|
|
August 31, 2004
- Re: SAM tool, John Nagro
- Re: secure connection to bleedingsnort.com, John Nagro
- Re: secure connection to bleedingsnort.com, John Nagro
- SAM tool, Paul Ryan
- Re: Snorting gzip encoded http source code, Jose Maria Lopez
- Re: Bleedingsnort.com Daily Update, Jose Maria Lopez
- RE: secure connection to bleedingsnort.com, Esler, Joel - Contractor
- secure connection to bleedingsnort.com, John Nagro
- Akak trojan signatures, Joe Stewart
- Add false positive entry to rule 1:2003, Lyndon Tiu
- Re: Connecting signatures?, Chris Kronberg
- Bleedingsnort.com Daily Update, matt
August 27, 2004
- snort-rules update @ Fri Aug 27 15:15:43 2004, bmc
- RE: Snorting gzip encoded http source code, Abe Use
- Re: Help on an ICMP rule: sid 486, Ben Dugdale
- Re: " ..MS Terminal Server no encryption.. " misfire?, Nigel Houghton
- " ..MS Terminal Server no encryption.. " misfire?, Ben Dugdale
- Snorting gzip encoded http source code, Abe Use
- RE: RE: Snort Rule Howto, Andrews Carl 448
- Re: Possible false positives for rule 1:1983, 1:1980 and 1:1981, Alex Kirk
- Re: BACKDOOR NetMetro File List Signature False Positive, Nigel Houghton
- RE: RE: Snort Rule Howto, Harper, Patrick
- RE: Snort Rule Howto, Andrews Carl 448
- BACKDOOR NetMetro File List Signature False Positive, McCash, John
- Possible false positives for rule 1:1983, 1:1980 and 1:1981, George Laiacona
- Bleedingsnort.com Daily Update, matt
August 25, 2004
- Re: Help on an ICMP rule: sid 486, Daniel Roelker
- Re: Help on an ICMP rule: sid 486, Brian
- Re: Help on an ICMP rule: sid 486, Alex Kirk
- Re: Help on an ICMP rule: sid 486, Seth Art
- Re: Help on an ICMP rule: sid 486, Alex Kirk
- Re: Help on an ICMP rule: sid 486, Seth Art
- Re: Help on an ICMP rule: sid 486, Alex Kirk
- Help on an ICMP rule: sid 486, Seth Art
- Re: 2383 FP " NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt", Alex Kirk
- Re: Re: 2383 FP " NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt", sekure
- Re: 2383 FP " NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt", Alex Kirk
- 2383 FP " NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt", sekure
- Bleedingsnort.com Daily Update, matt
August 23, 2004
- Re: SSH Scans, Frank Knobbe
- Re: SSH Scans, Matthew Jonkman
- Re: SSH Scans, Ben Whaley
- Re: SSH Scans, Matthew Jonkman
- Re: SSH Scans, Frank Knobbe
- Re: SSH Scans, Matthew Jonkman
- Re: Malware/Spyware, Stef
- Re: SSH Scans, Brian
- Malware/Spyware, Matthew Jonkman
- Re: sid 2518 typo?, Brian
- SSH Scans, Matthew Jonkman
- sid 2518 typo?, Aaron W. DeLashmutt
- Bleedingsnort.com Daily Update, matt
August 20, 2004
- Re: New adobe vulnerability, Frank Knobbe
- Re: BleedingSnort rules hits information, Matthew Jonkman
- Re: New adobe vulnerability, frank
- RE: SID 2417, Paul Schmehl
- Re: New adobe vulnerability, Frank Knobbe
- Re: New adobe vulnerability, Matthew Watchinski
- RE: SID 2417, Murat Korkmaz
- Re: SID 2417, Frank Knobbe
- RE: Snort Rule Howto, Andrews Carl 448
- Re: SID 2417, Nigel Houghton
- Re: New adobe vulnerability, Frank Knobbe
- SID 2417, Paul Schmehl
- BleedingSnort rules hits information, Federico Petronio
- Re: New adobe vulnerability, nnposter
- Re: DHCP Attack, Frank Knobbe
- Re: New adobe vulnerability, Frank Knobbe
- Bleedingsnort.com Daily Update, matt
August 19, 2004
- Re: PNG vulnerabilities and more, Joe Stewart
- Re: DHCP Attack, twebster
- RE: Snort Rule Howto, John Hally
- Re: Snort Rule Howto, twebster
- Re: New adobe vulnerability, Joseph Gama
- Re: PNG vulnerabilities and more, Joseph Gama
- Re: DHCP Attack, Kenneth G. Arnold
- Re: DHCP Attack, Nick Hatch
- Snort Rule Howto, Andrews Carl 448
- Re: Possible False Positive on SID 2383, Nigel Houghton
- Possible False Positive on SID 2383, Lance Boon
- Rule 466 False-Positives, John B.
- Re: PNG vulnerabilities and more, Joe Stewart
- Re: New adobe vulnerability, Matthew Jonkman
- RE: New adobe vulnerability, nnposter
- Re: DHCP Attack, arif . jatmoko
- Re: DHCP Attack, Chris Reining
- Re: DHCP Attack, Kenneth G. Arnold
- DHCP Attack, arif . jatmoko
- Bleedingsnort.com Daily Update, matt
August 18, 2004
- Re: Snort rules question., Matt Kettler
- PNG vulnerabilities and more, Joseph Gama
- Serv-U vulnerabilities, Joseph Gama
- Mozilla vulnerabilities, Joseph Gama
- Snort rules question., wbenetti
- New adobe vulnerability, Matthew Jonkman
- Call for Spyware, Matthew Jonkman
- Bleedingsnort.com Daily Update, matt
- Re: Update on the non-smtp server rule, Matthew Jonkman
- Re: Rules sid:2000344 and following (IRC)., Matthew Jonkman
- Re: help, Joseph Gama
- Bleedingsnort.com Daily Update, matt
August 16, 2004
- Re: signature for SoulSeek P2P?, Matthew Jonkman
- SID 2492 - Question, Michael Sconzo
- Re: help, Alex Kirk
- Re: signature for SoulSeek P2P?, Alex Kirk
- snort-rules 2.1.* update @ Tue Aug 10 10:15:41 2004, bmc
- snort-rules CURRENT update @ Tue Aug 10 10:02:57 2004, bmc
- help, randy gillo
- More Bagle.AQ rules, Matthew Jonkman
- NIDS Signature # 1930: False positive, Bob Van Cleef
- RE: signature for SoulSeek P2P?, marcamone
- New bagle variant, Matthew Jonkman
- amendment to ATTACK-RESOPNSES id check returned root, Likai Liu
- (no subject), Gary Verhulp
- SID 1432 False Positive (P2P GNUTella client request), lonewf
- Re: Rules sid:2000344 and following (IRC)., Matthew Jonkman
- Bleedingsnort.com Daily Update, matt
- Rules sid:2000344 and following (IRC)., Chich Thierry
August 12, 2004
- RE: signature for SoulSeek P2P?, twebster
- Re: 2 WEB-IIS unicode directory rules, Brian
- Re: signature for SoulSeek P2P?, Alex Kirk
- Re: signature for SoulSeek P2P?, John Nagro
- Re: signature for SoulSeek P2P?, Matthew Jonkman
- Re: False positive in sid:1448, Nigel Houghton
- Re: I must have signed up for the wrong mailing list, webcatalog
- signature for SoulSeek P2P?, twebster
- Re: I must have signed up for the wrong mailing list, Hugo van der Kooij
- Signatures for the latest rxbot / rbot variant, Christopher Harrington
- I must have signed up for the wrong mailing list, Daniel Gutzwiller
- new rules 9, Joseph Gama
August 11, 2004
- RE: Please remove the word "nazi" from the website, Thompson, Jimi
- RE: Please remove the word "nazi" from the website, Adrian Marsden
- RE: Please remove the word "nazi" from the website, Thompson, Jimi
- Re: Please remove the word "nazi" from the website, Brian
- Re: Please remove the word "nazi" from the website, bmc
- Re: new rules 2, Matthew Jonkman
- RE: [Snort-sigs]sorry, Harper, Patrick
- Re: Please remove the word "nazi" from the website, Jason
- Re: false negative on sig 688, Steven Bairstow
- RE: new rules 2, patrick . harper
- RE: new rules 2, patrick . harper
- RE: Please remove the word "nazi" from the website, Tony Hernandez
- Re: Please remove the word "nazi" from the website, Paul Schmehl
- False positive in sid:1448, Federico Petronio
- Re: Please remove the word "nazi" from the website, John Nagro
- RE: Please remove the word "nazi" from the website, Seth Art
- RE: Please remove the word "nazi" from the website, Nick Duda
- RE: Please remove the word "nazi" from the website, Yaakov Yehudi
- Re: XSS rules, Matthew Jonkman
- Re: Quickie rule to catch the new price.zip virus going around, Matthew Jonkman
August 10, 2004
- Another idea for the preprocessor, Joseph Gama
- encoded Javascript not being detected, Joseph Gama
- Re: Please remove the word "nazi" from the website, Joseph Gama
- RE: new rules 2, Joseph Gama
- Re: Please remove the word "nazi" from the website, Brian
- RE: new rules 2, Harper, Patrick
- MS04-22 - Rule ?, Michael Sconzo
- Please remove the word "nazi" from the website, Joseph Gama
- rukes for worms, Joseph Gama
- new rules 8, Joseph Gama
- new rules 5, Joseph Gama
- XSS rules, Joseph Gama
- new rules 2, Joseph Gama
- new rules 4, Joseph Gama
- new rules 6, Joseph Gama
- new rules 7, Joseph Gama
- new rules 3, Joseph Gama
- Re: Re: Quickie rule to catch the new price.zip virus going around, Paul Tinsley
- Re: snort-rules update @ Tue Aug 10 10:39:14 2004, Brian
- Re: snort-rules update @ Tue Aug 10 10:39:14 2004, Burak DAYIOGLU
- snort-rules update @ Tue Aug 10 10:39:14 2004, bmc
- snort-rules 2.1.* update @ Tue Aug 10 10:02:57 2004, bmc
- Re: Rule 1797 triggered by Win XP SP2 download, Matthew Jonkman
- Rule 1797 triggered by Win XP SP2 download, Gregoire Hostettler
August 06, 2004
- Re: Binet Malware Rules, Matthew Jonkman
- Re: What's wrong with this rule?, Paul Schmehl
- RE: What's wrong with this rule?, Paul Schmehl
- Re: What's wrong with this rule?, sekure
- RE: What's wrong with this rule?, Esler, Joel - Contractor
- What's wrong with this rule?, Paul Schmehl
- 2 WEB-IIS unicode directory rules, Mark
- RE: FP in Rule 2515 ?, Esler, Joel - Contractor
- Binet Malware Rules, Miner, Jonathan W (CSC) (US SSA)
- SID 1436: MULTIMEDIA Quicktime User Agent access, Stephan Scholz
- Re: False positive on sig "WEB-MISC apache DOS attempt", Matthew Watchinski
August 05, 2004
- libpng tRNS overflow signature, Joe Stewart
- FP in Rule 2515 ?, Federico Petronio
- Re: Ares signature?, Matthew Jonkman
- Re: Ares signature?, Alex Kirk
- Re: SnortSAM + Oinkmaster, Andreas Östling
- Re: Ares signature?, Alex Kirk
- RE: Ares signature?, marcamone
- Re: Ares signature?, Brian
- Re: What is the & operator in byte_test for?, Alex Kirk
- Ares signature?, Tony Hernandez
- Re: Understanding content rules, Alex Kirk
- SnortSAM + Oinkmaster, Gustavo
- Missing sid-msg.map entry for some rules, nnposter
- Re: WEB-MISC cross site scripting attempt - false positive addition, Nigel Houghton
- Re: Would these sasser rules catch all sasser variants?, Matthew Watchinski
- Understanding content rules, Erik de Castro Lopo
- Re: New Sid: MISC HP Web JetAdmin ExecuteFile admin access, Matthew Jonkman
- Re: pwdump, l0phtcrack, hash extraction, Matthew Jonkman
- Re: Re: AW: [Snort-users] ViruSNORT, Matthew Jonkman
August 04, 2004
- Would these sasser rules catch all sasser variants?, Lin Zhong
- Re: Discrepancy between rule files and sid-msg.map, Brian
- Re: False positive(s) for rule Sid 2229, Brian
- Re: Avoidance of 2597.2 (WEB-MISC Samba SWAT Authorization overflow attempt), Brian
- Re: snort-rules 2.1.* update @ Wed Jul 21 11:27:54 2004, Brian
- False positive(s) for rule Sid 2229, Richard Huffman
- snort-rules CURRENT update @ Fri Jul 23 16:34:53 2004, bmc
- snort-rules 2.1.* update @ Fri Jul 23 16:38:05 2004, bmc
- False positive on sig "WEB-MISC apache DOS attempt", Gustavo
- snort-rules 2.1.* update @ Wed Jul 21 11:27:54 2004, bmc
- snort-rules 2.1.* update @ Thu Jul 22 17:16:10 2004, bmc
- Fasle Positive for Sid: 1841, Colin Tinker
- SID: 895 False Positives, Aaron Dalton
- Avoidance of 2597.2 (WEB-MISC Samba SWAT Authorization overflow attempt), nnposter
- sid 1257 false positive, "Benjamin Montré (pro)"
- New Sid: MISC HP Web JetAdmin ExecuteFile admin access, Thomas Alex
- Discrepancy between rule files and sid-msg.map, Brennen Reynolds
- false positive for ID # 1917, Adam C. Knepprath
- Re: sid:2578 sid 2579, Chris McClincy
- WEB-MISC cross site scripting attempt - false positive addition, G. Panula
- Change to false positives for rule 1948, A . Jones
- RE: FP on BLEEDING-EDGE Pwdump3e Password Hash Retrieval, Eaglesfield, Andy
- False positive for #0-(1-140), Mark Lidstone
- false positive BLEEDING-EDGE HTTP CONNECT Tunnel Attempt, Matt Ostiguy
- RE: pwdump, l0phtcrack, hash extraction, Abe Use
- Update for Sid: 2570 [Addition of False Positive info], Brandon Galbraith
- RE: [Snort-sigs] Re: ViruSNORT, Matt Jonkman
- Re: False positive on rule SID 2403 NETBIOS SMB Session Setup AndX request unicode username overflow attempt, Matthew Watchinski
- RE: Update Rules, Jeff Dell
- Re: Update Rules, Keith W. McCammon
- Update Rules, Gustavo
- Re: Bleeding Malware bad sig format on 2001050, Matthew Jonkman
- Bleeding Malware bad sig format on 2001050, Joshua Roth
- Re: AW: ViruSNORT, Cilin
- Re: AW: ViruSNORT, jeffs
- AW: ViruSNORT, Maetzky, Steffen (Extern)
August 03, 2004
- Re: BleedingSnort.com Updates, Matthew Jonkman
- Re: BleedingSnort.com Updates, Frank Knobbe
- RE: [Snort-sigs] http_inspect, Esler, Joel - Contractor
- RE: RE: [Snort-sigs] http_inspect, Esler, Joel - Contractor
- Re: false positive for sid 2087, Matt Kettler
- Re: [Snort-sigs] http_inspect, Jeremy Hewlett
- false positve for SID 2404 and SID 2466, Stefan Sabolowitsch
- false positive for sid 2087, Chris Kronberg
|
|
