security.ids.snort.sigs (thread)

False Positive on sid 10000009, Adam Towarnyckyj
- Re: False Positive on sid 10000009, Joe Stewart
- RE: False Positive on sid 10000009, Nick Duda
Using snort to Identify P2P transfers., Tony Hernandez
- Re: Using snort to Identify P2P transfers., james
Scott Myers is out of the office., Scott Myers
False positives WEB-CGI calendar access, Hugo van der Kooij
- Re: False positives WEB-CGI calendar access, Daniel de Young
  - Re: False positives WEB-CGI calendar access, Johnathan Norman
    - Re: False positives WEB-CGI calendar access, Daniel de Young
RE: {Snort-sigs] sig for recent massive ICMP's, Richard Ullrich
CJ Schmit is out of the office., CJ . Schmit
sig for recent massive ICMP scans, SoloNet Newsfeed
- Re: sig for recent massive ICMP scans, Paul Schmehl
  - Re: sig for recent massive ICMP scans, Bill Terwilliger
  - Re: sig for recent massive ICMP scans, SoloNet Newsfeed
- Re: sig for recent massive ICMP scans, Brian Howard
- Re: sig for recent massive ICMP scans, Nick . Cross
NETBIOS DCERPC ISystemActivator bind attempt, d'Ambly, Jeff
- Re: NETBIOS DCERPC ISystemActivator bind attempt, Sir Fenix
- Re: NETBIOS DCERPC ISystemActivator bind attempt, Ian Boje
- RE: NETBIOS DCERPC ISystemActivator bind attempt, Robert Reid
- RE: NETBIOS DCERPC ISystemActivator bind attempt, d'Ambly, Jeff
ProFTPD vulnerability signature development, Joe Stewart
sig question, Nick Duda
- Re: sig question, Matt Kettler
Question about submitting additions to existing rule docs, Yackley, Matt
- Re: Question about submitting additions to existing rule docs, Nigel Houghton
SID 113, Muhammad Faisal Rauf Danka
- Re: SID 113, Nigel Houghton
exclude IP from a rule, Nick Duda
- RE: exclude IP from a rule, Nick Duda
- RE: exclude IP from a rule, Esler, Joel Contractor
Kazaa sig, Nick Duda
W32/SWEN.A signature, pieter claassen
- Re: W32/SWEN.A signature, Jordi Herrero
correct of signature sid:1685, Choudhary, Anil
Error in http://www.snort.org/snort-db/sid.html?sid=618 and 620, Knut Bjornstad
SID 615 contrib, Gene Gomez
SID 556 contrib, Gene Gomez
SID 558 contrib (please note msg change; done for consistency with 556, 557, 559), Gene Gomez
SID 557 RE-contrib (apologies; I misread the rule), Gene Gomez
SID 559 contrib, Gene Gomez
SID 557 contrib, Gene Gomez
SID 714 contrib, Gene Gomez
SNORT HELP, acastellani
- Re: SNORT HELP, Matt Kettler
SID 556 RE-contrib (apologies; I misread the rule), Gene Gomez
Sig for Worm Swen.a?, Robert Wagner
- RE: Sig for Worm Swen.a?, Robert Wagner
Rule Doc 1288, Neal Timm
PortScan Logs, Jayachandran K
- RE: PortScan Logs, Keen Joseph A1C HQ SSG/XOIN
Snort Rule signature file request, Jason Monroe \"JC\"
- Re: Snort Rule signature file request, nick black
Netcat telnet attack signature (change 1), Graham, Jeffery A. MAJ - G6
Looking for a Yahoo Instant Messenger rule, John Impallomeni
- Re: Looking for a Yahoo Instant Messenger rule, Jade E. Deane
- Re: FW: Looking for a Yahoo Instant Messenger rule, Snorkelpuss
DCOMRPC Exploit POC code posted, SoloNet Newsfeed Processor
- Re: DCOMRPC Exploit POC code posted, SoloNet Newsfeed
  - Re: DCOMRPC Exploit POC code posted, Jason Alexander
Bluesocket remote admin signature, Jon Hart
snort-rules CURRENT update @ Sun Sep 14 02:16:14 2003, bmc
snort-rules STABLE update @ Sun Sep 14 02:16:14 2003, bmc
rule options, Zultan
Re: Snort-sigs digest, Vol 1 #698 - 11 msgs, Aluru Madhuri
snort-rules STABLE update @ Thu Sep 11 22:18:58 2003, bmc
snort-rules CURRENT update @ Thu Sep 11 22:18:58 2003, bmc
Positive Technologies DCOM Buffer Overflow2 Signatures/Packets, Eric Hines
Netcat telnet attack signature, Graham, Jeffery A. MAJ - G6
- Re: Netcat telnet attack signature, Matt Kettler
BAD TRAFFIC Non-Standard IP protocol, Daniél Haslinger
- Re: BAD TRAFFIC Non-Standard IP protocol, Matt Kettler
quick rules for new dcom stuff, Johnathan Norman
- Re: quick rules for new dcom stuff, David Wilburn
  - Re: quick rules for new dcom stuff, Johnathan Norman
    - Re: quick rules for new dcom stuff, Jason Haar
  - Re: quick rules for new dcom stuff, Sam Evans
- RE: quick rules for new dcom stuff, Nick . Cross
update docs for sid 528, Jon Hart
Rule for the newest DCOM vulnerability?, Compton, Rich
- RE: Rule for the newest DCOM vulnerability?, Eric Hines
  - AW: Rule for the newest DCOM vulnerability?, Sean Wheeler
- Re: Rule for the newest DCOM vulnerability?, Brian
- RE: Rule for the newest DCOM vulnerability?, Compton, Rich
rules licensing, Milani Paolo
- Re: rules licensing (slightly off-topic pondering), Matt Kettler
- Re: rules licensing, Brian
- RE: rules licensing, Milani Paolo
false negatives with SID 1882 (userid), Jon Hart
Q on, D Murdoch
Unified output for barnyard, Michael Miller
- Re: Unified output for barnyard, Dusty Hall
- RE: Unified output for barnyard, Michael Miller
  - RE: Unified output for barnyard, Bamm Visscher
sid 567 and new mail relay signatures, Jon Hart
- Re: sid 567 and new mail relay signatures, Jon Hart
MUMU, mos def
- RE: MUMU, Robert Wagner
  - P2P GNUTella GET causes lots of false positives, Shane Smith
UPDATE: flexresp2 (new and improved active response for Snort), Jeff Nathan
Re: Re: quick question about Snort + ACID on FreeBSD, Wes Young
Rule 498 and 1882, Giovanni
- Re: Rule 498 and 1882, Nigel Houghton
  - Re: Re: Rule 498 and 1882, Brian
spamassisan, Michael Scheidell
- Re: spamassisan, Brian May
- Re: spamassisan, Matt Kettler
Snort Question, Laura Scott
snort rule update, Jeanne Mode
- Re: snort rule update, Paul M. Sittler
- Re: snort rule update, Johnathan Norman
- Re: snort rule update, Jade E. Deane
- RE: snort rule update, Gisler, Johnny
repeated signatures?, keshav
- Re: repeated signatures?, Johnathan Norman
quick question about Snort + ACID on FreeBSD, <-delusion->
- Re: quick question about Snort + ACID on FreeBSD, Irwan Hadi
- Re: Re: quick question about Snort + ACID on FreeBSD, delusi0n
Re: That movie, warchild