security.ids.snort.sigs (thread)

snort-rules STABLE update @ Fri May 30 16:15:18 2003, bmc
snort-rules CURRENT update @ Fri May 30 16:15:18 2003, bmc
spp_stream4 Steath activity, John Hally
- Re: spp_stream4 Steath activity, daniel.clemens
- RE: spp_stream4 Steath activity, John Hally
Maintain virus.rules, Kevin Binsfield
byte_test:5,<,65537,0,relative,string;, Martin Olsson
- Re: byte_test:5,<,65537,0,relative,string;, Brian
Proposed change to icmp-info.rules, Jim Breton
How detect relaying with qmail and snort ?, r2d2r4
- Re: How detect relaying with qmail and snort ?, daniel.clemens
snort-rules CURRENT update @ Wed May 28 14:16:41 2003, bmc
snort_decoder T/TCP detected, Vincent Vono
- Re: snort_decoder T/TCP detected, Dirk Mueller
  - Detecting Connections, Faiz Ahmad Shuja
snort-rules STABLE update @ Wed May 28 14:16:41 2003, bmc
SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid ", SoloNet Newsfeed Processor
dropping traffic, Esler, Joel Contractor
- Re: dropping traffic, Erek Adams
Nimda, Joe Kinsella
- Re: Nimda, Nigel Houghton
- Re: Nimda, Matt Kettler
- RE: Nimda, Joe Kinsella
  - Re: Nimda, Brian
ELKERN Signature?, Lorraine Cannavale
DNS poisoning, Vincent Vono
- Re: DNS poisoning, Matt Kettler
problem with double logging, Marco Agostani
Possible false positive on SID 663, McKinlay, Ken
Look for attached files?, Magnus Larsson
- RE: Look for attached files?, Andrew Hintz \(Drew\)
SMTP rcpt to sed command attempt, Tony Lill
- Re: SMTP rcpt to sed command attempt, Matt Kettler
general sig question, d_greenjr
- Re: general sig question, Brian
- Re: general sig question, Tom Arseneault
  - Re: general sig question, Erek Adams
Not looking in Email, Esler, Joel Contractor
- Re: Not looking in Email, security people
  - Re: Not looking in Email, Dale L. Handy
    - Re: Not looking in Email, security people
- RE: Not looking in Email, Esler, Joel Contractor
hi, pix
- Re: hi, Chris Baker
RE: Ultimate Rule List, Moyer, Shawn
RE: Virus sig for worm_palyh.a and pe_ganda.a? .....can you give me some pointers. (fwd), daniel.clemens
- Re: Virus sig for worm_palyh.a and pe_ganda.a? .....can you give me some pointers. (fwd), Dale L. Handy
Snort & Acid, Colin . Slevin
install.php?phpbb_root_dir=http:// sig?, Eric Appelboom
- Re: install.php?phpbb_root_dir=http:// sig?, Brian
Followup on my last virus question., Magnus Larsson
Sig for a old virus?, Magnus Larsson
Virus sig for worm_palyh.a and pe_ganda.a?, Magnus Larsson
- Re: Virus sig for worm_palyh.a and pe_ganda.a?, Shane Williams
- RE: Virus sig for worm_palyh.a and pe_ganda.a?, Robert Reid
  - RE: Virus sig for worm_palyh.a and pe_ganda.a?, Magnus Larsson
  - RE: Virus sig for worm_palyh.a and pe_ganda.a?, Burak DAYIOGLU
    - RE: Virus sig for worm_palyh.a and pe_ganda.a?, Shane Williams
Re: Issue.fixing wincap, Joesph Bowling
VIRUS_RULES, Bill Leinauer
- Re: VIRUS_RULES, Matt Kettler
Issue, Colin . Slevin
- Re: Issue, Matt Kettler
  - Ultimate Rule List, Greg Powell
    - Re: Ultimate Rule List, David Wilburn
snort-rules STABLE update @ Thu May 15 23:15:23 2003, bmc
snort-rules CURRENT update @ Thu May 15 23:15:23 2003, bmc
Signatures related to POP3 overflow attempt, Erik Alexander Løkken
- Re: Signatures related to POP3 overflow attempt, operator
- Fw: Signatures related to POP3 overflow attempt, operator
- Re: Signatures related to POP3 overflow attempt, Nate Haggard
SID 663 - Revision 6 - False Positives question, Erik Alexander Løkken
SID 1620, Non-Standard IP Protocol question, Daniel Reich
RE: Does anyone have a working set of rules for the Fizzer Worm, Tinsley Paul
snort-rules STABLE update @ Wed May 14 17:15:36 2003, bmc
snort-rules CURRENT update @ Wed May 14 17:15:36 2003, bmc
Does anyone have a working set of rules for the Fizzer Worm, Marty . Bostick
snort-rules STABLE update @ Wed May 14 14:14:32 2003, bmc
snort-rules CURRENT update @ Wed May 14 14:14:32 2003, bmc
RE: Fizzer Virus Signature, operator
naming of rules file, Liuhy
Question, Joe Hdez
Re: Snort-sigs digest, Vol 1 #573 - 12 msgs, Jose Ramon Hernandez Macias
- Re: Re: Snort-sigs digest, Vol 1 #573 - 12 msgs, Brian
  - Re: Re: Snort-sigs digest, Vol 1 #573 - 12 msgs, Hugo van der Kooij
snort-rules STABLE update @ Tue May 13 11:03:45 2003, bmc
WebDav exploits - individual signatures, Joe Stewart
- Re: WebDav exploits - individual signatures, Joe Stewart
snort 2.0 problems, Randall S Jew
- RE: snort 2.0 problems, Smith, Jim
- RE: snort 2.0 problems, Joesph Bowling
Announcing sp_perl, Jeff Nathan
- Re: [Snort-sigs] Announcing sp_perl, Chris Green
- RE-Announcing sp_perl, Brian
ICMP rules: sid 499,473, 477, 487, m@xx
disable /var/log/snort logging, Nick White
- Re: disable /var/log/snort logging, Bill McCarty
- Re: Snort attack -- was disable /var/log/snort logging, Bill McCarty
- Re: disable /var/log/snort logging, Matt Kettler
- RE: disable /var/log/snort logging, Nick White
Snort rule sorter or managment system, Tim Bates
- Re: Snort rule sorter or managment system, Horacio Falcon
test mail, Liuhy
snort-rules CURRENT update @ Tue May 6 20:15:27 2003, bmc
filter session in both direction, Jingmin (Jimmy) Zhou
MESSNGR SPAM Sig, Phil Lyons
- Re: MESSNGR SPAM Sig, Brian
- RE: MESSNGR SPAM Sig, O'Flynn, Derek
- RE: MESSNGR SPAM Sig, O'Flynn, Derek
  - Re: MESSNGR SPAM Sig, Brian
    - Re: MESSNGR SPAM Sig, Gary Flynn
- RE: MESSNGR SPAM Sig, Phil Lyons
- Re: MESSNGR SPAM Sig, Phil Lyons
SMTP ETRN overflow attempt, NO JUNK MAIL
SQL Intection sig, Eric Appelboom
UNIXSOCK, Mattia
Bad reference on SID: 598?, JP Vossen
- Re: Bad reference on SID: 598?, Brian
Not sure I understand "RPC AMD TCP pid request".., Tom Arseneault
- Re: Not sure I understand "RPC AMD TCP pid request".., Brian
1631 CHAT AIM login false positive, Terence Runge
RE: Netbios rules are case sensitive?, Jon Stearn
- Re: Netbios rules are case sensitive?, Brian
  - Re: Netbios rules are case sensitive?, Jason Haar