security.ids.snort.sigs (date)

security.ids.snort.sigs (date)

June 30, 2004

Re: False Positive - SID 1882, Javier Fernandez-Sanguino
False Positive - SID 1882, Gustavo Gomes
False positives SID 1882, Javier Fernandez-Sanguino
[Fwd: Updated mIRC Signature], Matthew Jonkman
Re: iroffer IRC P2P Bot signatures, Matthew Watchinski
Re: Crashing snort, Matthew Jonkman
Re: New Bleeding rules submitted, Matthew Jonkman
Last addition for now, Matthew Jonkman
RE: Crashing snort, Joshua Berry
Re: New Bleeding rules submitted, Matthew Jonkman
Crashing snort, Matthew Jonkman
Re: iroffer IRC P2P Bot signatures, Matthew Jonkman
Yesadvertising Malware sigs, Matthew Jonkman
Re: iroffer IRC P2P Bot signatures, Nigel Houghton
Re: New Bleeding rules submitted, Matthew Jonkman
Re: iroffer IRC P2P Bot signatures, Matthew Jonkman

June 29, 2004

Re: iroffer IRC P2P Bot signatures, Matthew Watchinski
Re: ack! bad virus! bad bad!, John Nagro
Re: New Bleeding rules submitted, Matthew Watchinski
Re: iroffer IRC P2P Bot signatures, Mister Coffee
Re: New Bleeding rules submitted, John Nagro
Re: New Bleeding rules submitted, John Nagro
big problems with 2.1 snapshot rules?, Eric Bowser
iroffer IRC P2P Bot signatures, Kevin Kolk
New Bleeding rules submitted, Matthew Jonkman
Re: snort rules and -CURRENT for 2.1.3, Burak DAYIOGLU

June 28, 2004

Re: Bleeding addition, Matthew Jonkman
RE: Bleeding addition, Adrian Marsden
snort rules and -CURRENT for 2.1.3, Eric Jacobsen
RE: Bleeding addition, James Ashton
Re: Bleeding addition, Matthew Jonkman
RE: Bleeding addition, Adrian Marsden
Re: Bleeding addition, Matthew Jonkman
Re: Bleeding addition, Matthew Jonkman
Re: Bleeding addition, Brian
RE: Bleeding addition, Adrian Marsden
Re: Bleeding addition, Dan Michitsch
Re: Bleeding addition, Matthew Jonkman
Re: Bleeding addition, Brian
Alerts lacking signature names, David R. Waddell
Bleeding addition, Matthew Jonkman
Re: ack! bad virus! bad bad!, Matthew Jonkman
RE: ack! bad virus! bad bad!, Albers, Lucas
Re: ack! bad virus! bad bad!, Matthew Jonkman
RE: ack! bad virus! bad bad!, Albers, Lucas

June 27, 2004

False +ves for various rules..., Russell Fulton
Re: False Positive for SID 2570, Matthew Jonkman
False Positive for SID 2570, Lutz Schildt

June 26, 2004

Re: Unknown IIS Worm Sigs, nnposter
Re: ack! bad virus! bad bad!, Matthew Jonkman

June 25, 2004

ack! bad virus! bad bad!, Bryan Irvine
Re: 2515 "WEB-MISC PCT Client_Hello" FPs, Brian
2515 "WEB-MISC PCT Client_Hello" FPs, sekure
Alerts lacking signature names, David R. Waddell
Re: Unknown IIS Worm Sigs, Matthew Jonkman
Re: Unknown IIS Worm Sigs, Matthew Jonkman
Re: Unknown IIS Worm Sigs, Brian
Re: Unknown IIS Worm Sigs, Matthew Jonkman
Re: Unknown IIS Worm Sigs, John Nagro
Re: False positive for P2P GNUTella client request (1432), Nigel Houghton
Re: Unknown IIS Worm Sigs, Brian
SID 221 DDOS TFN Probe, dbs
RE: Unknown IIS Worm Sigs, Wesley Young
Re: False positive for P2P GNUTella client request (1432), Mike Adams
Suspected false positive description for sid 466, Adam Johnson
Re: Snort-sigs digest, Vol 1 #977 - 7 msgs, GMUarmyRES
Ilookup Trojan, Matthew Jonkman
Re: Unknown IIS Worm Sigs, Matthew Jonkman
Joe Callen/BMC/BHA is out of the office., JoeCallen
Re: Unknown IIS Worm Sigs, John Nagro
Re: Unknown IIS Worm Sigs, John Nagro
Re: Unknown IIS Worm Sigs, John Nagro
Re: Unknown IIS Worm Sigs, John Nagro
Unknown IIS Worm Sigs, Matthew Jonkman

June 24, 2004

Re: Is modifier depth:32 required in the sid rule no. 1102, tony
False positive for P2P GNUTella client request (1432), Randy Bradley
false positive sid:1917, Top, Jonathan
Some rules I used, Chich Thierry
Is modifier depth:32 required in the sid rule no. 1102, Kumar,Rajesh

June 23, 2004

Re: Newbie knucklehead can't get a custom rule to alert, Nigel Houghton
Re: Newbie knucklehead can't get a custom rule to alert, tony
Re: Newbie knucklehead can't get a custom rule to alert, Nigel Houghton
Re: Newbie knucklehead can't get a custom rule to alert, tony
Re: Newbie knucklehead can't get a custom rule to alert, Matthew Watchinski
Newbie knucklehead can't get a custom rule to alert, tony
Re: Invalid HTTP still giving lots of FP's, Nigel Houghton
Invalid HTTP still giving lots of FP's, Kevin Peuhkurinen
Re: SID 2404, NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt, Nigel Houghton
SID 2404, NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt, Lance Boon
Re: False +ves on FTP shadow retrieval attempt and suggested mitigation strategy, Nigel Houghton
Re: False +ves: SID 2517 Message IMAP PCT Client_Hello overflow attempt, Nigel Houghton
Re: False +ves on FTP shadow retrieval attempt and suggested mitigation strategy, Nigel Houghton
RE: False +ves on FTP shadow retrieval attempt and suggested mitigation strategy, Murat Korkmaz

June 22, 2004

False +ves: SID 2517 Message IMAP PCT Client_Hello overflow attempt, Russell Fulton
False +ves on FTP shadow retrieval attempt and suggested mitigation strategy, Russell Fulton
Alerts lacking signature names, David R. Waddell
Alerts lacking signature names, David R. Waddell
Portscans.... How to?, Pedro Jorge Barradas
AW: signature doesn't match, Lutz Schildt

June 21, 2004

Virus Outbound Attachment rule, Matthew Jonkman
RE: signature doesn't match, Joshua Berry
RE: signature doesn't match, Alexandru Balan
Re: payload problem, Michael Boman
payload problem, Alexandru Balan

June 19, 2004

Virus / worm detection rules, Dan Metcalf

June 18, 2004

RE: signature doesn't match, Alexandru Balan
RE: signature doesn't match, Joshua Berry
Re: Re: Virus/Worms signatures ruleset, Brian
signature doesn't match, Alexandru Balan
Re: Virus/Worms signatures ruleset, Mark
Re: Virus/Worms signatures ruleset, Matthew Jonkman
Re: Virus/Worms signatures ruleset, Jason Haar
Re: Virus/Worms signatures ruleset, Xram_LraK
Re: Virus/Worms signatures ruleset, Matthew Jonkman
Virus/Worms signatures ruleset, Dan Metcalf

June 17, 2004

Re: Multiple Keyword Sig, is it possible?, Erik de Castro Lopo
Multiple Keyword Sig, is it possible?, Jeffrey Lowe
snort-rules 2.1.* update @ Wed Jun 16 20:15:36 2004, bmc
snort-rules CURRENT update @ Wed Jun 16 20:15:36 2004, bmc

June 16, 2004

Re: Re: Holy False Positives Batman, Brian
Re: Re: Holy False Positives Batman, John J. Nagro
RE: Weird new CMD.EXE payload..., Paul Schmehl
Re: Re: Holy False Positives Batman, Brian
RE: what means flowbits in signatures, Kreimendahl, Chad J
Re: what means flowbits in signatures, Brian
what means flowbits in signatures, Ali Zand
Re: Weird new CMD.EXE payload..., Nigel Houghton
Re: Holy false Positives, Shaun T. Erickson
Re: Holy false Positives, Matthew Watchinski
RE: Weird new CMD.EXE payload..., K. Jared Kalisz
RE: Weird new CMD.EXE payload..., Larry Pingree
RE: Holy false Positives, VanBrecht, Jason
Re: Weird new CMD.EXE payload..., Roach4
Re: Holy false Positives, Joe Matusiewicz
Weird new CMD.EXE payload..., K. Jared Kalisz
Re: Holy false Positives, sekure
Re: Holy false Positives, Shaun T. Erickson
Holy false Positives, Goodson, Jacob

June 15, 2004

Re: Holy False Positives Batman, Brian
Re: Holy False Positives Batman, Matthew Jonkman
Holy False Positives Batman, Matthew Jonkman
Re: Holy False Positives Batman, Jeff Kell
signature: Squid NTLM Auth Overflow Exploit, Aaron W. DeLashmutt
snort-rules 2.1.* update @ Tue Jun 15 14:15:33 2004, bmc
snort-rules CURRENT update @ Tue Jun 15 14:15:33 2004, bmc
Re: Rules to detect recent Serv-u vulnerabilities, Brian
Re: Rules to detect recent Serv-u vulnerabilities, Javier Fernandez-Sanguino
Re: Rules to detect recent Serv-u vulnerabilities, Javier Fernandez-Sanguino
Re: False positives for 1748, Nigel Houghton
Erkez Virus Sig, Tony Bunce
Re: Rules to detect recent Serv-u vulnerabilities, Brian
Re: Rules to detect recent Serv-u vulnerabilities, Javier Fernandez-Sanguino
Re: False positives for 1748, Javier Fernandez-Sanguino
Duplicate Sids, Mark

June 11, 2004

WEB-CLIENT IE local resource invocation attempt, nnposter

June 10, 2004

Bleeding Rules Addition, Matthew Jonkman
SID 2405: WEB-PHP phptest.php access, Maarten Van Horenbeeck

June 09, 2004

Re: SID 2407: WEB-MISC util.pl access, Matthew Watchinski
Re: report of false positives for "SCAN UPnP service discover attempt" rule, Nigel Houghton
RE: Signature Dates, Ayesha Khan
False positive?, Steve Moran
SID 2407: WEB-MISC util.pl access, Maarten Van Horenbeeck
report of false positives for "SCAN UPnP service discover attempt" rule, Daniel Surdu
Suspected false +ve., Mark Rainer
Re: Signature Dates, Nigel Houghton
Signature Dates, Murat Korkmaz

June 08, 2004

GotoMyPC Sig, Matthew Jonkman
POP2 commands case-sensitive?, nnposter

June 07, 2004

Reference for 1985.1 (BACKDOOR Doly 1.5 server response)?, nnposter
False positives on 1321.8 (BAD-TRAFFIC 0 ttl), nnposter
Re: Signature release process, Brian
Re: Signature release process, Lon
Re: Signature release process, Brian

June 06, 2004

Signature release process, Lon

June 04, 2004

False positives on 2050.3 (MS-SQL version overflow attempt), nnposter
Corrupted definitions of 2403.4 and 2404.5?, nnposter
Re: Corrupted definitions of 2403.4 and 2404.5?, Brian
Corrupted definitions of 2403.4 and 2404.5?, nnposter
sig for korgo worm, Lin Zhong
RE: Possible trojan rule, larosa, vjay

June 03, 2004

Re: Possible trojan rule, Matthew Jonkman
Sig for Korgo and Plexus, Lin Zhong
RE: Possible trojan rule, Stark, Vernon L.
Re: Possible trojan rule, Matthew Jonkman
RE: Possible trojan rule, larosa, vjay
Re: Possible trojan rule, Matthew Jonkman
Re: Possible trojan rule, Matthew Jonkman
Re: Possible trojan rule, Matthew Jonkman
RE: Possible trojan rule, Stark, Vernon L.
Re: Possible trojan rule, Joe Stewart
Re: Snort-sigs digest, Vol 1 #954 - 8 msgs, Ross . Emma
Re: Possible trojan rule, Micheal Cottingham
Re: Possible trojan rule, Hugo van der Kooij
RE: WEB-FRONTPAGE /_vti_bin/ access rule question to the community, Coen Bakkers, Monitored Security
Re: Possible trojan rule, Matthew Jonkman
Possible trojan rule, Matthew Jonkman
Re: Is correct this alert? "NETBIOS SMB IPC$ share unicode access", lee Jerry
Re: NETBIOS nimda .eml, Jason Haar

June 02, 2004

Re: Documentation question SID 1411 - 1414, Nigel Houghton
Documentation question SID 1411 - 1414, Michael Sconzo
Call for help, Matthew Jonkman
RE: Windows RPC Interface access detect signature set (win-rpc.rules), Kreimendahl, Chad J
Re: Windows RPC Interface access detect signature set (win-rpc.rules), Matthew Jonkman
Re: Windows RPC Interface access detect signature set (win-rpc.rules), Matthew Jonkman
RE: Windows RPC Interface access detect signature set (win-rpc.rules), Kreimendahl, Chad J
Re: SID: 2329 - probable false positive, Matthew Watchinski
Is correct this alert? "NETBIOS SMB IPC$ share unicode access", lee Jerry
Re: Windows RPC Interface access detect signature set (win-rpc.rules), Matthew Jonkman
Windows RPC Interface access detect signature set (win-rpc.rules), kawa

June 01, 2004

RE: Duplicates, Doug Small
Duplicates, Matthew Jonkman
NETBIOS nimda .eml, McCash, John
SID: 2329 - probable false positive, Domain Admin
Re: gen_id in suppress and threshold rules, Chris Keladis
False Positive: http://www.snort.org/snort-db/sid.html?sid=1360, Colin Harford
False positive for 230 - DDOS shaft client to handler, Jens-Harald . Johansen

News | FAQ | advertise