security.ids.snort.sigs (thread)

Netbios rules are case sensitive?, Jason Haar
Lovgate.F port 445 rule, Tom . Mclaughlin
Lovgate.F rule, Tom . Mclaughlin
porn.rules, Bryan Irvine
- Re: porn.rules, Bryan Irvine
False Positive on SMTP HELO Overflow, Ron Shuck
- Re: False Positive on SMTP HELO Overflow, Matt Kettler
- Re: False Positive on SMTP HELO Overflow, Erik Alexander Løkken
- Re: False Positive on SMTP HELO Overflow, Matthew Callaway
  - Re: False Positive on SMTP HELO Overflow, Jason Haar
what does this command do?, stormshadow
- RE: what does this command do?, Schmehl, Paul L
- RE: what does this command do?, Matt Kettler
logging session using tagging, Christophe VG
- Re: logging session using tagging, Erek Adams
  - Re: logging session using tagging, Christophe VG
RE: ftp rules question - why only external to intern al?, Matt Kettler
RE: ftp rules question - why only external to intern al?, L. Christopher Luther
- RE: ftp rules question - why only external to intern al?, Jerry . L . Rose
ftp rules question - why only external to internal?, Jerry . L . Rose
- Re: ftp rules question - why only external to internal?, Brian
- Re: ftp rules question - why only external to internal?, Terence Runge
Mike Sands/ITS/Element K is out of the office., Mike_Sands
- Re: Mike Sands/ITS/Element K is out of the office., Michael Scheidell
- RE: Mike Sands/ITS/Element K is out of the office., Esler, Joel Contractor
  - Re: Mike Sands/ITS/Element K is out of the office., Michael Scheidell
    - Re: Mike Sands/ITS/Element K is out of the office., Matt Kettler
more on logs, Bryan Irvine
- Re: more on logs, Hugo van der Kooij
- RE: more on logs, L. Christopher Luther
  - RE: more on logs, Nigel Houghton <nigel.houghton@xxxxxxxxxxxxxx>
cmd.exe and iisamples, Bryan Irvine
- RE: cmd.exe and iisamples, Esler, Joel Contractor
- RE: cmd.exe and iisamples, L. Christopher Luther
- RE: cmd.exe and iisamples, Jerry . L . Rose
- RE: cmd.exe and iisamples, Robert Reid
Strange question, Bryan Irvine
- Re: Strange question, Bennett Todd
- Re: Strange question, Matt Kettler
Snort logs, Bryan Irvine
- Re: Snort logs, Hugo van der Kooij
- Re: Snort logs, Robson Paniago Vasconcelos
Lots of triggers from NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt, Ian Macdonald
- Re: Lots of triggers from NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt, Johnathan Norman
  - Re: Lots of triggers from NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt, Brian
    - Re: Lots of triggers from NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt, Johnathan Norman
Issue with rule sid 255, Geoff Craig
- Re: Issue with rule sid 255, Brian
- RE: Issue with rule sid 255, Geoff Craig
  - Re: Issue with rule sid 255, Brian
- RE: Issue with rule sid 255, Geoff Craig
Strange ICMP Log, Ron Shuck
jackhammer, Danny Shurett
SID 1362, Anton Chuvakin
SID 1361, Anton Chuvakin
SID 1360, Anton Chuvakin
SID 1359, Anton Chuvakin
SID 1358, Anton Chuvakin
snort-rules CURRENT update @ Wed Apr 16 21:16:04 2003, bmc
Mark Fuller/US/ABNAMRO/NL is out of the office., mark . fuller
- Mark Fuller/US/ABNAMRO/NL is out of the office., mark . fuller
newbie quistion, David Davis
- Re: newbie quistion, Matt Kettler
snort-rules STABLE update @ Wed Apr 16 21:16:04 2003, bmc
look better fifmiqf, Errol Oconnor
snort-rules CURRENT update @ Wed Apr 16 20:16:11 2003, bmc
P2P Question, Trevor Daucsavage
- Re: P2P Question, Dirk Mueller
Problems with SID 1432, Sam Evans
newby quistin, David Davis
- Re: newby quistin, Matt Kettler
SID 1042 and WebDAV, Scott, Joshua
- SID 1042 and WebDAV, Scott, Joshua
  - Re: SID 1042 and WebDAV, Jason Haar
  - Re: SID 1042 and WebDAV, Russell Fulton
  - Snort Signaturte option, byte_test and byte_jump, HQ-Amorelle Ong
Troj.KillAV Sig, Glen Joseph
WhiteHat Web Server Fingerprinter Signatures, Ryan . Barnett
David Kibilka/Networking/Willich/Datasystems ist außer Haus., dkibilka
- David Kibilka/Networking/Willich/Datasystems ist außer Haus., dkibilka
RE: Problems with SID 498: ATTACK RESPONSES id check returned root, Jacob Hurley
- RE: Problems with SID 498: ATTACK RESPONSES id check returned root, Sam Evans
  - RE: Problems with SID 498: ATTACK RESPONSES id check returned root, Kenneth G. Arnold
    - RE: Problems with SID 498: ATTACK RESPONSES id check returned root, Sam Evans
RE: Problems with SID 498: ATTACK RESPONSES id check returned root, Esler, Joel Contractor
Problems with SID 498: ATTACK RESPONSES id check returned root, Sam Evans
- Re: Problems with SID 498: ATTACK RESPONSES id check returned root, Kenneth G. Arnold
  - Re: Problems with SID 498: ATTACK RESPONSES id check returned root, Sam Evans
- Re: Problems with SID 498: ATTACK RESPONSES id check returned root, Chris Green
  - Re: Problems with SID 498: ATTACK RESPONSES id check returned root, Russell Fulton
I'm very new to snort, please help, Ray Pierce
fw: Possible rule for samba-2.2.XX exploit, Jacob Hurley
RE: [Snort-sigs] SMTP From Comment Overflow rule problems, Ron Shuck
Rule for Sebek2 Traffic, Andrew Hintz \(Drew\)
RE: Snort newbie having trouble with using rule for detecting WebDAV exploit, Matt Yackley
Snort newbie having trouble with using rule for detecting WebDAV exploit, Jason Richardson
snort 1.9.x signatures and snort 1.8.x signatures, William_Metcalf
netric/eSDee dhcpd exploit rule., Alberto Gonzalez
tftp rules classtypes confusing, Miller, Eoin
- Re: tftp rules classtypes confusing, Chris Green
rule documentation, Johnathan Norman
- Re: rule documentation, Chris Green
  - Re: rule documentation, Brian
newbie post, Bryan Irvine
- newbie post, Bryan Irvine
  - Re: newbie post, Matt Kettler
- Re: newbie post, Mark Cooper
Apologize, Jose Ramon Hernandez Macias
Sigs for /sumthin and Rst.b backdoor, Joe Stewart
SMTP From Comment Overflow rule problems, Ron Shuck
- RE: SMTP From Comment Overflow rule problems, Jacob Hurley
- RE: SMTP From Comment Overflow rule problems, Bob Dehnhardt
snort-rules CURRENT update @ Mon Apr 7 13:41:13 2003, bmc
snort-rules STABLE update @ Mon Apr 7 13:41:13 2003, bmc
- RE: snort-rules STABLE update @ Mon Apr 7 13:41:13 2003, Jacob Hurley
references for sid:220 (BACKDOOR HideSource backdoor attempt), Carl Gibbons
Demande d'aide, Dari Dorine
- Re: Demande d'aide, Joe Stewart
- RE: Demande d'aide, Esler, Joel Contractor
  - Re: Demande d'aide, Saad Kadhi
- RE: Demande d'aide, John Hally
New SMB_COM_TRANSACTION alerts look pretty "broken", Jason Haar
- Re: New SMB_COM_TRANSACTION alerts look pretty "broken", Brian
Sig for gpuser@xxxxxxxx, JP Vossen
- RE: Sig for gpuser@xxxxxxxx, John Hally
RADIUS attributes detection, desconocido
creating new sigs [newbie], Chris Hare, CISSP, CISA
- Re: creating new sigs [newbie], Matt Kettler
  - Re: creating new sigs [newbie], Chris Hare, CISSP, CISA
Re: Questions 101 & Dire Straits, JP Vossen
snortrules-stable bug patches, Snort user
- Rootkit signatures, Jukka Juslin
- Re: snortrules-stable bug patches, Michael Scheidell
  - Re: snortrules-stable bug patches, Matt Kettler
- Possible rule for samba-2.2.XX exploit, Joerg Weber
  - Re: Possible rule for samba-2.2.XX exploit, Brian
    - Re: Possible rule for samba-2.2.XX exploit, Joerg Weber
snortrules-current bug patches, Snort user
Suspected False Positives - SID 2102, Jeff Oliveto
Hotmail, ricardo@xxxxxxxxxxx
Proposed sig to spot internal Klez infections, Kenneth G. Arnold
Questions 101, Esler, Joel Contractor
- Re: Questions 101, Chris Green
  - Re: Questions 101, Matt Kettler
- Re: Questions 101, Matt Kettler
- RE: Questions 101, Esler, Joel Contractor
snort-rules CURRENT update @ Thu Apr 3 15:18:07 2003, bmc
Sendmail Signature, linux snort
- Sendmail Signature, linux snort
  - Re: Sendmail Signature, Bennett Todd
    - Re: Sendmail Signature, Matt Kettler
- Re: Sendmail Signature, Muhammad Faisal Rauf Danka
Question about sid: 1002, Paul Schmehl
- Re: Question about sid: 1002, Brian
  - Re: Question about sid: 1002, Paul Schmehl
    - Re: Question about sid: 1002, daniel.clemens
    - Re: Question about sid: 1002, Daniel J. Roelker
    - Re: Question about sid: 1002, Paul Schmehl
    - Re: Question about sid: 1002, Brian
    - Re: Question about sid: 1002, Paul Schmehl
- RE: Question about sid: 1002, Jacob Hurley
  - Re: Question about sid: 1002, Michael Boman
  - RE: Question about sid: 1002, Daniel J. Roelker
- RE: Question about sid: 1002, Jacob Hurley
snort-rules CURRENT update @ Wed Apr 2 17:20:39 2003, bmc
snort-rules STABLE update @ Wed Apr 2 17:20:39 2003, bmc
Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office., Jose Ramon Hernandez Macias
- Re: Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office., Michael Scheidell
  - Re: Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office., Alberto Gonzalez
- Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office., Jose Ramon Hernandez Macias
  - Re: Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office., James Ainslie
- Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office., Jose Ramon Hernandez Macias
Quicktime Overflow Exploit Sig, SoloNet Newsfeed Processor
SID 275: Eats CPU, Lars Jørgensen IT
- Re: SID 275: Eats CPU, Erek Adams
Snort sig for the Security bit?, David T Hollis
- RE: Snort sig for the Security bit?, Casper van Eersel
snort-rules CURRENT update @ Tue Apr 1 06:25:07 2003, bmc
Typo in reference for sid 2090, Dale Handy