security.ids.snort.sigs (thread)

Anybody using the react keyword in 2.1?, David Gianndrea
False Positive Information, Nigel Houghton
False positive on rule 298, STEPHEN W. COREY - 5535
Update for sid 1394 - false positive update, hitman
sid: 1239, Maarten Van Horenbeeck
Sid 1841, Field, Gregory L.
Virus rules update, Basem AlSaeed
- RE: Virus rules update, Nick Duda
False positives in rule for P2P Gnutella (1432), Javier Fernandez-Sanguino
Fwd: false positive for #615, james
sid 1635: POP3 APOP overflow attempt, Maarten Van Horenbeeck
POLICY VNC server response, Sam Adams
- Re: POLICY VNC server response, Nigel Houghton
Additional information for sid 1042, Javier Fernandez-Sanguino
sid 1634 - POP3 PASS overflow attempt, Maarten Van Horenbeeck
false positives for sigs 2259 & 2260, lpj0508
- Re: false positives for sigs 2259 & 2260, Brian
Possible false positives experienced on rule SID 1841 ???, b
RE: [Snort-sigs] Re: Signature error?, Ron Shuck
Signature error?, Ron Shuck
- Re: Signature error?, Jon Hart
DDOS false positive, Bryan Irvine
- Re: DDOS false positive, Nigel Houghton
  - Re: DDOS false positive, Knut Bjornstad
    - Re: DDOS false positive, Nigel Houghton
- Re: DDOS false positive, Askin, Hank - XICN
Help to configure SNORT, Lorenzo Rossi
- Re: Help to configure SNORT, Matt Kettler
upate for sid 1432, Russell Fulton
SID 1635: POP3 APOP overflow attempt (documentation), Maarten Van Horenbeeck
SID 1634: POP3 PASS overflow attempt (documentation), Maarten Van Horenbeeck
SID 1239: NetBIOS RFParalyze Attempt (documentation), Maarten Van Horenbeeck
snort-rules STABLE update @ Mon Dec 22 13:15:21 2003, bmc
snort-rules CURRENT update @ Mon Dec 22 13:15:21 2003, bmc
please remove me from your user email list. Thanks, gfyspf@xxxxxxxxx
- Re: please remove me from your user email list. Thanks, Matt Kettler
RE: Documentation for Rule 488 INFO Connection Close d MSG from Port 80, Adams, Samuel (contractor)
- RE: Documentation for Rule 488 INFO Connection Close d MSG from Port 80, Nathan Bain
- RE: Documentation for Rule 488 INFO Connection Close d MSG from Port 80, Sean Batt
snort-rules CURRENT update @ Thu Dec 18 13:15:19 2003, bmc
Snort rules update procedure, Javi Mesquida
- Re: Snort rules update procedure, Matt Kettler
Update to signature, Tim Vienneau
- Re: Update to signature, Nigel Houghton
snort-rules CURRENT update @ Tue Dec 16 19:15:20 2003, bmc
RE: if match on rule don't log or something like tha t, Federico Castañeda
if match on rule don't log or something like that, Alexandru Balan
SID 365 does False Positive, Jon Banks
To build a logical AND expression, Martin Olsson
- Re: To build a logical AND expression, Brian
  - Re: pcre (was:To build a logical AND expression), Martin Olsson
    - Re: Re: pcre (was:To build a logical AND expression), Daniel J. Roelker
Offset, Martin Olsson
- Re: Offset, Devilscrow Sr
  - Re: Offset, Dirk Geschke
    - Re: Offset, Devilscrow Sr
    - Re: Offset, Dirk Geschke
Documentation for Rule 488 INFO Connection Closed MSG from Port 80, Joe Hdez
- Re: Documentation for Rule 488 INFO Connection Closed MSG from Port 80, Brian
  - Re: Documentation for Rule 488 INFO Connection Closed MSG from Port 80, Russell Fulton
    - Re: Documentation for Rule 488 INFO Connection Closed MSG from Port 80, Brian
Documentation for Rule 448 ICMP Source Quench (Undefined Code!), Joe Hdez
windows authentication signatures, Albers, Lucas
Worm, Virus, and Trojan sigs?, Dan Michitsch
- Re: Worm, Virus, and Trojan sigs?, Nigel Houghton
within syntax questions, David Wilburn
- Re: within syntax questions, Brian
rules for physical intruders, adam_peterson
- RE: rules for physical intruders, Steve Wray
- Re: rules for physical intruders, Hugo van der Kooij
ignoring lots of hosts, David Wilburn
- Re: ignoring lots of hosts, Erick Mechler
Sinit rule anyone?, Meij, Ewout {PGIN~Kaiseraugst}
- Re: Sinit rule anyone?, Matt Kettler
  - Re: Sinit rule anyone?, Joe Stewart
To drop packets, Anna Patil
- Re: To drop packets, Matt Kettler
sid 1652, james
- Re: sid 1653, james
OpenSSH // SSH detection rules?, Tony Hernandez
- Re: OpenSSH // SSH detection rules?, Phillip G Deneault
filtering with snortsam after more then one match, Alexandru Balan
- Re: filtering with snortsam after more then one match, Matt Kettler
snort-rules CURRENT update @ Fri Dec 5 20:15:20 2003, bmc
snort-rules CURRENT update @ Fri Dec 5 13:15:18 2003, bmc
SID 1042 false positives: WEB-IIS view source via translate header, Bradberry, John
- Re: SID 1042 false positives: WEB-IIS view source via translate header, Brian
  - Re: SID 1042 false positives: WEB-IIS view source via translate header, Jason Haar
Direct Connect, chuck
False positive condition for SID 1141, S Tonnesen
- Re: False positive condition for SID 1141, Nigel Houghton
Just one rule to block the traffic, FDCServers Support
Re: from_client == to_server ?, Dirk Geschke
snort-sid-template for Rule 628, Joey Hdez
Rule order question, David Calder
- AW: Rule order question, Sean Wheeler
RE: Searching for the latest Snort rules, JP Vossen
snort-rules CURRENT update @ Tue Dec 2 19:15:20 2003, bmc
Documentation rule 884, Kevin Binsfield
- Re: Documentation rule 884, Nigel Houghton
RE: email spammer sigs?, Adrian Marsden
- email spammer sigs?, Tony Hernandez
  - Re: email spammer sigs?, Matt Kettler
    - RE: email spammer sigs?, Raj Wurttemberg
    - OT: Finding Spam Trojans on your network (was Re: email spammer sigs?), Brian Eckman
    - Re: email spammer sigs?, Jason Haar
    - Re: email spammer sigs?, Matt Kettler
  - Re: email spammer sigs?, James Riden
RE: OT: Finding Spam Trojans on your network (was Re: email spammer sigs?), Tony Hernandez
Re: [Snort-sigs] PCRE Rules and hexa, Jeremy Hewlett
Re: some rules missing from sig-msg.map, Brian
Ignoring hosts, modular, Ralph M. Los
Documentation for Rule 628 SCAN nmap TCP, Joe Hdez
- Re: Documentation for Rule 628 SCAN nmap TCP, Nigel Houghton
snort-rules STABLE update @ Mon Dec 1 13:15:17 2003, bmc
- Re: snort-rules STABLE update @ Mon Dec 1 13:15:17 2003, Frank Knobbe
snort-rules CURRENT update @ Mon Dec 1 13:15:17 2003, bmc