security.ids.snort.sigs (thread)

help, Sridhar Govardhan
Unknown Sig Name error for 2252 in Acid, Jeffrey . R . Gauser
- Re: Unknown Sig Name error for 2252 in Acid, Mike Messick
Anyone having Netsky.b Signatures??, Chintan Gosalia
- Re: Anyone having Netsky.b Signatures??, Nick Hatch
- RE: Anyone having Netsky.b Signatures??, Cam Beasley, ISO
- Re: Anyone having Netsky.b Signatures??, Nick Hatch
MyDoom.F Signature, David A. Koran
Snort Rule for Yahoo IM successful login, Jason Monroe \"JC\"
- Re: Snort Rule for Yahoo IM successful login, Mark . Schutzmann
FPs from SID:2175 [ NETBIOS SMB winreg access (unicode) ], Jason Haar
- Re: FPs from SID:2175 [ NETBIOS SMB winreg access (unicode) ], Brian
  - Re: FPs from SID:2175 [ NETBIOS SMB winreg access (unicode) ], Jason Haar
Error in sid 1229, tyler
SNORT on Enterprise Linux, mary . manipadam
- RE: SNORT on Enterprise Linux, CACHET Nicolas
Here are some Netsky Worm Sigs, Tom . Mclaughlin
- Re: Here are some Netsky Worm Sigs, Chintan Gosalia
- Re: Here are some Netsky Worm Sigs, Tom . Mclaughlin
  - Re: Here are some Netsky Worm Sigs, Chintan Gosalia
- Re: Here are some Netsky Worm Sigs, dmitriy . dunavetsky
mydoom.f sig, Danny Espinoza
- Re: mydoom.f sig, Chintan Gosalia
Sid: 1748 false positives, twig les
Reporting false positive for Snort rule, Dan Thorson
- Re: Reporting false positive for Snort rule, Josh . Sakofsky
- Re: Reporting false positive for Snort rule, Josh Berry
False positive on SID 1627, John . Airey
suggested modification of SID 255, Dan Thorson
- Re: suggested modification of SID 255, Brian
- Re: suggested modification of SID 255, Dan . Thorson
false positive in SID 1147, Dan Thorson
Protocol Anomaly Rules, orangganjil
SID 1233 - .eml access, Jeff Kell
Rule to capture POP3 username/password for mail server migration, Michael Breton
- Re: Rule to capture POP3 username/password for mail server migration, Brian
- Re: Rule to capture POP3 username/password for mail server migration, Oliver Hitz
- RE: Rule to capture POP3 username/password for mail server migration, Steven Alexander
  - RE: Rule to capture POP3 username/password for mail server migration, Hugo van der Kooij
- RE: Rule to capture POP3 username/password for mail server migration, John Impallomeni
combining two rules?, Steven Bairstow
- Re: combining two rules?, Brian
(no subject), Abimbola, Abiola
- (no subject), Abimbola, Abiola
  - Re: (no subject), Brian
- (no subject), Ed
snort-rules 2.1.* update @ Mon Feb 16 15:11:48 2004, bmc
Yahoo IM web logon attempt, William_Metcalf
False Positive on "ICMP L3Retriever PING", psromero
Mailing List, Raul Alvarez
PostFix Open Relay, Reinaldo Borges
High traffic to microsoft.com port 80, Andrew Benson
Upgrade Snort 2.0.1 to 2.1, Rowland, Krisa W ERDC-ITL-MS Contractor
- Re: Upgrade Snort 2.0.1 to 2.1, Matt Kettler
upgrade Snort, Rowland, Krisa W ERDC-ITL-MS Contractor
- Re: upgrade Snort, Dan Michitsch
- RE: upgrade Snort, Sutton, Andrew
Differences between versions, 長坂耕作
- Re: Differences between versions, 長坂耕作
  - Re: Differences between versions, 長坂耕作
Failed Cisco router authentication attempts/rule, Joshua Wright
- Re: Failed Cisco router authentication attempts/rule, Brian
- Re: Failed Cisco router authentication attempts/rule, Mark . Schutzmann
- Re: Failed Cisco router authentication attempts/rule, Mark . Schutzmann
snort-rules CURRENT update @ Mon Feb 16 15:11:48 2004, bmc
RE: Trying to capture web traffic, JMMel
- Trying to capture web traffic, JMMel
- RE: Trying to capture web traffic, JMMel
  - Re: RE: Trying to capture web traffic, Paul Schmehl
    - Re: RE: Trying to capture web traffic, whipsmack
    - Re: RE: Trying to capture web traffic, Paul Schmehl
    - Re: RE: Trying to capture web traffic, whipsmack
    - Re: RE: Trying to capture web traffic, Jason
    - Re: RE: Trying to capture web traffic, Paul Schmehl
- Trying to capture web traffic, whipsmack
POP3 PASS overflow attempt - False Positive, Erik
Sig for MS04-007 exploit?, Christian Tramnitz
- RE: Sig for MS04-007 exploit?, Compton, Rich
  - Re: Sig for MS04-007 exploit?, Nilesh Burghate
- RE: sig for MS04-007 exploit?, William_Metcalf
SQL Injection attacks with UNION kw, rule, Joshua Wright
- Re: SQL Injection attacks with UNION kw, rule, Tod Beardsley
Sid 1748 False positives/Name Change, Scott Zawalski
- Re: Sid 1748 False positives/Name Change, Brian
Mydoom.a, Petar Jurković
Snort front ends, Trevor Daucsavage
- Re: Snort front ends, Matt Kettler
  - Re: Snort front ends, Nigel Houghton
FX-Scanner Rule, snortman
Support in India, hatul_bhatt
- Re: Support in India, Bryan Irvine
False Positive on 1062, Stan Coleman
About Sid:466, Fabrice Rafart
False positive in snort rule "WEB-CLIENT Javascript URL host spoofing attempt", Richard Bennett
Direct Connect p2p software, Charles Lacroix
Beta rule for detecting DoomJuice infected hosts, Brian Eckman
- RE: Beta rule for detecting DoomJuice infected hosts, Kevin L. Shaw
all but one port option?, Keith Loyd
- Re: all but one port option?, James Riden
- Re: all but one port option?, sam
  - Re: all but one port option?, Matt Kettler
    - RE: all but one port option?, Keith Loyd
- RE: all but one port option?, SRH-Lists
W32/Yaha-Y & W32/Zana-A, vaibhavi kothari
Re: general sig question, Brian
Checkpoint vulnerability, Victor Lamptey
Snort SID 1042 update, dggomez
Deleted FTP signatures, Yanyan Yang
SID 718, Ajello, Aaron
Hack'a'tack signature ?, rmkml
- Re: Hack'a'tack signature ?, rmkml
Help on getting rules to trigger alerts, keith Loyd
- Help on getting rules to trigger alerts, keith Loyd
- Re: Help on getting rules to trigger alerts, Nigel Houghton
- Re: Help on getting rules to trigger alerts, Brian
Porn Rules Priority, Edin Dizdarevic
- Re: Porn Rules Priority, Johnathan Norman
  - Re: Porn Rules Priority, Brian
    - Re: Porn Rules Priority, Edin Dizdarevic
- RE: Porn Rules Priority, Kreimendahl, Chad J
- RE: Porn Rules Priority, larosa, vjay
isssue with sid 1621, FTP CMD overflow attempt, Milani Paolo
- Re: isssue with sid 1621, FTP CMD overflow attempt, Matt Kettler
snapshot layouts on snort.org, Brian
- Re: snapshot layouts on snort.org, Andreas Östling
How to simulate attacks using CASL, Bini Mary Thomas
- Re: How to simulate attacks using CASL, Matt Kettler
SID: 2189 False Positive, Henrique Santos
How to NOT match on packets or streams, Martin Olsson
- Re: How to NOT match on packets or streams, Brian
  - Re: How to NOT match on packets or streams, Martin Olsson
    - Re: How to NOT match on packets or streams, Brian
rule license question, Frank Smith
- Re: rule license question, James Edwards
- Re: rule license question, Brian
- rule license question, Frank Smith
Looking for Mimail.S signature, Juhi Flower