|
|
June 26, 2003
- WinXP remote desktop rules--newbie help, John York
- RE: Sobig.E variant, Shane Williams
- Re: Sobig.E variant, Joe Stewart
- Signaure Hiccup, Dale L. Handy
- RE: Sobig.E variant, Esler, Joel Contractor
- False Positive for SID 1322: bad frag bits, Sam Gorton
- RE: Sobig.E variant, Steven Alexander
- Sobig.E variant, Esler, Joel Contractor
- RE: Edonkey - port 4662, O'Flynn, Derek
- Re: Edonkey - port 4662, Gustavo Beltrami Rossi
- Re: Edonkey - port 4662, Joe Matusiewicz
- Re: Edonkey - port 4662, Gustavo Beltrami Rossi
- SID 2161, Sam Evans
June 24, 2003
- More documents in waiting, Nigel Houghton
- Re: Rule Documentation - Rules of engagement, Nigel Houghton
- RE: Rule Documentation - Rules of engagement, Esler, Joel Contractor
- Wrm.exe, Backdoor.Wollf.16 (AVP), Fenstermaker, William
- Rule Documentation - Rules of engagement, Nigel Houghton
- remove me from your list, Carmit Partoush
- help about snort_inline, Fang Neco
June 23, 2003
- SID 295-299, Steven Alexander
- Documentation: SID 274, Steven Alexander
- SID 295, Steven Alexander
- Re: Problems with SID 2161, Sam Evans
- RE: Problems with SID 2161, Sam Evans
- Re: Problems with SID 2161, Brian
- Re: logical operators and snort rules, Brian
- RE: Problems with SID 2161, Steven Alexander
- Problems with SID 2161, Sam Evans
- Re: Question about rule semantic, Brian
- new user group, C L Dokic
June 20, 2003
- Documentation: SID 629, Steven Alexander
- Documentation: SID 355, Steven Alexander
- Documentation: SID 293, Steven Alexander
- Documentation: SID 290, Steven Alexander
- Documentation: SID 287, Steven Alexander
- Documentation: SID 288, Steven Alexander
- Documentation SID 291, Steven Alexander
- Documentation: SID 286, Steven Alexander
- Documentation: SID 289, Steven Alexander
- SID 291, Steven Alexander
- PID, Terence Garland (Nashua Connect)
- RE: sigs for MSM via proxies, Ciprian Badescu
- Re: snort rules., Nigel Houghton
- RE: sigs for MSM via proxies, Tinsley Paul
June 19, 2003
- sigs for MSM via proxies, Jason Haar
- logical operators and snort rules, Terence Runge
- categorizing snort signatures, karim hassib
- false positives for MISC BGP invalid length, Josh . Sakofsky
- Re: Submit new detection engine?, daniel.clemens
- Submit new detection engine?, Neal
- Question about rule semantic, stephane
- SID 114, Liss, John
- snort rules., Randy C. Ramsdell
- SID 111, Liss, John
- Re: Depth and multi content rule help., nick black
- SNORT, Rowley, Thomas
June 17, 2003
- RE: Duplicate sids in deleted.rules, Andreas Östling
- Depth and multi content rule help., larosa, vjay
- RE: Duplicate sids in deleted.rules, Schmehl, Paul L
- RE: Traceroute test, Esler, Joel Contractor
- RE: Traceroute test, Esler, Joel Contractor
- RE: Traceroute test, Blake
- Re: Traceroute test, Brian
- RE: Duplicate sids in deleted.rules, Hugo van der Kooij
- Re: Traceroute test, Dirk Mueller
- Traceroute test, Esler, Joel Contractor
- RE: Duplicate sids in deleted.rules, L. Christopher Luther
- Re: Bit Torrent signature, Brian
- Re: Bit Torrent signature, Chris Green
- Duplicate sids in deleted.rules, Martin Olsson
- Bit Torrent signature, Jukka Juslin
June 16, 2003
- RE: IANA reserved IP address rules?, Schmehl, Paul L
- Re: IANA reserved IP address rules?, Michael Nygren
- Re: IANA reserved IP address rules?, Doug Cress
- Re: IANA reserved IP address rules?, james
- RE: IANA reserved IP address rules?, Hugo van der Kooij
- RE: IANA reserved IP address rules?, Harper, John T.
- W32/MoFei.worm, Esler, Joel Contractor
June 12, 2003
- Re: A question about Snort, Matt Kettler
- Re: A question about Snort, Anthony Kim
- sigs documentation, Chaos
- RE: A question about Snort, adam.w.hogan
- Re: Window size, Bill McCarty
- A question about Snort, Maria Teresa Herrera Hueso
- PortScan, md esa kamsan
- RE: More: Question on SID 285, Steven Alexander
- SID 1103 documentation, Kevin Peuhkurinen
- Re: Window size, Brian
- SID 1050 documentation, Kevin Peuhkurinen
- RE: IANA reserved IP address rules?, Joshua Wright
- Re: IANA reserved IP address rules?, Jeff Nathan
June 11, 2003
- rule documentation for WEB-MISC Oracle XSQLConfig.xml access, Josh . Sakofsky
- Window size, Bill McCarty
- IANA reserved IP address rules?, Matt Kettler
- rule documentation for FTP SITE NEWER attempt, Josh . Sakofsky
- rule documentation for WEB-CGI mrtg.cgi directory traversal attempt, Josh . Sakofsky
- SID 1544 documentation, Kevin Peuhkurinen
- SID 1546 documentation, Kevin Peuhkurinen
- rule documentation for WEB-CGI Oracle reports CGI access, Josh . Sakofsky
- rule documentation for ATTACK-RESPONSES successful gobbles ssh exploit (uname), Josh . Sakofsky
- rule documentation for, Josh . Sakofsky
- SID 1071 documentation, Kevin Peuhkurinen
- SID 1043 documentation, Kevin Peuhkurinen
- rule documentation for WEB-MISC apache ?M=D directory list attempt, Josh . Sakofsky
- Document for Rule 268 DOS Jolt attack, U.Siva Kumar
- More: Question on SID 285, Steven Alexander
- SID 285, Steven Alexander
- SID 284, Steven Alexander
June 10, 2003
- rule documentation for WEB-MISC carbo.dll access, Josh . Sakofsky
- rule documentation for TELNET SGI telnetd format bug, Josh . Sakofsky
- Re: question regarding web-iis rule NOT triggering.., Matt Kettler
- RE: Question on SID 285, Steven Alexander
- Question on SID 285, Steven Alexander
- question regarding web-iis rule NOT triggering.., Ashley Thomas
- RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Jeff Nathan
- Re: Signature Definition #460, 5 of 20 and Signature Definition # 458, Brian
- RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Steven Alexander
- SID 1156 change recommendation, Kevin Peuhkurinen
- SID 1129 documentation, Kevin Peuhkurinen
- Rule #501 (lssre), dank
- Documentation (#502), dank
- Documentation (rule #500), dank
- SID 1808 documentation revised, Kevin Peuhkurinen
- RE: Signature Definition #462, 6 of 20, Esler, Joel Contractor
- RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Esler, Joel Contractor
- False +ves with sid 1882 with possible fix, Russell Fulton
June 09, 2003
- RE: Correction to signature 1227, Steven Alexander
- Re: Correction to signature 1227, Brian
- RE: SID 716, Steven Alexander
- Correction to signature 1227, Steven Alexander
- Re: Re: [Snort-sigs] Oinkmaster questions, Anthony Kim
- SID 1227, Steven Alexander
- SID 720, Steven Alexander
- SID 793, Steven Alexander
- Re: SID 716, daniel.clemens
- Re: false +ves for IMAP login overflow (SID 1993), Russell Fulton
- SID 715, Steven Alexander
- SID 717, Steven Alexander
- SID 718, Steven Alexander
- SID 716, Steven Alexander
- Re: [Snort-sigs] Oinkmaster questions, Russell Fulton
- SID 719, Steven Alexander
- RE: Oinkmaster questions, Schmehl, Paul L
- SID 1828 documentation, Kevin Peuhkurinen
- Documentation (#1325), nicholas black
- Oinkmaster questions, Philip Davidson
- Sid 456 and 385 documentation change, Steven Alexander
- RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Steven Alexander
- RE: Signature Definition #462, 6 of 20, Steven Alexander
- SID 1852 documentation, Kevin Peuhkurinen
- SID 1857 documentation, Kevin Peuhkurinen
- Signature Definition #1945 , 20 of 20, Esler, Joel Contractor
- some new signatures to consider, Kreimendahl, Chad J
- Signature Definition #1760 , 19 of 20, Esler, Joel Contractor
- RE: Signature Definition #1432 , 18 of 20, Esler, Joel Contractor
- Signature Definition #1227 , 16 of 20, Esler, Joel Contractor
- RE: Signature Definition #1227 , 17 of 20, Esler, Joel Contractor
- Signature Definition #1201, 16 of 20, Esler, Joel Contractor
- SID 484, Steven Alexander
- SID 482, Steven Alexander
- SID 476, Steven Alexander
- SID 483, Steven Alexander
- SID 467, Steven Alexander
- SID 481, Steven Alexander
- SID 465, Steven Alexander
- SID 466, Steven Alexander
- SID 384, 18 of 20, Steven Alexander
- SID 385, 19 of 20, Steven Alexander
- SID 380, 15 of 20, Steven Alexander
- SID 382, 17 of 20, Steven Alexander
- SID 456, 20 of 20, Steven Alexander
- SID 381, 16 of 20, Steven Alexander
- SID 379, 14 of 20, Steven Alexander
- SID 378, 13 of 20, Steven Alexander
- SID 376, 11 of 20, Steven Alexander
- SID 374, 9 of 20, Steven Alexander
- SID 377, 12 of 20, Steven Alexander
- SID 375, 10 of 20, Steven Alexander
- SID 373 (my contribution #8), Steven Alexander
- Mistake in SID 379, Steven Alexander
- SID 372 (my contribution #7), Steven Alexander
- SID 371 (my contribution #6), Steven Alexander
- SID 370 (my contribution #5), Steven Alexander
- SID 369 (my contribution #4), Steven Alexander
- SID 368 (my contribution #3), Steven Alexander
- SID: 366 (my contribution #2), Steven Alexander
- Signature Definition #1023, 15 of 20, Esler, Joel Contractor
- SID 1809 documentation, Kevin Peuhkurinen
- rule documentation for NETBIOS SMB C$ access, Josh . Sakofsky
- rule documentation for MISC Invalid PCAnywhere Login, Josh . Sakofsky
- SID 1808 documentation, Kevin Peuhkurinen
- RE: SMB login Failure, Horta, Benny
- Signature Definition #718, 14 of 20, Esler, Joel Contractor
- Signature Definition #719, 13 of 20, Esler, Joel Contractor
- Signature Definition #717, 12 of 20, Esler, Joel Contractor
- Re: SID 1828 change needed, Giles Coochey
- snort rule documentation (#492), dank
- doc of rules, blacharz
- documentation for rule 492, dank
- documentation (sid 522), dank
- Questions and Sig 1313 documentation, Gauldin Sean
- snort rule documentation (#522), dank
- Re: false +ves for IMAP login overflow (SID 1993), Brian
- SID 1497 documentation, Kevin Peuhkurinen
- snort-rules CURRENT update @ Mon Jun 9 09:28:21 2003, bmc
- snort-rules STABLE update @ Mon Jun 9 09:28:21 2003, bmc
- Rule Proposal "Kazaa Supernode Event", Esler, Joel Contractor
- Signature Definition #553, 11 of 20, Esler, Joel Contractor
- Signature Definition #549, 10 of 20, Esler, Joel Contractor
- Signature Definition #556, 9 of 20, Esler, Joel Contractor
- Signature Definition #507, 8 of 20, Esler, Joel Contractor
- Signature Definition #489, 7 of 20, Esler, Joel Contractor
- Signature Definition #462, 6 of 20, Esler, Joel Contractor
- Signature Definition #460, 5 of 20, Esler, Joel Contractor
- Signature Definition #458, 4 of 20, Esler, Joel Contractor
- Signature Definition #359, 3 of 20, Esler, Joel Contractor
- Signature Definition #358, 2 of 20, Esler, Joel Contractor
- Signature Definition #354, 1 of 20, Esler, Joel Contractor
- false +ves for IMAP login overflow (SID 1993), Russell Fulton
- Re: RES: W32.Bugbear.B@mm Signature, Shane Williams
June 06, 2003
- rule documentation for WEB-CLIENT Javascript URL host spoofing attempt, Josh . Sakofsky
- RES: W32.Bugbear.B@mm Signature, Rodrigo Ramos
- SID 184 False Posiitives : "WEB-CLIENT Javascript URL host spoofing attemp ", SoloNet Newsfeed
- Re: SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid ", SoloNet Newsfeed
- rule documentation for PORN free XXX, Josh . Sakofsky
- rule documentation for MISC xdmcp query, Josh . Sakofsky
- rule documentation for WEB-MISC CISCO VoIP DOS ATTEMPT, Josh . Sakofsky
- rule documentation for MISC xfs overflow attempt, Josh . Sakofsky
- rule documentation for WEB-CGI php.cgi access, Josh . Sakofsky
- rule documentation for FTP saint scan, Josh . Sakofsky
- rule documentation for FTP SATAN scan, Josh . Sakofsky
- rule documentation for FTP iss scan, Josh . Sakofsky
- rule documentation for FTP ADMw0rm ftp login attempt, Josh . Sakofsky
- rule documentation for DNS named iquery attempt, Josh . Sakofsky
- SID 1042 false positives: WEB-IIS view source via translate header", SoloNet Newsfeed
- SID 1667 documentation, Kevin Peuhkurinen
- Re: SMB Login Failure, Brian
- W32.Bugbear.B@mm Signature, Tinsley Paul
- re: Using snort to stop SMTP dictionary attacks, david@xxxxxxxxxxxxx
- Rule documentation, Steven Alexander
- Re: Web service rules, Joel Maslak
- Snort Rules Contributions, Nawapong Nakjang
- SMB Login Failure, Andy Wood
- Re: Using snort to stop SMTP dictionary attacks], Erek Adams
- RE: SID 1882 False Posiitives : "ATTACK-RESPONSES i d check returned userid ", Erek Adams
- SMB login Failure, Andy Wood
June 05, 2003
- Re: Using snort to stop SMTP dictionary attacks], Dale L. Handy
- Rule Documentation - teardrop correction, Steven Alexander
- Missing attachment, Nigel Houghton
- snort-rules CURRENT update @ Thu Jun 5 11:15:37 2003, bmc
- snort-rules STABLE update @ Thu Jun 5 11:15:37 2003, bmc
- T-shirt!, Norbert . Kotras
- Sensor, Michelle . Moraes
- Web service rules, Joel Maslak
- Re: write rule documentation, get a t-shirt, Kevin Peuhkurinen
- WinMX connections and packet capture, Jukka Juslin
- RE: Using snort to stop SMTP dictionary attacks], Rich Adamson
- RE: Using snort to stop SMTP dictionary attacks], Esler, Joel Contractor
- Re: SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid ", Brian
- Re: Your application, nigel.houghton
- Re: Using snort to stop SMTP dictionary attacks], Steve Cody
- Re: Using snort to stop SMTP dictionary attacks], james
|
|
