security.ids.snort.sigs (thread)

Re: Snort-sigs digest, Vol 1 #658 - 11 msgs, Zultan
snort-rules with resp, Alexandru Balan
- Re: snort-rules with resp, Erek Adams
i've recieved your help, qkhou
- Re: i've recieved your help, Matt Kettler
- Re: i've recieved your help, Wes Young
  - Re: i've recieved your help, Matt Kettler
- RE: i've recieved your help, Moyer, Shawn
- RE: i've recieved your help, Matt Kettler
snort-rules STABLE update @ Wed Jul 30 02:20:05 2003, bmc
snort-rules CURRENT update @ Wed Jul 30 02:20:05 2003, bmc
HXDL.EXE, Wes Young
DCom RPC attack response sig, Michael Anuzis
- Signature to detect shells bound to a port, Jukka Juslin
- FW: DCom RPC attack response sig, Esler, Joel Contractor
Resp Keyword in Windows XP!!, jthomas
- Re: Resp Keyword in Windows XP!!, Matt Kettler
  - Re: Resp Keyword in Windows XP!!, Jeff Nathan
- FW: Resp Keyword in Windows XP!!, Esler, Joel Contractor
DCOM MS03-026 Alpha Rules, pdt
- Re: DCOM MS03-026 Alpha Rules, daniel uriah clemens
  - RE: DCOM MS03-026 Alpha Rules, Paul Tinsley
- RE: DCOM MS03-026 Alpha Rules, Paul Tinsley
- Re: DCOM MS03-026 Alpha Rules, Brian
Rule: Bugbear.B Network Share Scan, Tom . Mclaughlin
- RE: Rule: Bugbear.B Network Share Scan, Tinsley Paul
- RE: Rule: Bugbear.B Network Share Scan, Tom . Mclaughlin
Ignoring just one host, Gary Danko
- Re: Ignoring just one host, Erick Mechler
- RE: Ignoring just one host, Moyer, Shawn
question, qkhou
- Re: question, Matt Kettler
Re: [Fwd: dce rpc rules], Kevin Pietersma
sid 882 false positives, Jonathan Norman
Re: Signature for scanning SSH versions, Wes Young
- Re: Signature for scanning SSH versions, Jukka Juslin
  - Re: Signature for scanning SSH versions, Matt Kettler
- Re: Signature for scanning SSH versions, Christopher Lubrecht
  - Re: Signature for scanning SSH versions, Jon Hart
- Re: Signature for scanning SSH versions, Matt Kettler
Microsoft Security Bulletin MS03-026 signature, Kevin Pietersma
Re: (spp_stream4) STEALTH ACTIVITY (unknown) detection, Matt Kettler
(spp_stream4) STEALTH ACTIVITY (unknown) detection, Josh . Sakofsky
MS Exchange rule, Kraus, Thorsten
- Re: MS Exchange rule, Brian
- Re: MS Exchange rule, Hugo van der Kooij
- RE: MS Exchange rule, Robert Reid
- Re: MS Exchange rule, Wes Young
  - Signature for scanning SSH versions, Jukka Juslin
    - Re: Signature for scanning SSH versions, Hugo van der Kooij
    - Re: Signature for scanning SSH versions, Matt Kettler
- RE: MS Exchange rule, Schmehl, Paul L
Documentation: SID 908, Darryl Davidson
Documentation: SID 907, Darryl Davidson
Documentation: SID 906, Darryl Davidson
Documentation: SID 905, Darryl Davidson
Missing signature description, Cliff Lai
Re: how many rules are there for snort at the moment?, Matt Kettler
- Re: how many rules are there for snort at the moment?, Brian
how many rules are there for snort at the moment?, Chatprechakul Mr N
- RE: how many rules are there for snort at the moment?, Steven Alexander
Rule for port 3531, Robert Wagner
snort-rules STABLE update @ Tue Jul 22 02:24:19 2003, bmc
snort-rules CURRENT update @ Tue Jul 22 02:24:19 2003, bmc
dce rpc rules, Brian
- Re: dce rpc rules, Dale L. Handy
RE: RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability, Donahue, Pat
SID: 2191, Iván Mota Alberca
SID: 2193, Iván Mota Alberca
help, Thomas Dodds
SID: 2192, Iván Mota Alberca
SID: 2190, Iván Mota Alberca
- Re: SID: 2190, Jon Hart
  - Re: SID: 2190, Nigel Houghton
- RE: SID: 2190, Keith Pachulski
Why does snort use binarytree structure when reassembling a TCP stream, 曾小立
yet more porn docs, Steven Alexander
snort-rules CURRENT update @ Sat Jul 19 01:21:42 2003, bmc
snort-rules STABLE update @ Sat Jul 19 01:21:42 2003, bmc
More porn docs, Steven Alexander
- Re: More porn docs, Nigel Houghton
Documentation: porn rules, Steven Alexander
Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, William Stearns
- Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, Michael Scheidell
  - Re: Re: [Snort-sigs] Re: Fw: Cisco Vulnerability Testing Results, Rich Adamson
Documentation: sid 627, Steven Alexander
Documentation: sid 626, Steven Alexander
Correction: sid 619, Steven Alexander
Documentation: sid 1133, Steven Alexander
Documentation: sid 619, Steven Alexander
SIDS 1133 and 619, Steven Alexander
Fw: SC Signature and HPING Signature, james
- Fw: SC Signature and HPING Signature, james
RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
- Re: RE: [snort-cvs] CVS: snort - cazz, Brian
- RE: RE: [snort-cvs] CVS: snort - cazz, Kreimendahl, Chad J
  - Re: RE: [snort-cvs] CVS: snort - cazz, Chris Green
  - Re: RE: [snort-cvs] CVS: snort - cazz, Brian
Documentation: SID 522, Steven Alexander
need a packet trace for serv-u/malware ftp session w/o login..., Donovan Tyler {tylerd}
Question Alert 1948, Cathy Stallings
- Re: Question Alert 1948, Wes Young
  - Re: Question Alert 1948, Rich Adamson
    - Re: Question Alert 1948, Erick Mechler
    - Re: Question Alert 1948, Rich Adamson
Documentation: SID 324, Darryl Davidson
Suggested Sig for Cisco DOS Vulnerability, Compton, Rich
- Re: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability, Michael Scheidell
  - RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability, Eric Hines
- Re: Suggested Sig for Cisco DOS Vulnerability, Brian
- RE: Suggested Sig for Cisco DOS Vulnerability, Klun, Jim
- RE: Suggested Sig for Cisco DOS Vulnerability, Klun, Jim
Documentation: Sid 503, Steven Alexander
Documentation: Sid 504, Steven Alexander
Re: Re: "bad guy" tagging, Grudge Mason
- Re: Re: "bad guy" tagging, Martin Olsson
- Re: "bad guy" tagging, Grudge Mason
Documentation: SID 904, Darryl Davidson
- Documentation: SID 904, Darryl Davidson
why does snort use binarytree structure when reassembling a TCP stream, 曾小立
I think there's something wrong when snort tries to reassemble TCP stream, 曾小立
- I think there's something wrong when snort tries to reassemble TCP stream, 曾小立
  - Re: I think there's something wrong when snort tries to reassemble TCP stream, Matt Kettler
VIAGRA, PHENTERMINE & MORE... vyojen mb, Eliseo Askew
Regarding rule 491 INFO FTP Bad login, J-H. Johansen
- Re: Regarding rule 491 INFO FTP Bad login, Martin Olsson
  - AW: Regarding rule 491 INFO FTP Bad login, Sean Wheeler
    - Re: AW: locate the offender/target (was: Regarding rule 491 INFO FTP Bad login), Martin Olsson
  - "bad guy" tagging (Was: Re: Regarding rule 491 INFO FTP Bad login), Erek Adams
    - Re: "bad guy" tagging (Was: Re: Regarding rule 491 INFO FTP Bad login), Martin Olsson
    - Re: Re: "bad guy" tagging, Chris Green
    - Re: Re: "bad guy" tagging, Martin Olsson
    - Re: Re: "bad guy" tagging, Chris Green
    - Re: Re: "bad guy" tagging, Michael Boman
    - Re: Re: "bad guy" tagging, Brian
    - Re: Re: "bad guy" tagging, Martin Olsson
Edonkey signatures, Jukka Juslin
SID 663, SMTP rcpt to sed command attempt, Nathan Bain
- Re: SID 663, SMTP rcpt to sed command attempt, Hugo van der Kooij
  - Re: SID 663, SMTP rcpt to sed command attempt, Nigel Houghton
    - Re: SID 663, SMTP rcpt to sed command attempt, Matt Kettler
    - Re: SID 663, SMTP rcpt to sed command attempt, Brian
    - Re: SID 663, SMTP rcpt to sed command attempt, Matt Kettler
- Re: SID 663, SMTP rcpt to sed command attempt, stephane
snort-rules STABLE update @ Sat Jul 12 01:19:44 2003, bmc
snort-rules CURRENT update @ Sat Jul 12 01:19:44 2003, bmc
SID 333, Steven Alexander
- Re: SID 333, Matt Kettler
Documentation: SID 279, Steven Alexander
Documentation: SID 281, Steven Alexander
CAN 2002-1123, Gabriel Agatiello
What is the FLUSH STREAM (in spp_stream4.c) for?, 曾小立
- Re: What is the FLUSH STREAM (in spp_stream4.c) for?, Matt Kettler
- Re: What is the FLUSH STREAM (in spp_stream4.c) for?, Jeff Nathan
  - Remote Shell Trojan signature, Jukka Juslin
    - Re: Remote Shell Trojan signature, Matt Kettler
Buy Phentermine, & more with NO PRESCRIPTION! vdleujsjzzxvjnw y, Bryant Myrick
ICMP PING Cisco Type.x (supposedly ios 9.x) documentation, daniel uriah clemens
ICMP PING BeOS4.x Documentation, daniel uriah clemens
ICMP PING BayRS Router documentation, daniel uriah clemens
ICMP PING *NIX documentation, daniel uriah clemens
ICMP PING BSDType Documentation, daniel uriah clemens
WEB-MISC xp_cmdshell attempt documentation., daniel uriah clemens
P2P Kazaa Traffic, Sam Evans
- Re: P2P Kazaa Traffic, Chris Baker
  - Re: P2P Kazaa Traffic, Sam Evans
- Re: P2P Kazaa Traffic, Sam Evans
- Re: P2P Kazaa Traffic, Wes Young
  - Re: P2P Kazaa Traffic, Jukka Juslin
- Re: P2P Kazaa Traffic, Wes Young
  - Re: P2P Kazaa Traffic, Tony Lill
- RE: P2P Kazaa Traffic, Jacob Hurley
  - RE: P2P Kazaa Traffic, Jukka Juslin
    - RE: P2P Kazaa Traffic, Sam Evans
  - Re: P2P Kazaa Traffic, Brian
- RE: P2P Kazaa Traffic, Jacob Hurley
ACID, Esler, Joel Contractor
- Re: ACID, Erick Mechler
question about content, karim hassib
- RE: question about content, Steven Alexander
P2P foldershare.com going to http traffic without a GET, daniel uriah clemens
P2P foldershare.com ftp connection with FTP STUFF, daniel uriah clemens
- Re: P2P foldershare.com ftp connection with FTP STUFF, daniel uriah clemens
P2P foldershare.com 8000 connection, daniel uriah clemens
GATOR.COM CLIENT Generic AutoUPDATE POST, daniel uriah clemens
Gator Client GET zip file, daniel uriah clemens
Gator.com Client HTTP GET w/ BLAST THREAD, daniel uriah clemens
Generic Gator client GET Rule, daniel uriah clemens
GATOR.COM (GATOR/4.0) CLIENT AUTOUPDATE POST, daniel uriah clemens
Gator client connection via HTTP GET Precision Time - ini file, daniel uriah clemens
OUTGOING GENERIC GATOR CLIENT CONNECTION VIA HTTP POST + .dll, daniel uriah clemens
Generic Gator Client Post rule, daniel uriah clemens
Gator.com Client GET w/Date Manager, daniel uriah clemens
Gator client (Gator/4.0) POST + bannerserver.dll, daniel uriah clemens
GATOR CLIENT GET exe file + Precision Time, daniel uriah clemens
P2P rate limiting, Sewell, Michael K
- Re: P2P rate limiting, Chris Green
10 documented Signatures, Babbin, Jacob Mr NSS-P
- Re: 10 documented Signatures, daniel uriah clemens
Questions about Snort Alerts, eric
- RE: Questions about Snort Alerts, Steven Alexander
Rule management, tim
- RE: Rule management, Eric Hines
what do the two constants TH_RES2,TH_RES1 mean, 曾小立
- Re: what do the two constants TH_RES2,TH_RES1 mean, Dale L. Handy
- Re: what do the two constants TH_RES2,TH_RES1 mean, Chris Green
Re: Question about rule semantic, stephane
speedera rule, Bryan Irvine
sigs admin, Tim
capturing and inspecting an email!, "Héroux, Christian"
- Re: capturing and inspecting an email!, Brian
10 more snort signatures documented., Babbin, Jacob Mr NSS-P
WEB-CGI admin.pl access, Chaudhury, Neel
- Re: WEB-CGI admin.pl access, Erick Mechler
- WEB-CGI admin.pl access, Chaudhury, Neel
Gator spyware detection, Esler, Joel Contractor
- Re: Gator spyware detection, daniel uriah clemens
SID 1836, 1837 should include more ports, Raffael Marty
Do not use snort-<list>-admin for general list postings, Chris Green
error in rules 1377 & 1378 ?, stephane
What does this mean?, Michael Breton
- Re: What does this mean?, Erek Adams
- Re: What does this mean?, Dale L. Handy
- What does this mean?, Michael Breton
Rules, Vanio Rogerio Santos
- Re: Rules, Mathias Gygax
- Antwort: Rules, m . stiefenhofer
  - Re: Antwort: Rules, Ali BASEL
snort-rules CURRENT update @ Tue Jul 1 01:22:21 2003, bmc
snort-rules STABLE update @ Tue Jul 1 01:22:21 2003, bmc