25:06 2003, bmc
RE: DNS Zone Transfer False Positive, James Hoagland
RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
- Re: RE: [snort-cvs] CVS: snort - cazz, Brian
snort-rules CURRENT update @ Wed Mar 26 17:04:05 2003, bmc
Question about defining the home_net, Randle, Tommie (Contractor)
- Re: Question about defining the home_net, Matt Kettler
snort-rules CURRENT update @ Wed Mar 26 06:25:06 2003, bmc
Submitt new rules, rmkml
- Re: Submitt new rules, Brian
  - Re: Submitt new rules, rmkml
[Fwd: Snort Signature for WedDAV], Frank Knobbe
- Re: [Fwd: Snort Signature for WedDAV], Frank Knobbe
snort-rules CURRENT update @ Thu Mar 20 18:53:49 2003, bmc
snort-rules STABLE update @ Thu Mar 20 18:53:49 2003, bmc
- Re: snort-rules STABLE update @ Thu Mar 20 18:53:49 2003, Michael Scheidell
portscan2-ignoreports...anyone get it to work???, Jeff Oliveto
WebDAV nessus script?, Tobia,Paul
- Re: WebDAV nessus script?, Joe Stewart
  - Re: WebDAV nessus script?, Frank Knobbe
    - Re: WebDAV nessus script?, Joe Stewart
    - Re: WebDAV nessus script?, daniel.clemens
  - Re: WebDAV nessus script?, Michael Scheidell
    - Re: WebDAV nessus script?, Frank Knobbe
  - Re: WebDAV nessus script?, Brian
    - Re: WebDAV nessus script?, Jason Haar
    - Re: WebDAV nessus script?, Frank Knobbe
    - Re: WebDAV nessus script?, Jason Haar
    - Re: WebDAV nessus script?, Frank Knobbe
    - Re: WebDAV nessus script?, Jason Haar
- RE: WebDAV nessus script?, Tobia,Paul
  - Re: WebDAV nessus script?, Jason Haar
    - Re: WebDAV nessus script?, Frank Knobbe
    - Re: WebDAV nessus script?, Bennett Todd
    - Re: WebDAV nessus script?, Frank Knobbe
    - Re: WebDAV nessus script?, Frank Knobbe
Possible WebDAV Exploit Signature., Muhammad Faisal Rauf Danka
- Possible WebDAV Exploit Signature., Muhammad Faisal Rauf Danka
  - Re: Possible WebDAV Exploit Signature., Frank Knobbe
Alleged webdav exploit code, erics
- Re: Alleged webdav exploit code, Joerg Weber
- Re: Alleged webdav exploit code, Mark Tinberg
- Re: Alleged webdav exploit code, mailx@xxxxxxxxxxxxx
Symantec Sig for webdav, Mail List Account
- Re: Symantec Sig for webdav, Frank Knobbe
  - Re: Symantec Sig for webdav, Gary Flynn
- Re: Symantec Sig for webdav, Frank Knobbe
snort-rules CURRENT update @ Tue Mar 18 06:25:07 2003, bmc
snort using mysql!, Rolf Brusletto
- Re: snort using mysql!, Erek Adams
  - Re: snort using mysql!, Hugo van der Kooij
    - RE: snort using mysql!, Steve Wray
    - RE: snort using mysql!, Hugo van der Kooij
Bug in SID 1070, Frank Knobbe
IIS WebDav sig?, Lazarakis, Dan
- Re: IIS WebDav sig?, Frank Knobbe
- Re: IIS WebDav sig?, Frank Knobbe
Sig for Notes RPC overflow?, Frank Knobbe
SID 1545: DOS Cisco attempt, D PH
- Re: SID 1545: DOS Cisco attempt, Kenneth G. Arnold
- Re: [Snort-users] SID 1545: DOS Cisco attempt, Rich Adamson
- Re: SID 1545: DOS Cisco attempt, twig les
- Re: SID 1545: DOS Cisco attempt, D PH
  - Re: Re: [Snort-users] SID 1545: DOS Cisco attempt, Brian
RE: snort virus rules etc..., Hyman W Logan
- Re: RE: snort virus rules etc..., Erek Adams
Q-backdoor variant signature, Jon
probelm with resp keyword, parikshit
- Re: probelm with resp keyword, Matt Kettler
Probelm with react and resp keywords, parikshit
problem with react keyword, parikshit
Facing problem with react keyword.!, parikshit
(no subject), Melissa Nameth
- Re: (no subject), Matt Kettler
Signature for Kazaa Lite, Trevor Daucsavage
- Re: Signature for Kazaa Lite, Anne Carasik
- Re: Signature for Kazaa Lite, Chris Green
  - MP3 Signature, Kenneth G. Arnold
    - Re: MP3 Signature, Hugo van der Kooij
    - Re: MP3 Signature, Kenneth G. Arnold
    - Re: MP3 Signature, Hugo van der Kooij
    - Re: MP3 Signature, Erek Adams
    - Re: MP3 Signature, bfdi533
    - Re: MP3 Signature, Erek Adams
    - Re: MP3 Signature, Kenneth G. Arnold
- RE: Signature for Kazaa Lite, Harris, Michael C.
  - Re: Signature for Kazaa Lite, Sam Evans
    - Re: Re: Signature for Kazaa Lite, Erek Adams
- RE: Re: Signature for Kazaa Lite, Trevor Daucsavage
  - RE: Re: Signature for Kazaa Lite, Erek Adams
- RE: Signature for Kazaa Lite, Trevor Daucsavage
  - Re: Signature for Kazaa Lite, Michael Scheidell
- RE: Re: Signature for Kazaa Lite, Trevor Daucsavage
Re: Snort-sigs digest, Vol 1 #513 - 4 msgs (Out of office), Chris Rowe
RE: Re: Snort-sigs digest, Vol 1 #512 - 9 msgs (Out of office), Schmehl, Paul L
Re: Snort-sigs digest, Vol 1 #512 - 9 msgs (Out of office), Chris Rowe
- Re: Re: Snort-sigs digest, Vol 1 #512 - 9 msgs (Out of office), Matt Kettler
RE: New code-red Variant (code red F) sig available ?, Young, Mike
RE: New code-red Variant (code red F) sig available ?, Young, Mike
- RE: New code-red Variant (code red F) sig available ?, Paul M. Sittler
New code-red Variant (code red F) sig available ?, Xavier FIQUET
- RE: New code-red Variant (code red F) sig available ?, Schmehl, Paul L
Re: Snort-sigs digest, Vol 1 #511 - 2 msgs (Out of office), Chris Rowe
new rule proposal (Dameware), Kreimendahl, Chad J
Has anyone developed a rule for the new MultiDropper Virus?, Compton, Rich
signature information for SIG 104, Muhammad Faisal Rauf Danka
- signature information for SIG 104, Muhammad Faisal Rauf Danka
Snort Signatures for LSD-PL.NET Exploit, Loki
- Re: Snort Signatures for LSD-PL.NET Exploit, Michael Scheidell
  - Re: Snort Signatures for LSD-PL.NET Exploit, Loki
    - Re: Snort Signatures for LSD-PL.NET Exploit, Martin Roesch
- Re: Snort Signatures for LSD-PL.NET Exploit, Brian
  - Re: Snort Signatures for LSD-PL.NET Exploit, Loki
    - Re: Snort Signatures for LSD-PL.NET Exploit, Chris Green
    - Re: Snort Signatures for LSD-PL.NET Exploit, Martin Roesch
  - Re: Snort Signatures for LSD-PL.NET Exploit, Joe Stewart
Re: Sendmail crackaddr header overflow, Wes Zuber
- Re: Sendmail crackaddr header overflow, Chris Baker
- RE: Sendmail crackaddr header overflow, joe . pepin
  - Re: Sendmail crackaddr header overflow, Joe Stewart
- RE: Sendmail crackaddr header overflow, joe . pepin
Re: Pass rule problem, Bart Somers
Sendmail crackaddr header overflow sig - Dozens of False Positives, Jeff Oliveto
- Re: Sendmail crackaddr header overflow sig - Dozens of False Positives, Bennett Todd
puzzled: logging more than one packet at a time, Christophe VG
- Re: puzzled: logging more than one packet at a time, Christophe VG
- Re: puzzled: logging more than one packet at a time, Jason
- RE: puzzled: logging more than one packet at a time, Day, Adam L
- RE: puzzled: logging more than one packet at a time, Day, Adam L
- puzzled: logging more than one packet at a time, Christophe Van Ginneken
External Network -Snort Rules, John Ascica Sandoval
- Re: External Network -Snort Rules, Erek Adams
more info on SID 254?, Carl Gibbons
snort local rules help??, Nick Fear
- Re: snort local rules help??, Matt Kettler
- Re: snort local rules help??, Paul Schmehl
Re: Cywin SSH and EXPLOIT ssh CRC32 overflow filler, Brian
snort-rules CURRENT update @ Wed Mar 5 06:25:07 2003, bmc
snort-rules STABLE update @ Wed Mar 5 06:25:07 2003, bmc
proposed update to web-iis.rules - cmd.exe, and cmd32.exe access rules, Travis Farmer
Re: Sendmail crackaddr header overflow sigs, Michael Scheidell
- RE: Sendmail crackaddr header overflow sigs, Kreimendahl, Chad J
  - Re: Sendmail crackaddr header overflow sigs, Michael Scheidell
- Re: Sendmail crackaddr header overflow sigs, Joe Stewart
- Re: Sendmail crackaddr header overflow sigs, Joerg Weber
snort-rules STABLE update @ Tue Mar 4 15:08:40 2003, bmc
snort-rules CURRENT update @ Tue Mar 4 15:08:40 2003, bmc
tell the number of packets before triggering, Marius Stefan
- Re: tell the number of packets before triggering, Matt Kettler
  - Re: tell the number of packets before triggering, Phillip G Deneault
  - Re: tell the number of packets before triggering, daniel.clemens
    - Re: tell the number of packets before triggering, Marius Stefan
    - Re: tell the number of packets before triggering, Carl Gibbons
    - Re: tell the number of packets before triggering, Jason Haar
    - Re: tell the number of packets before triggering, Erek Adams
    - Re: tell the number of packets before triggering, simsjs
    - Re: tell the number of packets before triggering, Erek Adams
snort-rules STABLE update @ Tue Mar 4 06:25:07 2003, bmc
snort-rules CURRENT update @ Tue Mar 4 06:25:07 2003, bmc
FW: [VulnWatch] ISS Security Brief: Snort RPC Preprocessing Vulne rability, Robert Wagner
port list, JimF
RE: Sid 1042 - too many FPs, Scheidell
- Re: Sid 1042 - too many FPs, Brian
Re: Sid:1845 IMAP list overflow attempt, Brian
Re: sid: 1113 - FPs, Jon
- Re: sid: 1113 - FPs, Jason
- RE: sid: 1113 - FPs, Schmehl, Paul L
- RE: sid: 1113 - FPs, Schmehl, Paul L