security.ids.snort.sigs (thread)

Re: Quick Nachi ICMP rule -variants?, Vincent Vono
syn/fin scans from stream4, Vincent Vono
- Re: syn/fin scans from stream4, Erek Adams
  - Real Networks vulnerability, J-H. Johansen
- RE: syn/fin scans from stream4, Perry, Brian
I don't want scan.log, Dan Monjar
- Re: I don't want scan.log, Mann E. Schevitz
  - Re: I don't want scan.log, Dan Monjar
MS-SQL Ping false positives, David Wilburn
rule / doc change needed for CyberKit, David Wilburn
RE: Possible new strain of Blaster or is it a false positive?, Compton, Rich
Classification.config, Williams, Colby E.
- Re: Classification.config, frenzy
Limiting Alert Rates? Newbie, Jacob Roberts
- Re: Limiting Alert Rates? Newbie, Erek Adams
  - Re: Limiting Alert Rates? Newbie, Richard Crane
  - Re: Limiting Alert Rates? Newbie, Tony Lill
    - Re: Limiting Alert Rates? Newbie, Erek Adams
- RE: Limiting Alert Rates? Newbie, Michael Miller
change to sid 2189 (PIM) to account for MCAST-NET, Jon Hart
- Re: change to sid 2189 (PIM) to account for MCAST-NET, Jon Hart
Re: Warning: /etc/snort/local.rules(110) => Unknownkeyword 'established' in rule!, Wes Young
problems setting flags, studentmm08.pool-id
- Re: problems setting flags, studentmm08.pool-id
Possible new strain of Blaster or is it a false positive?, Marty . Bostick
- Re: Possible new strain of Blaster or is it a false positive?, Marty . Bostick
rule 1882 broken, Bob Tito
Event log Signature for Slammer, John Hally
Lovegate Signature, mos def
- RE: Lovegate Signature, larosa, vjay
Updated BLASTER TFTP rules, Jason Haar
- Re: Updated BLASTER TFTP rules, Erick Mechler
  - Re: Updated BLASTER TFTP rules, Jason Haar
    - Re: Updated BLASTER TFTP rules, Brian
    - Re: Updated BLASTER TFTP rules, Jason Haar
- Re: Updated BLASTER TFTP rules, Brian
- Quick Sobig.f rule, Paul Schmehl
  - Quick Nachi ICMP rule, Paul Schmehl
    - Re: Quick Nachi ICMP rule, Johnathan Norman
    - Re: Quick Nachi ICMP rule, Johnathan Norman
    - Re: Quick Nachi ICMP rule -variants?, Brian Howard
    - Re: Quick Nachi ICMP rule -variants?, Johnathan Norman
Rule for Sobig.F, Shane Williams
- Re: Rule for Sobig.F, Jonathan Norman
  - Re: Rule for Sobig.F, Hugo van der Kooij
RE: (long, slightly OT) Re: Blaster Alert-False Nega tive?, Bartholomew, Brian J
SID 1250, James Affeld
Marek Stiefenhofer ist nicht im Büro, m . stiefenhofer
RE: problem writing rules for checking traffic and c ontent, Eric Baur
CYBERKIT [Full-Disclosure] [UPDATE] ping floods, Steve Postma
- Re: CYBERKIT [Full-Disclosure] [UPDATE] ping floods, Hugo van der Kooij
  - Snorting without "flow:", Sean Batt
    - Re: Snorting without "flow:", Chris Green
Strange CyberKit alert activity, David Stubblefield
- RE: Strange CyberKit alert activity, Gavin Lowe
- RE: Strange CyberKit alert activity, Pacheco, Michael F.
- RE: Strange CyberKit alert activity, Robert Wagner
- RE: Strange CyberKit alert activity, Pacheco, Michael F.
  - RE: Strange CyberKit alert activity, Bryan Irvine
- RE: Strange CyberKit alert activity, Yackley, Matt
- RE: Strange CyberKit alert activity, Keith T. Morgan
problem writing rules for checking traffic and content, studentmm08.pool-id
- RE: problem writing rules for checking traffic and content, mad . eye
1378 sig docs, Neal Timm
Colin Slevin/TRANSWARE/IE is out of the office., Colin . Slevin
- Colin Slevin/TRANSWARE/IE is out of the office., Colin . Slevin
- Colin Slevin/TRANSWARE/IE is out of the office., Colin . Slevin
Q about uricontent vs content ; web bot name, Michael Scheidell
- Re: Q about uricontent vs content ; web bot name, Dale L. Handy
Is it possible to Log Headers not Data?, Stuart Jenkins
- Re: Is it possible to Log Headers not Data?, Stuart Jenkins
snorting telnet, Bryan Irvine
- Re: snorting telnet, caffeinex36@xxxxxxxxx
(long, slightly OT) Re: Blaster Alert-False Negative?, JP Vossen
Web Traffic Logging, Travis Rodak
tftp msblast.exe rule, Kaufman, Adam
Blaster/Lovosan Rules, Gregor Domhan
GPL/Open Source: Naieve Question, Vkmobile
- Re: GPL/Open Source: Naieve Question, James Riden
Blaster Alert-False Negative?, Bartholomew, Brian J
- Re: Blaster Alert-False Negative?, James Riden
- RE: Blaster Alert-False Negative?, lordchariot
  - RE: Blaster Alert-False Negative?, Jade E. Deane
- Re: Blaster Alert-False Negative?, Michael Scheidell
Possible new trojan, Trent Whaley
- Re: Possible new trojan, Matt Kettler
Sig file for W32.Blaster.Worm?, Jason Antonacci
- Re: Sig file for W32.Blaster.Worm?, Erick Mechler
Any new signatures for the other Variants of the Blaster Worm?, Marty . Bostick
- Re: Any new signatures for the other Variants of the Blaster Worm?, daniel uriah clemens
- Re: Any new signatures for the other Variants of the Blaster Worm?, Joe Stewart
- Re: Any new signatures for the other Variants of the Blaster Worm?, Marty . Bostick
Can someone please repost a sig for MS Blaster?, Eric Joe
- Re: Can someone please repost a sig for MS Blaster?, Alex Burger
- Re: Can someone please repost a sig for MS Blaster?, Erick Mechler
- Re: Can someone please repost a sig for MS Blaster?, Nigel Houghton
- RE: Can someone please repost a sig for MS Blaster?, Parker, Ian
fault positives, studentmm08.pool-id
- fault positives, studentmm08.pool-id
- RE: fault positives, Joshua Wright
src or dst port, alejandro corletti
Re: Snort sign for Microsoft DCOM RPC Worm Alert, IntegPatchMgr
- Re: Re: Snort sign for Microsoft DCOM RPC Worm Alert, Jason
Blaster Worm Signature??, DasPadre
RE: Snort-sigs digest, Vol 1 #670 - 1 msg, Vuppala, Vijaybhasker (EM, GECIS)
RE: Snort-sigs digest, Vol 1 #667 - 4 msgs, SG-Chew Poh Chang
Signature Timestamp?, Dusty Hall
- Re: Signature Timestamp?, Matt Kettler
- Re: Signature Timestamp?, Dusty Hall
- Re: Signature Timestamp?, JP Vossen
AIM Express sigs, Alan Kloster
Documentation: sid 1791, Steven Alexander
Compaq Insight Management Agent, Rich Adamson
Snort Sigs Documents, Neal Timm
RESERVED IP and Broadcast address, Peter Millington
- Re: RESERVED IP and Broadcast address, Michael Scheidell
Snort rules am attaching the files, Neal Timm
- Re: Snort rules am attaching the files, Erek Adams
- Re: Snort rules am attaching the files, Nigel Houghton
Rule Update, Altrock, Jens
[Fwd: Re: [Dragonidsuser] W32/Mimail Signature], Burak DAYIOGLU
RE: DCom RPC attack response sig, Esler, Joel Contractor
- Re: DCom RPC attack response sig, CK Ng
- RE: DCom RPC attack response sig, Michael Anuzis
- Re: FW: DCom RPC attack response sig, Pogue
  - RE: FW: DCom RPC attack response sig, Tech
    - RE: FW: DCom RPC attack response sig, Chris Kronberg
    - Re: FW: DCom RPC attack response sig, Bennett Todd
    - Re: FW: DCom RPC attack response sig, Chris Kronberg
    - Warning: /etc/snort/local.rules(110) => Unknown keyword 'established' in rule!, Jukka Juslin
    - Re: Warning: /etc/snort/local.rules(110) => Unknown keyword 'established' in rule!, Chris Green
- RE: FW: DCom RPC attack response sig, Sewell, Michael K
Sig for Grim's Ping FTP scanner tool, JP Vossen
More DCOM sigs, JP Vossen
Robin Smits/NL/GTS/PwC is out of the office., robin . smits