security.ids.snort.sigs (date)

security.ids.snort.sigs (date)

July 31, 2003

RE: i've recieved your help, Matt Kettler
Re: Snort-sigs digest, Vol 1 #658 - 11 msgs, Zultan
Re: snort-rules with resp, Erek Adams
RE: i've recieved your help, Moyer, Shawn
snort-rules with resp, Alexandru Balan
Re: Resp Keyword in Windows XP!!, Jeff Nathan

July 30, 2003

Re: i've recieved your help, Matt Kettler
Re: i've recieved your help, Wes Young
Re: i've recieved your help, Matt Kettler
FW: Resp Keyword in Windows XP!!, Esler, Joel Contractor
FW: DCom RPC attack response sig, Esler, Joel Contractor
i've recieved your help, qkhou
Signature to detect shells bound to a port, Jukka Juslin
snort-rules STABLE update @ Wed Jul 30 02:20:05 2003, bmc
snort-rules CURRENT update @ Wed Jul 30 02:20:05 2003, bmc

July 29, 2003

HXDL.EXE, Wes Young
Re: DCOM MS03-026 Alpha Rules, Brian
Re: Resp Keyword in Windows XP!!, Matt Kettler
DCom RPC attack response sig, Michael Anuzis
Resp Keyword in Windows XP!!, jthomas
RE: DCOM MS03-026 Alpha Rules, Paul Tinsley
RE: DCOM MS03-026 Alpha Rules, Paul Tinsley
Re: DCOM MS03-026 Alpha Rules, daniel uriah clemens
DCOM MS03-026 Alpha Rules, pdt
RE: Rule: Bugbear.B Network Share Scan, Tom . Mclaughlin

July 28, 2003

RE: Rule: Bugbear.B Network Share Scan, Tinsley Paul
Rule: Bugbear.B Network Share Scan, Tom . Mclaughlin
Re: Ignoring just one host, Erick Mechler
RE: Ignoring just one host, Moyer, Shawn
Ignoring just one host, Gary Danko
Re: Signature for scanning SSH versions, Matt Kettler
Re: question, Matt Kettler
question, qkhou

July 27, 2003

Re: Signature for scanning SSH versions, Matt Kettler

July 25, 2003

Re: [Fwd: dce rpc rules], Kevin Pietersma
Re: Signature for scanning SSH versions, Jon Hart
Re: Signature for scanning SSH versions, Christopher Lubrecht
sid 882 false positives, Jonathan Norman
Re: Signature for scanning SSH versions, Jukka Juslin
Re: Signature for scanning SSH versions, Wes Young

July 24, 2003

Re: dce rpc rules, Dale L. Handy
Re: Signature for scanning SSH versions, Matt Kettler
Re: Signature for scanning SSH versions, Hugo van der Kooij
Microsoft Security Bulletin MS03-026 signature, Kevin Pietersma
Signature for scanning SSH versions, Jukka Juslin
Re: MS Exchange rule, Hugo van der Kooij

July 23, 2003

RE: MS Exchange rule, Schmehl, Paul L
Re: (spp_stream4) STEALTH ACTIVITY (unknown) detection, Matt Kettler
Re: MS Exchange rule, Wes Young
RE: MS Exchange rule, Robert Reid
Re: MS Exchange rule, Brian
(spp_stream4) STEALTH ACTIVITY (unknown) detection, Josh . Sakofsky
MS Exchange rule, Kraus, Thorsten

July 22, 2003

Documentation: SID 908, Darryl Davidson
Documentation: SID 907, Darryl Davidson
Documentation: SID 906, Darryl Davidson
Documentation: SID 905, Darryl Davidson
Re: how many rules are there for snort at the moment?, Brian
Missing signature description, Cliff Lai
Re: how many rules are there for snort at the moment?, Matt Kettler
RE: how many rules are there for snort at the moment?, Steven Alexander
how many rules are there for snort at the moment?, Chatprechakul Mr N
Rule for port 3531, Robert Wagner
snort-rules STABLE update @ Tue Jul 22 02:24:19 2003, bmc
snort-rules CURRENT update @ Tue Jul 22 02:24:19 2003, bmc

July 21, 2003

dce rpc rules, Brian
Re: SID: 2190, Nigel Houghton
Re: I think there's something wrong when snort tries to reassemble TCP stream, Matt Kettler
Re: SID: 2190, Jon Hart
Re: RE: [snort-cvs] CVS: snort - cazz, Brian
RE: RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability, Donahue, Pat
Re: RE: [snort-cvs] CVS: snort - cazz, Chris Green
RE: SID: 2190, Keith Pachulski
RE: Suggested Sig for Cisco DOS Vulnerability, Klun, Jim
SID: 2191, Iván Mota Alberca
RE: Suggested Sig for Cisco DOS Vulnerability, Klun, Jim
SID: 2193, Iván Mota Alberca
help, Thomas Dodds
SID: 2192, Iván Mota Alberca
SID: 2190, Iván Mota Alberca
Fw: SC Signature and HPING Signature, james
Why does snort use binarytree structure when reassembling a TCP stream, 曾小立
I think there's something wrong when snort tries to reassemble TCP stream, 曾小立

July 20, 2003

Re: Question Alert 1948, Rich Adamson
Re: Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, Rich Adamson
Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, Michael Scheidell
RE: RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J

July 19, 2003

yet more porn docs, Steven Alexander
Re: Question Alert 1948, Erick Mechler
Re: Question Alert 1948, Rich Adamson
Re: Question Alert 1948, Wes Young
snort-rules CURRENT update @ Sat Jul 19 01:21:42 2003, bmc
snort-rules STABLE update @ Sat Jul 19 01:21:42 2003, bmc
Re: More porn docs, Nigel Houghton
Re: RE: [snort-cvs] CVS: snort - cazz, Brian
RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability, Eric Hines

July 18, 2003

More porn docs, Steven Alexander
Documentation: porn rules, Steven Alexander
Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, William Stearns
Documentation: sid 627, Steven Alexander
Documentation: sid 626, Steven Alexander
Correction: sid 619, Steven Alexander
Documentation: sid 1133, Steven Alexander
Documentation: sid 619, Steven Alexander
SIDS 1133 and 619, Steven Alexander
Re: Suggested Sig for Cisco DOS Vulnerability, Brian
Fw: SC Signature and HPING Signature, james
RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
Documentation: SID 522, Steven Alexander
Re: Re: "bad guy" tagging, Martin Olsson
Re: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability, Michael Scheidell
need a packet trace for serv-u/malware ftp session w/o login..., Donovan Tyler {tylerd}
Question Alert 1948, Cathy Stallings
Documentation: SID 324, Darryl Davidson
Re: "bad guy" tagging, Grudge Mason
Re: Re: "bad guy" tagging, Martin Olsson
Suggested Sig for Cisco DOS Vulnerability, Compton, Rich
Re: Re: "bad guy" tagging, Brian
Documentation: Sid 503, Steven Alexander
Documentation: Sid 504, Steven Alexander

July 17, 2003

Re: Re: "bad guy" tagging, Michael Boman
Re: Re: "bad guy" tagging, Grudge Mason
Re: Re: "bad guy" tagging, Chris Green
Re: Re: "bad guy" tagging, Martin Olsson

July 16, 2003

Documentation: SID 904, Darryl Davidson
Documentation: SID 904, Darryl Davidson
Re: Re: "bad guy" tagging, Chris Green
Re: "bad guy" tagging (Was: Re: Regarding rule 491 INFO FTP Bad login), Martin Olsson
why does snort use binarytree structure when reassembling a TCP stream, 曾小立
I think there's something wrong when snort tries to reassemble TCP stream, 曾小立

July 15, 2003

"bad guy" tagging (Was: Re: Regarding rule 491 INFO FTP Bad login), Erek Adams
VIAGRA, PHENTERMINE & MORE... vyojen mb, Eliseo Askew
Re: Remote Shell Trojan signature, Matt Kettler
Re: AW: locate the offender/target (was: Regarding rule 491 INFO FTP Bad login), Martin Olsson
Remote Shell Trojan signature, Jukka Juslin
Re: What is the FLUSH STREAM (in spp_stream4.c) for?, Jeff Nathan

July 14, 2003

Re: SID 663, SMTP rcpt to sed command attempt, Matt Kettler
Re: SID 663, SMTP rcpt to sed command attempt, Brian
Re: SID 663, SMTP rcpt to sed command attempt, Matt Kettler
Re: SID 663, SMTP rcpt to sed command attempt, stephane
Re: SID 663, SMTP rcpt to sed command attempt, Nigel Houghton
AW: Regarding rule 491 INFO FTP Bad login, Sean Wheeler
Re: Regarding rule 491 INFO FTP Bad login, Martin Olsson
Regarding rule 491 INFO FTP Bad login, J-H. Johansen
Edonkey signatures, Jukka Juslin

July 13, 2003

Re: SID 663, SMTP rcpt to sed command attempt, Hugo van der Kooij
SID 663, SMTP rcpt to sed command attempt, Nathan Bain
snort-rules STABLE update @ Sat Jul 12 01:19:44 2003, bmc
snort-rules CURRENT update @ Sat Jul 12 01:19:44 2003, bmc
Re: P2P Kazaa Traffic, Brian

July 11, 2003

Re: SID 333, Matt Kettler
SID 333, Steven Alexander
Documentation: SID 279, Steven Alexander
Documentation: SID 281, Steven Alexander
Re: What is the FLUSH STREAM (in spp_stream4.c) for?, Matt Kettler
RE: P2P Kazaa Traffic, Sam Evans
RE: P2P Kazaa Traffic, Jacob Hurley
RE: P2P Kazaa Traffic, Jukka Juslin
CAN 2002-1123, Gabriel Agatiello
What is the FLUSH STREAM (in spp_stream4.c) for?, 曾小立

July 10, 2003

Re: P2P Kazaa Traffic, Tony Lill
RE: P2P Kazaa Traffic, Jacob Hurley
Re: P2P Kazaa Traffic, Wes Young
Re: P2P Kazaa Traffic, Jukka Juslin
Re: P2P Kazaa Traffic, Wes Young
Buy Phentermine, & more with NO PRESCRIPTION! vdleujsjzzxvjnw y, Bryant Myrick

July 09, 2003

ICMP PING Cisco Type.x (supposedly ios 9.x) documentation, daniel uriah clemens
ICMP PING BeOS4.x Documentation, daniel uriah clemens
ICMP PING BayRS Router documentation, daniel uriah clemens
ICMP PING *NIX documentation, daniel uriah clemens
ICMP PING BSDType Documentation, daniel uriah clemens
Re: P2P Kazaa Traffic, Sam Evans
Re: ACID, Erick Mechler
RE: question about content, Steven Alexander
WEB-MISC xp_cmdshell attempt documentation., daniel uriah clemens
Re: P2P Kazaa Traffic, Sam Evans
Re: P2P Kazaa Traffic, Chris Baker
Re: P2P foldershare.com ftp connection with FTP STUFF, daniel uriah clemens
P2P Kazaa Traffic, Sam Evans
ACID, Esler, Joel Contractor
question about content, karim hassib

July 08, 2003

RE: Questions about Snort Alerts, Steven Alexander
RE: Rule management, Eric Hines
Re: 10 documented Signatures, daniel uriah clemens
P2P foldershare.com going to http traffic without a GET, daniel uriah clemens
P2P foldershare.com ftp connection with FTP STUFF, daniel uriah clemens
P2P foldershare.com 8000 connection, daniel uriah clemens
Re: P2P rate limiting, Chris Green
GATOR.COM CLIENT Generic AutoUPDATE POST, daniel uriah clemens
Gator Client GET zip file, daniel uriah clemens
Gator.com Client HTTP GET w/ BLAST THREAD, daniel uriah clemens
Generic Gator client GET Rule, daniel uriah clemens
GATOR.COM (GATOR/4.0) CLIENT AUTOUPDATE POST, daniel uriah clemens
Gator client connection via HTTP GET Precision Time - ini file, daniel uriah clemens
OUTGOING GENERIC GATOR CLIENT CONNECTION VIA HTTP POST + .dll, daniel uriah clemens
Generic Gator Client Post rule, daniel uriah clemens
Gator.com Client GET w/Date Manager, daniel uriah clemens
Gator client (Gator/4.0) POST + bannerserver.dll, daniel uriah clemens
GATOR CLIENT GET exe file + Precision Time, daniel uriah clemens
P2P rate limiting, Sewell, Michael K
10 documented Signatures, Babbin, Jacob Mr NSS-P
Questions about Snort Alerts, eric
Rule management, tim
Re: what do the two constants TH_RES2,TH_RES1 mean, Chris Green
Re: what do the two constants TH_RES2,TH_RES1 mean, Dale L. Handy
what do the two constants TH_RES2,TH_RES1 mean, 曾小立

July 07, 2003

Re: capturing and inspecting an email!, Brian
Re: Question about rule semantic, stephane
speedera rule, Bryan Irvine

July 06, 2003

sigs admin, Tim

July 04, 2003

capturing and inspecting an email!, "Héroux, Christian"

July 03, 2003

10 more snort signatures documented., Babbin, Jacob Mr NSS-P
Re: WEB-CGI admin.pl access, Erick Mechler
WEB-CGI admin.pl access, Chaudhury, Neel
WEB-CGI admin.pl access, Chaudhury, Neel

July 02, 2003

Re: Gator spyware detection, daniel uriah clemens
Gator spyware detection, Esler, Joel Contractor
SID 1836, 1837 should include more ports, Raffael Marty
What does this mean?, Michael Breton

July 01, 2003

Do not use snort-<list>-admin for general list postings, Chris Green
error in rules 1377 & 1378 ?, stephane
Re: What does this mean?, Dale L. Handy
Re: What does this mean?, Erek Adams
What does this mean?, Michael Breton
Re: Antwort: Rules, Ali BASEL
Antwort: Rules, m . stiefenhofer
Re: Rules, Mathias Gygax
Rules, Vanio Rogerio Santos
snort-rules CURRENT update @ Tue Jul 1 01:22:21 2003, bmc
snort-rules STABLE update @ Tue Jul 1 01:22:21 2003, bmc

News | FAQ | advertise