security.ids.snort.sigs (thread)

Nemesis 1.4 beta3 released, Jeff Nathan
W32.Mumu.B.Worm Patterns (BETA), Tinsley Paul
WinXP remote desktop rules--newbie help, John York
- Re: WinXP remote desktop rules--newbie help, Andreas Östling
- RE: WinXP remote desktop rules--newbie help, John York
Signaure Hiccup, Dale L. Handy
- Re: Signaure Hiccup, stephane
False Positive for SID 1322: bad frag bits, Sam Gorton
Sobig.E variant, Esler, Joel Contractor
- RE: Sobig.E variant, Steven Alexander
- RE: Sobig.E variant, Esler, Joel Contractor
  - Re: Sobig.E variant, Joe Stewart
  - RE: Sobig.E variant, Shane Williams
- Re: Sobig.E variant, Wes Young
SID 2161, Sam Evans
- Re: SID 2161, Nigel Houghton
Edonkey - port 4662, O'Flynn, Derek
- Re: Edonkey - port 4662, Gustavo Beltrami Rossi
- Re: Edonkey - port 4662, Joe Matusiewicz
  - Re: Edonkey - port 4662, Gustavo Beltrami Rossi
- RE: Edonkey - port 4662, O'Flynn, Derek
nocase, Martin Olsson
- Re: nocase, nick black
- Re: nocase, Brian
New rule: SCAN 55808 Trojan scan, m . stiefenhofer
More documents in waiting, Nigel Houghton
Wrm.exe, Backdoor.Wollf.16 (AVP), Fenstermaker, William
Rule Documentation - Rules of engagement, Nigel Houghton
- RE: Rule Documentation - Rules of engagement, Esler, Joel Contractor
  - Re: Rule Documentation - Rules of engagement, Nigel Houghton
remove me from your list, Carmit Partoush
help about snort_inline, Fang Neco
SID 295-299, Steven Alexander
Documentation: SID 274, Steven Alexander
SID 295, Steven Alexander
Problems with SID 2161, Sam Evans
- Re: Problems with SID 2161, Brian
  - Re: Problems with SID 2161, Sam Evans
- RE: Problems with SID 2161, Steven Alexander
  - RE: Problems with SID 2161, Sam Evans
new user group, C L Dokic
Deleted Rules, Nigel Houghton
Document for Rule 268 DOS Jolt attack, U.Siva Kumar
Documentation: SID 268, U.Siva Kumar
Documentation: SID 629, Steven Alexander
Documentation: SID 355, Steven Alexander
Documentation: SID 293, Steven Alexander
Documentation: SID 290, Steven Alexander
Documentation: SID 287, Steven Alexander
Documentation: SID 288, Steven Alexander
Documentation SID 291, Steven Alexander
Documentation: SID 286, Steven Alexander
Documentation: SID 289, Steven Alexander
SID 291, Steven Alexander
PID, Terence Garland (Nashua Connect)
sigs for MSM via proxies, Jason Haar
- RE: sigs for MSM via proxies, Tinsley Paul
  - RE: sigs for MSM via proxies, Ciprian Badescu
logical operators and snort rules, Terence Runge
- Re: logical operators and snort rules, Brian
categorizing snort signatures, karim hassib
false positives for MISC BGP invalid length, Josh . Sakofsky
Submit new detection engine?, Neal
- Re: Submit new detection engine?, daniel.clemens
Question about rule semantic, stephane
- Re: Question about rule semantic, Brian
SID 114, Liss, John
snort rules., Randy C. Ramsdell
- Re: snort rules., Nigel Houghton
SID 111, Liss, John
SNORT, Rowley, Thomas
Successful anonymous ftp login rules..., darrell hyde
Depth and multi content rule help., larosa, vjay
- Re: [Snort-sigs] Depth and multi content rule help., Chris Green
- Re: Depth and multi content rule help., nick black
Traceroute test, Esler, Joel Contractor
- Re: Traceroute test, Dirk Mueller
  - RE: Traceroute test, Blake
- Re: Traceroute test, Brian
- RE: Traceroute test, Esler, Joel Contractor
- RE: Traceroute test, Esler, Joel Contractor
Duplicate sids in deleted.rules, Martin Olsson
- RE: Duplicate sids in deleted.rules, L. Christopher Luther
  - RE: Duplicate sids in deleted.rules, Hugo van der Kooij
    - RE: Duplicate sids in deleted.rules, Andreas Östling
- RE: Duplicate sids in deleted.rules, Schmehl, Paul L
W32/MoFei.worm, Esler, Joel Contractor
snort-rules STABLE update @ Sun Jun 15 01:16:51 2003, bmc
snort-rules CURRENT update @ Sun Jun 15 01:16:51 2003, bmc
snort-rules STABLE update @ Sat Jun 14 00:17:06 2003, bmc
snort-rules CURRENT update @ Sat Jun 14 00:17:06 2003, bmc
P2P Signature for Edonkey/Emule, O'Flynn, Derek
snort-rules CURRENT update @ Fri Jun 13 14:26:56 2003, bmc
snort-rules STABLE update @ Fri Jun 13 14:26:56 2003, bmc
sigs documentation, Chaos
A question about Snort, Maria Teresa Herrera Hueso
- Re: A question about Snort, Erek Adams
- RE: A question about Snort, adam.w.hogan
  - Re: A question about Snort, Anthony Kim
    - Re: A question about Snort, Matt Kettler
- RE: A question about Snort, Esler, Joel Contractor
  - RE: A question about Snort, Erek Adams
PortScan, md esa kamsan
SID 1103 documentation, Kevin Peuhkurinen
SID 1050 documentation, Kevin Peuhkurinen
rule documentation for WEB-MISC Oracle XSQLConfig.xml access, Josh . Sakofsky
Window size, Bill McCarty
- Re: Window size, Brian
  - Re: Window size, Bill McCarty
IANA reserved IP address rules?, Matt Kettler
- Re: IANA reserved IP address rules?, Jeff Nathan
- RE: IANA reserved IP address rules?, Joshua Wright
- RE: IANA reserved IP address rules?, Harper, John T.
  - RE: IANA reserved IP address rules?, Hugo van der Kooij
    - Re: IANA reserved IP address rules?, Michael Nygren
    - Bit Torrent signature, Jukka Juslin
    - Re: Bit Torrent signature, Chris Green
    - Re: Bit Torrent signature, Brian
  - Re: IANA reserved IP address rules?, james
  - Re: IANA reserved IP address rules?, Doug Cress
- RE: IANA reserved IP address rules?, Schmehl, Paul L
rule documentation for FTP SITE NEWER attempt, Josh . Sakofsky
rule documentation for WEB-CGI mrtg.cgi directory traversal attempt, Josh . Sakofsky
SID 1544 documentation, Kevin Peuhkurinen
SID 1546 documentation, Kevin Peuhkurinen
rule documentation for WEB-CGI Oracle reports CGI access, Josh . Sakofsky
rule documentation for ATTACK-RESPONSES successful gobbles ssh exploit (uname), Josh . Sakofsky
rule documentation for, Josh . Sakofsky
SID 1071 documentation, Kevin Peuhkurinen
SID 1043 documentation, Kevin Peuhkurinen
rule documentation for WEB-MISC apache ?M=D directory list attempt, Josh . Sakofsky
Document for Rule 268 DOS Jolt attack, U.Siva Kumar
More: Question on SID 285, Steven Alexander
- RE: More: Question on SID 285, Steven Alexander
SID 285, Steven Alexander
SID 284, Steven Alexander
rule documentation for WEB-MISC carbo.dll access, Josh . Sakofsky
rule documentation for TELNET SGI telnetd format bug, Josh . Sakofsky
Re: question regarding web-iis rule NOT triggering.., Matt Kettler
Question on SID 285, Steven Alexander
- RE: Question on SID 285, Steven Alexander
question regarding web-iis rule NOT triggering.., Ashley Thomas
SID 1156 change recommendation, Kevin Peuhkurinen
SID 1129 documentation, Kevin Peuhkurinen
Rule #501 (lssre), dank
Documentation (#502), dank
Documentation (rule #500), dank
SID 1808 documentation revised, Kevin Peuhkurinen
RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Esler, Joel Contractor
- RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Jeff Nathan
False +ves with sid 1882 with possible fix, Russell Fulton
Correction to signature 1227, Steven Alexander
- Re: Correction to signature 1227, Brian
- RE: Correction to signature 1227, Steven Alexander
SID 1227, Steven Alexander
SID 720, Steven Alexander
SID 793, Steven Alexander
SID 715, Steven Alexander
SID 717, Steven Alexander
SID 718, Steven Alexander
SID 716, Steven Alexander
- Re: SID 716, daniel.clemens
- RE: SID 716, Steven Alexander
SID 719, Steven Alexander
SID 1828 documentation, Kevin Peuhkurinen
Documentation (#1325), nicholas black
Oinkmaster questions, Philip Davidson
- Re: [Snort-sigs] Oinkmaster questions, Russell Fulton
  - Re: Re: [Snort-sigs] Oinkmaster questions, Anthony Kim
- RE: Oinkmaster questions, Schmehl, Paul L
Sid 456 and 385 documentation change, Steven Alexander
RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Steven Alexander
- RE: Signature Definition #460, 5 of 20 and Signature Definition # 458, Steven Alexander
  - Re: Signature Definition #460, 5 of 20 and Signature Definition # 458, Brian
SID 1852 documentation, Kevin Peuhkurinen
SID 1857 documentation, Kevin Peuhkurinen
Signature Definition #1945 , 20 of 20, Esler, Joel Contractor
some new signatures to consider, Kreimendahl, Chad J
Signature Definition #1760 , 19 of 20, Esler, Joel Contractor
RE: Signature Definition #1432 , 18 of 20, Esler, Joel Contractor
Signature Definition #1227 , 16 of 20, Esler, Joel Contractor
RE: Signature Definition #1227 , 17 of 20, Esler, Joel Contractor
Signature Definition #1201, 16 of 20, Esler, Joel Contractor
SID 484, Steven Alexander
SID 482, Steven Alexander
SID 476, Steven Alexander
SID 483, Steven Alexander
SID 467, Steven Alexander
SID 481, Steven Alexander
SID 465, Steven Alexander
SID 466, Steven Alexander
SID 384, 18 of 20, Steven Alexander
SID 385, 19 of 20, Steven Alexander
SID 380, 15 of 20, Steven Alexander
SID 382, 17 of 20, Steven Alexander
SID 456, 20 of 20, Steven Alexander
SID 381, 16 of 20, Steven Alexander
SID 379, 14 of 20, Steven Alexander
SID 378, 13 of 20, Steven Alexander
SID 376, 11 of 20, Steven Alexander
SID 374, 9 of 20, Steven Alexander
SID 377, 12 of 20, Steven Alexander
SID 375, 10 of 20, Steven Alexander
SID 373 (my contribution #8), Steven Alexander
Mistake in SID 379, Steven Alexander
SID 372 (my contribution #7), Steven Alexander
SID 371 (my contribution #6), Steven Alexander
SID 370 (my contribution #5), Steven Alexander
SID 369 (my contribution #4), Steven Alexander
SID 368 (my contribution #3), Steven Alexander
SID: 366 (my contribution #2), Steven Alexander
Signature Definition #1023, 15 of 20, Esler, Joel Contractor
SID 1809 documentation, Kevin Peuhkurinen
rule documentation for NETBIOS SMB C$ access, Josh . Sakofsky
rule documentation for MISC Invalid PCAnywhere Login, Josh . Sakofsky
SID 1808 documentation, Kevin Peuhkurinen
Signature Definition #718, 14 of 20, Esler, Joel Contractor
Signature Definition #719, 13 of 20, Esler, Joel Contractor
Signature Definition #717, 12 of 20, Esler, Joel Contractor
snort rule documentation (#492), dank
doc of rules, blacharz
documentation for rule 492, dank
documentation (sid 522), dank
Questions and Sig 1313 documentation, Gauldin Sean
snort rule documentation (#522), dank
SID 1497 documentation, Kevin Peuhkurinen
snort-rules CURRENT update @ Mon Jun 9 09:28:21 2003, bmc
snort-rules STABLE update @ Mon Jun 9 09:28:21 2003, bmc
Rule Proposal "Kazaa Supernode Event", Esler, Joel Contractor
Signature Definition #553, 11 of 20, Esler, Joel Contractor
Signature Definition #549, 10 of 20, Esler, Joel Contractor
Signature Definition #556, 9 of 20, Esler, Joel Contractor
Signature Definition #507, 8 of 20, Esler, Joel Contractor
Signature Definition #489, 7 of 20, Esler, Joel Contractor
Signature Definition #462, 6 of 20, Esler, Joel Contractor
- RE: Signature Definition #462, 6 of 20, Steven Alexander
- RE: Signature Definition #462, 6 of 20, Esler, Joel Contractor
Signature Definition #460, 5 of 20, Esler, Joel Contractor
Signature Definition #458, 4 of 20, Esler, Joel Contractor
Signature Definition #359, 3 of 20, Esler, Joel Contractor
Signature Definition #358, 2 of 20, Esler, Joel Contractor
Signature Definition #354, 1 of 20, Esler, Joel Contractor
false +ves for IMAP login overflow (SID 1993), Russell Fulton
- Re: false +ves for IMAP login overflow (SID 1993), Brian
  - Re: false +ves for IMAP login overflow (SID 1993), Russell Fulton
snort-rules STABLE update @ Sun Jun 8 03:34:04 2003, bmc
snort-rules CURRENT update @ Sun Jun 8 03:34:04 2003, bmc
Sig 1313 documentation and questions, Gauldin Sean
- Re: Sig 1313 documentation and questions, Brian
rule documentation for WEB-CLIENT Javascript URL host spoofing attempt, Josh . Sakofsky
rule documentation for PORN free XXX, Josh . Sakofsky
rule documentation for MISC xdmcp query, Josh . Sakofsky
rule documentation for WEB-MISC CISCO VoIP DOS ATTEMPT, Josh . Sakofsky
rule documentation for MISC xfs overflow attempt, Josh . Sakofsky
rule documentation for WEB-CGI php.cgi access, Josh . Sakofsky
rule documentation for FTP saint scan, Josh . Sakofsky
rule documentation for FTP SATAN scan, Josh . Sakofsky
rule documentation for FTP iss scan, Josh . Sakofsky
rule documentation for FTP ADMw0rm ftp login attempt, Josh . Sakofsky
rule documentation for DNS named iquery attempt, Josh . Sakofsky
SID 1667 documentation, Kevin Peuhkurinen
W32.Bugbear.B@mm Signature, Tinsley Paul
- RES: W32.Bugbear.B@mm Signature, Rodrigo Ramos
  - Re: RES: W32.Bugbear.B@mm Signature, daniel.clemens
    - Re: RES: W32.Bugbear.B@mm Signature, Shane Williams
Rule documentation, Steven Alexander
Snort Rules Contributions, Nawapong Nakjang
SMB login Failure, Andy Wood
- SMB Login Failure, Andy Wood
  - Re: SMB Login Failure, Brian
- RE: SMB login Failure, Horta, Benny
Rule Documentation - teardrop correction, Steven Alexander
Missing attachment, Nigel Houghton
snort-rules CURRENT update @ Thu Jun 5 11:15:37 2003, bmc
snort-rules STABLE update @ Thu Jun 5 11:15:37 2003, bmc
T-shirt!, Norbert . Kotras
Sensor, Michelle . Moraes
Web service rules, Joel Maslak
- Re: Web service rules, Joel Maslak
Re: Your application, nigel.houghton
Re: Using snort to stop SMTP dictionary attacks], Steve Cody
- Re: Using snort to stop SMTP dictionary attacks], james
  - Re: Using snort to stop SMTP dictionary attacks], Steve Cody
    - Re: Using snort to stop SMTP dictionary attacks], Dale L. Handy
    - Re: Using snort to stop SMTP dictionary attacks], Erek Adams
- RE: Using snort to stop SMTP dictionary attacks], Esler, Joel Contractor
  - RE: Using snort to stop SMTP dictionary attacks], Rich Adamson
Using snort to stop SMTP dictionary attacks, Steve Cody
- Re: Using snort to stop SMTP dictionary attacks, james
- re: Using snort to stop SMTP dictionary attacks, david@xxxxxxxxxxxxx
RE: SID 1882 False Posiitives : "ATTACK-RESPONSES i d check returned userid ", Esler, Joel Contractor
- Re: SID 1882 False Posiitives : "ATTACK-RESPONSES i d check returned userid ", SoloNet Newsfeed
- RE: SID 1882 False Posiitives : "ATTACK-RESPONSES i d check returned userid ", Erek Adams
  - SID 1042 false positives: WEB-IIS view source via translate header", SoloNet Newsfeed
    - Re: SID 1042 false positives: WEB-IIS view source via translate header", Brian
Re: SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid ", SoloNet Newsfeed
- Re: SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid ", Brian
  - Re: SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid ", SoloNet Newsfeed
    - SID 184 False Posiitives : "WEB-CLIENT Javascript URL host spoofing attemp ", SoloNet Newsfeed
SID 1828 change needed, Kevin Peuhkurinen
- Re: SID 1828 change needed, Giles Coochey
worm_sobig.c?, Magnus Larsson
- Re: worm_sobig.c?, Nigel Houghton
  - WinMX connections and packet capture, Jukka Juslin
"MS-SQL ping attempt" is illegal or not?, sb ch
snort-rules CURRENT update @ Sun Jun 1 21:15:27 2003, bmc
snort-rules STABLE update @ Sun Jun 1 21:15:27 2003, bmc
write rule documentation, get a t-shirt, Brian
- Re: [Snort-sigs] write rule documentation, get a t-shirt, Giles Coochey
  - Re: [Snort-sigs] write rule documentation, get a t-shirt, Brian
- Re: write rule documentation, get a t-shirt, Kevin Peuhkurinen
Re: Proposed change to icmp-info.rules, Jim Breton
- Re: Proposed change to icmp-info.rules, Brian
Re: SMTP rcpt to sed command attempt, Tony Lill