Movatterモバイル変換

Snort: by thread

Previous period

Next period

3034 messagesstarting Mar 31 03 andending Jun 30 03
Date index |Thread index |Author index

RE: ACIDBill Frank (Mar 31)
- <Possible follow-ups>
- Re: ACIDMaster Brian (Apr 01)
- RE: ACIDChris Eidem (Apr 03)
- ACIDEsler, Joel Contractor (Jun 11)
- ACIDRodney Green (Jun 18)
  - Re: ACIDErek Adams (Jun 21)
- acidBryan Irvine (Jun 25)
  - Re: acidJon Baer (Jun 25)
  - Re: acidsunzi (Jun 25)
- Fwd: Re: acidJason K. Boykin (Jun 25)
RE: Snort 2.0 libnet config --cflags broken still?Jeff Nathan (Mar 31)
RE: Same src/dstBrei, Matt (Mar 31)
- <Possible follow-ups>
- RE: Same src/dstBrei, Matt (Mar 31)
RE: [output] Log application data into the databaseEmmanuel Dardaine (Apr 01)
DF and MFClayton Mascarenhas (Apr 01)
- Re: DF and MFJeff Nathan (Apr 05)
  - Re: DF and MFAndreas Östling (Apr 07)
Snort ErrorAli (Apr 01)
- Re: Snort ErrorErick Mechler (Apr 01)
Stealth ScanMaster Brian (Apr 01)
Question regarding Openbsd 3.3 Bridgediwelf (Apr 01)
Snort Advisory - Security Bit MitigationBrian (Apr 01)
- Re: ./setup.shJim Burwell (Apr 04)
RE: snort 2.0 RC1 runs commented out rules?Scheidell (Apr 01)
RE: Question on database for SnortFWAdmin (Apr 01)
- RE: Question on database for SnortErek Adams (Apr 01)
- <Possible follow-ups>
- Re: Question on database for SnortPaul Schmehl (Apr 01)
- RE: Question on database for SnortKreimendahl, Chad J (Apr 01)
  - RE: Question on database for SnortPaul Schmehl (Apr 01)
- RE: Question on database for SnortFWAdmin (Apr 01)
  - RE: Question on database for SnortErek Adams (Apr 02)
- RE: Question on database for SnortFWAdmin (Apr 02)
  - Re: Question on database for SnortDavid Alonso De La Vega Tapage (Apr 02)
Re: "Saving State" in SnortChris Green (Apr 01)
- Re: "Saving State" in SnortPhil Wood (Apr 01)
  - Re: "Saving State" in SnortChris Green (Apr 01)
    - Re: "Saving State" in SnortPhil Wood (Apr 01)
- Re: "Saving State" in SnortMichael L. Artz (Apr 01)
- Re: "Saving State" in SnortMichael L. Artz (Apr 17)
  - Re: "Saving State" in SnortChris Green (Apr 21)
Sniffer setup.ANTONIO GUTIERREZ (Apr 01)
- Re: Sniffer setup.Ueli Kistler (Apr 02)
- Re: Sniffer setup.Andrew R. Baker (Apr 03)
ACID ConcernsSlighter, Tim (Apr 01)
- var HOME_NET questionRolf Brusletto (Apr 01)
- <Possible follow-ups>
- RE: ACID ConcernsMatt Yackley (Apr 01)
- RE: ACID ConcernsSlighter, Tim (Apr 01)
snortcenter ccomunication.edison marques (Apr 01)
- Re: snortcenter ccomunication.Erick Mechler (Apr 01)
  - Re: Re: snortcenter ccomunication.edison marques (Apr 02)
    - Re: Re: snortcenter ccomunication.Erick Mechler (Apr 02)
    - Re: Re: snortcenter ccomunication.edison marques (Apr 03)
Question -- spp_stream4 STEALTH ACTIVITY (unknown) detectionMatt Yackley (Apr 01)
- Re: Question -- spp_stream4 STEALTH ACTIVITY (unknown) detectionChris Green (Apr 01)
RE: var HOME_NET questionSRH-Lists (Apr 01)
- <Possible follow-ups>
- RE: var HOME_NET questionSteve Halligan (Apr 01)
- RE: var HOME_NET questionSRH-Lists (Apr 01)
Snort 2.0.0 RC2 Available!Chris Green (Apr 01)
snort-2.0rc1 xml supportktimm (Apr 01)
new snort.confKreimendahl, Chad J (Apr 01)
- <Possible follow-ups>
- RE: new snort.confKreimendahl, Chad J (Apr 01)
  - help with regular expressionsJulio E. Gonzalez P. (Apr 02)
    - Re: help with regular expressionsErek Adams (Apr 02)
    - (spp_portscan2) lines in alert fileJulio E. Gonzalez P. (Apr 03)
ACID Email Alert ConfigurationFWAdmin (Apr 01)
- Re: ACID Email Alert ConfigurationErick Mechler (Apr 01)
- <Possible follow-ups>
- RE: ACID Email Alert ConfigurationFWAdmin (Apr 02)
Re: [Snort-announce] Snort 2.0 rc1 availableMartin Roesch (Apr 01)
classification.configKeg (Apr 01)
webminKeg (Apr 01)
- <Possible follow-ups>
- RE: webminMatt Yackley (Apr 01)
  - Re: webminKeg (Apr 02)
- Re: webminScheidell (Apr 03)
Same source/destKeg (Apr 01)
- Re: Same source/destjames (Apr 01)
  - Re: Same source/destErek Adams (Apr 02)
    - Re: Same source/destJames-lists (Apr 02)
- <Possible follow-ups>
- RE: Same source/destBrei, Matt (Apr 02)
  - Re: Same source/destKeg (Apr 02)
- RE: Same source/destHutchinson, Andrew (Apr 02)
- RE: Same source/destBrei, Matt (Apr 02)
  - RE: Same source/destErek Adams (Apr 02)
    - Re: Same source/destKeg (Apr 02)
    - Re: Same source/destErek Adams (Apr 02)
    - Re: Same source/destKeg (Apr 02)
    - Re: Same source/destErek Adams (Apr 02)
- RE: Same source/destBrei, Matt (Apr 02)
  - RE: Same source/destErek Adams (Apr 02)
- RE: Same source/destBrei, Matt (Apr 02)
  - RE: Same source/destErek Adams (Apr 02)
Larry Lopez/ahg/IRCorp is out of the office.Laurence Lopez (Apr 01)
IPv6 and snort v2rc2Ted Llewellyn (Apr 01)
- Re: IPv6 and snort v2rc2Chris Green (Apr 02)
- <Possible follow-ups>
- Re: IPv6 and snort v2rc2Ted Llewellyn (Apr 02)
Snortcenter BetaGary Borgeson (Apr 01)
HiSteve Rahman (Apr 01)
Educational Incident Data Comparison Pilot (X-Post)Alfred Huger (Apr 01)
Barnyard log directoryRoberto Suarez Soto (Apr 02)
Snort installation againAndrzej Wisniewski (Apr 02)
- Re: Snort installation againErek Adams (Apr 02)
- RE: Snort installation againJan van den Berg (Apr 02)
  - RE: Snort installation againAndrzej Wisniewski (Apr 03)
    - RE: Snort installation againtwig les (Apr 03)
- <Possible follow-ups>
- RE: Snort installation againJakub Molek (Apr 03)
Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office.Jose Ramon Hernandez Macias (Apr 02)
ACID inconsistencies?Keg (Apr 02)
- Re: ACID inconsistencies?Keg (Apr 08)
Portscan setupANTONIO GUTIERREZ (Apr 02)
snort 2.0.0 rc2 and libnetMichael Scheidell (Apr 02)
- <Possible follow-ups>
- Re: snort 2.0.0 rc2 and libnetJeff Nathan (Apr 05)
email address not specifiedPhilip Davidson (Apr 02)
- <Possible follow-ups>
- RE: email address not specifiedMatt Yackley (Apr 02)
  - Web hosting with DHCPGoutam Dastider (Apr 02)
RE: help with regular expressionsSRH-Lists (Apr 02)
sorry, more info about the email errorPhilip Davidson (Apr 02)
Re: snort installation probsJill Tovey (Apr 02)
Web hosting with DHCPGoutam Dastider (Apr 02)
- Re: Web hosting with DHCPErick Mechler (Apr 02)
You caught them, what next?Tobias Rice (Apr 02)
- Re: You caught them, what next?Joe Matusiewicz (Apr 02)
- Re: You caught them, what next?Matt Kettler (Apr 02)
  - RE: You caught them, what next?Gordon Cunningham (Apr 02)
- Re: You caught them, what next?Michael Boman (Apr 04)
- <Possible follow-ups>
- RE: You caught them, what next?Drew Stockman (Apr 02)
- RE: You caught them, what next?L. Christopher Luther (Apr 02)
- RE: You caught them, what next?Brei, Matt (Apr 02)
- RE: You caught them, what next?L. Christopher Luther (Apr 02)
- RE: You caught them, what next?FWAdmin (Apr 02)
- RE: You caught them, what next?Brei, Matt (Apr 02)
  - Re: You caught them, what next?Jason Haar (Apr 02)
- RE: You caught them, what next?L. Christopher Luther (Apr 03)
  - RE: You caught them, what next?Erek Adams (Apr 03)
- RE: You caught them, what next?bmcdowell (Apr 03)
  - Re: You caught them, what next?Jason Haar (Apr 03)
Snort and SneezeJan van den Berg (Apr 02)
logsnorter and shorewallRolf Brusletto (Apr 02)
IDS Placement ideas for inside and outside a firewall.Brei, Matt (Apr 02)
- <Possible follow-ups>
- RE: IDS Placement ideas for inside and outside a firewall.Brei, Matt (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall.Drew Stockman (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall.Brei, Matt (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall.Brei, Matt (Apr 02)
  - Re: IDS Placement ideas for inside and outside a firewall.David Glosser (Apr 02)
    - RE: IDS Placement ideas for inside and outside a firewall.Brian Laing (Apr 03)
- RE: IDS Placement ideas for inside and outside a firewall.Brei, Matt (Apr 03)
  - RE: IDS Placement ideas for inside and outside a firewall.Brian Laing (Apr 03)
  - Re: IDS Placement ideas for inside and outside a firewall.David Glosser (Apr 03)
RE: IDS Placement ideas for inside and outside a firewall.FWAdmin (Apr 02)
- <Possible follow-ups>
- RE: IDS Placement ideas for inside and outside a firewall.FWAdmin (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall.Philip Davidson (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall.FWAdmin (Apr 03)
- RE: IDS Placement ideas for inside and outside a firewall.Ponte, Paul F (Apr 03)
  - Re: IDS Placement ideas for inside and outside a firewall.David Glosser (Apr 03)
  - RE: IDS Placement ideas for inside and outside a firewall.Brian Laing (Apr 04)
RE: (OT) You caught them, what next?L. Christopher Luther (Apr 02)
FATAL ERROR: /etc/snort/rpc.rules:19: Unknown Flow Option: 'to_sever'DLittle (Apr 02)
- <Possible follow-ups>
- RE: FATAL ERROR: /etc/snort/rpc.rules:19: Unknown Flow Option: 'to_sever'Schmehl, Paul L (Apr 02)
Snort and Brdiging FirewallAllan Dover (Apr 02)
- Re: Snort and Brdiging FirewallAlberto Gonzalez (Apr 02)
Run as user?Joe Hill (Apr 02)
- Re: Run as user?Alberto Gonzalez (Apr 02)
  - Re: Run as user?Joe Hill (Apr 02)
    - Re: Run as user?Alberto Gonzalez (Apr 02)
    - Re: Run as user?Joe Hill (Apr 02)
    - Re: Run as user?Erek Adams (Apr 02)
    - Re: Run as user?Joe Hill (Apr 02)
    - Re: Run as user?Erek Adams (Apr 03)
    - Re: Run as user?Matt Kettler (Apr 03)
    - Re: Run as user?Joe Hill (Apr 03)
  - Re: Run as user?Chris Green (Apr 03)
RE: MySQL 4Johan Sunnerstig (Apr 03)
RE: IDS Placement ideas for inside and outside a fi rewall.FWAdmin (Apr 03)
SNORT AND HENWEN FOR NEWBIESDAFKA (Apr 03)
- Re: SNORT AND HENWEN FOR NEWBIESNick Zitzmann (Apr 03)
Crystal Reports from MySQLEd Vazquez (Apr 03)
GnutellaKeg (Apr 03)
- Re: GnutellaMatt Kettler (Apr 03)
- <Possible follow-ups>
- RE: GnutellaBob Dehnhardt (Apr 03)
Re: [Snort-sigs] Sendmail SignatureMatt Kettler (Apr 03)
- Re: Re: [Snort-sigs] Sendmail SignatureMatt Kettler (Apr 03)
udated curl problemedison marques (Apr 03)
Byte_test and Byte_jumpShadi Rostami (Apr 03)
2.0.0rc3 Available!Chris Green (Apr 03)
Snort setupStigers, David (Apr 03)
- <Possible follow-ups>
- RE: Snort setupL. Christopher Luther (Apr 03)
- RE: Snort setupL. Christopher Luther (Apr 03)
  - Re: Snort setupJoe Hill (Apr 03)
snort as a service on Windows 2000August . K . Kunnecke (Apr 03)
- RE: snort as a service on Windows 2000Michael Steele (Apr 05)
- <Possible follow-ups>
- RE: snort as a service on Windows 2000Michael Steele (Apr 11)
- RE: snort as a service on Windows 2000Michael Steele (Apr 14)
Is Oracle supported on Win2k?Jalil Feghhi (Apr 03)
snort 2.rc2 xml outputktimm (Apr 03)
Gigabit NIC Recommendations...Dusty Hall (Apr 03)
- Re: Gigabit NIC Recommendations...David Alonso De La Vega Tapage (Apr 03)
Help with a config file please?snort (Apr 03)
- <Possible follow-ups>
- RE: Help with a config file please?L. Christopher Luther (Apr 04)
  - RE: Help with a config file please?snort (Apr 04)
- RE: Help with a config file please?L. Christopher Luther (Apr 04)
  - RE: Help with a config file please?snort (Apr 04)
- RE: Help with a config file please?L. Christopher Luther (Apr 04)
  - RE: Help with a config file please?snort (Apr 04)
- RE: Help with a config file please?snort (Apr 04)
- RE: Help with a config file please?snort (Apr 04)
- RE: Help with a config file please?L. Christopher Luther (Apr 04)
  - RE: Help with a config file please?snort (Apr 08)
RE: [Snort-sigs] Questions 101Matt Kettler (Apr 03)
Script to cleanup ACID/Snort Alerts in MySQL DB...Dusty Hall (Apr 03)
Snort Mysql Tables Schema....Rolf Brusletto (Apr 03)
- Re: Snort Mysql Tables Schema....Chris Reid (Apr 03)
Unknown alertJoe Hill (Apr 03)
Snort setup problemsdky (Apr 03)
Log everything for billing purposesRoss Davis - DataAnywhere (Apr 03)
- Re: Log everything for billing purposestwig les (Apr 03)
- Re: Log everything for billing purposesMatt Kettler (Apr 03)
  - Re: Log everything for billing purposesAndrew R. Baker (Apr 04)
- Re: Log everything for billing purposesJason Romo (Apr 03)
- <Possible follow-ups>
- RE: Log everything for billing purposesMatt Yackley (Apr 03)
SnortDB ExtraDusty Hall (Apr 03)
Snort ouput formatMichael L. Artz (Apr 03)
Passive or ActiveJoe Hill (Apr 03)
- Re: Passive or ActiveErick Mechler (Apr 04)
AW: Gigabit NIC Recommendations...Poppi, Sandro (Apr 03)
idscenterTroy Evers (Apr 03)
- Re: idscenterUeli Kistler (Apr 04)
./setup.shJill Tovey (Apr 04)
- Re: ./setup.shJoerg Weber (Apr 04)
curl errorJill Tovey (Apr 04)
- Re: curl errorJoerg Weber (Apr 04)
adding additional sensor to ACIDJohn Hally (Apr 04)
- Re: adding additional sensor to ACIDsunzi (Apr 04)
- <Possible follow-ups>
- RE: adding additional sensor to ACIDBrei, Matt (Apr 04)
- RE: adding additional sensor to ACIDJohn Hally (Apr 04)
- adding additional sensor to ACIDGhercoias, Catalin (Apr 04)
- RE: adding additional sensor to ACIDSecurityAdmin (Apr 06)
- RE: adding additional sensor to ACIDWayne . Freeman (Apr 07)
calllogfuncs() decoded length does not compute!jcvaraillon (Apr 04)
alert fileKeg (Apr 04)
- RE: alert fileJan van den Berg (Apr 04)
(no subject)saud (Apr 04)
- Re: (no subject) (how to unsubscribe)Matt Kettler (Apr 04)
- <Possible follow-ups>
- (no subject)fjy (Apr 06)
  - Re: (no subject)Joe Hill (Apr 06)
- (no subject)shuuichi_numazawa (Apr 06)
  - RE: (no subject)Paul D. Shaffer (Apr 06)
- RE: (no subject)shuuichi_numazawa (Apr 06)
- (no subject)ryan stangl (Apr 08)
  - Re: (no subject)Erek Adams (Apr 08)
  - RE: (no subject)Don Weber (Apr 08)
- RE: (no subject)Slighter, Tim (Apr 09)
- (no subject)Cory D. (Apr 09)
- (no subject)KD Rajkumar (Apr 13)
- RE: (no subject)Ryan Finnesey (Apr 13)
- (no subject)John Sage (Apr 14)
- (no subject)Robin Johnson (May 29)
  - Re: (no subject)Erick Mechler (May 29)
  - Re: (no subject)Patrick S. Harper (May 29)
- RE: (no subject)Robin Johnson (May 30)
- RE: (no subject)Robin Johnson (May 30)
  - RE: (no subject)Brian Gregorcy (May 30)
- (no subject)snrt (Jun 24)
  - Re: (no subject)James Nonya (Jun 24)
- (no subject)Juergen Anthamatten (Jun 25)
Off topic: ActiveScout?Rich Adamson (Apr 04)
- <Possible follow-ups>
- Re: Off topic: ActiveScout?JP Vossen (Apr 04)
RE: Help with a config file please?]snort (Apr 04)
Re: You caught them (RR TZ issue)JP Vossen (Apr 04)
Curious FTP access, possible information gathering?Travis Farmer (Apr 04)
OT: French Snort Users, Please Read.Erek Adams (Apr 05)
ICMP PING NMAP to 149.1.1.1Kenneth G. Arnold (Apr 05)
- Re: ICMP PING NMAP to 149.1.1.1Joe Hill (Apr 05)
  - Re: ICMP PING NMAP to 149.1.1.1Kenneth G. Arnold (Apr 05)
    - Re: ICMP PING NMAP to 149.1.1.1Jeff O'Neal (Apr 06)
    - Re: ICMP PING NMAP to 149.1.1.1Joe Hill (Apr 06)
Frag2 timeout parameterPaweł Goleń (Apr 06)
Possible error with the "-L" flag?Dave Garn (UUNET) (Apr 06)
snort plugins / add-onsRonan Horgan (Apr 06)
Help w/ ODBC SetupJalil Feghhi (Apr 06)
ASN.1Clayton Mascarenhas (Apr 06)
$HOME_NETKeg (Apr 06)
- Re: $HOME_NETErek Adams (Apr 06)
  - Re: $HOME_NETKeg (Apr 07)
    - Re: $HOME_NETErek Adams (Apr 07)
    - Re: $HOME_NETKeg (Apr 07)
    - Re: $HOME_NETErek Adams (Apr 08)
    - Re: $HOME_NETKeg (Apr 08)
    - Re: $HOME_NETErek Adams (Apr 08)
    - Re: $HOME_NETKeg (Apr 08)
- <Possible follow-ups>
- RE: $HOME_NETSnow Jacob C KPWA (Apr 09)
Only *nix alerts?Keg (Apr 06)
- Re: Only *nix alerts?Erek Adams (Apr 06)
  - Re: Only *nix alerts?Keg (Apr 07)
    - Re: Only *nix alerts?Erek Adams (Apr 07)
    - Re: Only *nix alerts?Keg (Apr 07)
rule chainsDerya Sezen (Apr 06)
- Re: rule chainsErek Adams (Apr 06)
/etc/init.d/snort file, Snort 1.9.1Elvira_Byrnes (Apr 06)
- Re: /etc/init.d/snort file, Snort 1.9.1Erek Adams (Apr 06)
- <Possible follow-ups>
- FW: /etc/init.d/snort file, Snort 1.9.1Elvira_Byrnes (Apr 15)
  - Re: FW: /etc/init.d/snort file, Snort 1.9.1John Sage (Apr 16)
- RE: /etc/init.d/snort file, Snort 1.9.1Elvira_Byrnes (Apr 16)
- RE: FW: /etc/init.d/snort file, Snort 1.9.1Elvira_Byrnes (Apr 16)
Do 1.9 rules work with 2.0?Jesse W. Asher (Apr 06)
- Re: Do 1.9 rules work with 2.0?Kenneth G. Arnold (Apr 06)
- Re: Do 1.9 rules work with 2.0?Erek Adams (Apr 06)
- Re: Do 1.9 rules work with 2.0?Chris Green (Apr 07)
Anyone integrated HIDS-style alerts into Snort DB?Jason Haar (Apr 06)
- What have I screwed up on this SQL call?Jason Haar (Apr 10)
unable to open //.snortrcChia Alan (Apr 06)
Too many alertsEgal A Egal - SA (Apr 07)
- Re: Too many alertsJoerg Weber (Apr 07)
Snort memory management routinesConrad Morgan (Apr 07)
connect failedJill Tovey (Apr 07)
- Re: connect failedErek Adams (Apr 07)
  - Re: connect failedJill Tovey (Apr 08)
GUI interfaceStigers, David (Apr 07)
- Re: GUI interfaceErek Adams (Apr 07)
- <Possible follow-ups>
- RE: GUI INTERFACEWilliam_Metcalf (Apr 07)
ppd files for Time-ModuleHobgood, Frankie (Apr 07)
ICMP rule not behaving as expectedNeil Dickey (Apr 07)
- RE: ICMP rule not behaving as expectedTobias Rice (Apr 07)
- <Possible follow-ups>
- RE: ICMP rule not behaving as expectedNeil Dickey (Apr 07)
Email alertsSudhakar Gummadi (Apr 07)
- <Possible follow-ups>
- Re: Email alertsMatt Kettler (Apr 07)
  - Re: Email alertsErek Adams (Apr 08)
New guy.Mike (Apr 07)
- Re: New guy.Erek Adams (Apr 08)
- <Possible follow-ups>
- RE: New guy.L. Christopher Luther (Apr 07)
- RE: New guy.Potts, Ross A. (Apr 07)
stealth interfaced_greenjr (Apr 07)
- Re: stealth interfaceMatt Kettler (Apr 07)
- Re: stealth interfaceKeg (Apr 07)
- <Possible follow-ups>
- RE: stealth interfaceMatt Yackley (Apr 07)
- RE: stealth interfaceVanish Pattni (DSL AK) (Apr 07)
- RE: stealth interfaceEric Baur (Apr 08)
  - Re: stealth interfaceTom Culpepper (Apr 08)
    - Re: stealth interfaced_greenjr (Apr 08)
    - Re: stealth interfaceTom Culpepper (Apr 08)
    - Re: stealth interfaceKeg (Apr 10)
    - RE: stealth interfaceMichael Steele (Apr 08)
    - How to set WINDOWS up for a Stealth Interface...Michael Steele (Apr 09)
    - Re: How to set WINDOWS up for a Stealth Interface...Ueli Kistler (Apr 09)
    - Re: How to set WINDOWS up for a Stealth Interface...snort (Apr 09)
- RE: stealth interfaceChris Mann (Apr 08)
- RE: stealth interfacebmcdowell (Apr 09)
- RE: stealth interfaceDonnie Green (Apr 09)
- RE: stealth interfaceSanderson, Josh (Apr 09)
- RE: RE: stealth interfaceEric Baur (Apr 10)
- RE: stealth interfaceWilhelm, Brent (Apr 14)
SMTP From Comment Overflow rule problemsRon Shuck (Apr 07)
- <Possible follow-ups>
- Re: SMTP From Comment Overflow rule problemsScheidell (Apr 10)
Network placement / using a VLANBrian McIntyre (Apr 07)
- Re: Network placement / using a VLANErek Adams (Apr 08)
- <Possible follow-ups>
- RE: Network placement / using a VLANJP Vossen (Apr 07)
Newbie questions are as newbie questions doesGeoff Craig (Apr 07)
- Re: Newbie questions are as newbie questions doesMichael L. Artz (Apr 07)
- Re: Newbie questions are as newbie questions doesErek Adams (Apr 08)
Portscan False Positives From My IP RangeVintinner, M. Scott (Apr 07)
- RE: Portscan False Positives From My IP RangeTobias Rice (Apr 07)
alert file XRef URL'sChapman, Justin T (Apr 07)
- Re: alert file XRef URL'sChris Green (Apr 10)
WEB-MISC long basic authorization stringSemerjian, Ohanes (Apr 07)
- <Possible follow-ups>
- RE: WEB-MISC long basic authorization stringMatt Yackley (Apr 08)
- RE: WEB-MISC long basic authorization stringSemerjian, Ohanes (Apr 08)
Snort Installation problemAaron Babalola (Apr 08)
Priority codesPhilip Davidson (Apr 08)
Bug ReportSlighter, Tim (Apr 08)
- OT: Help with BarnyardGordon Cunningham (Apr 08)
certificate verify errorJill Tovey (Apr 08)
- Re: certificate verify errorErick Mechler (Apr 08)
  - Re: certificate verify errorJill Tovey (Apr 08)
    - Re: certificate verify errorErick Mechler (Apr 08)
    - Re: certificate verify errorJill Tovey (Apr 09)
    - Re: certificate verify errorErick Mechler (Apr 09)
- Message not available
  - Re: certificate verify errorJill Tovey (Apr 08)
sorry about that ErekPhilip Davidson (Apr 08)
- Re: sorry about that ErekErek Adams (Apr 08)
Snort behaviorSlighter, Tim (Apr 08)
ACID name resolutionKeg (Apr 08)
- Re: ACID name resolutionErick Mechler (Apr 08)
UPNP alertsKeg (Apr 08)
questionJoe Hdez (Apr 08)
- <Possible follow-ups>
- QuestionJoe Hdez (Apr 08)
- QuestionJoe Hdez (Apr 11)
  - Re: QuestionBrian (Apr 14)
- QuestionJoe Hdez (May 13)
- questionEric Garnel (May 26)
  - Re: questionjames (May 26)
- QuestionRyan Vennell (Jun 03)
  - Re: QuestionErek Adams (Jun 03)
  - Re: QuestionEdin Dizdarevic (Jun 03)
  - Re: QuestionJoerg Weber (Jun 03)
- RE: QuestionSchmehl, Paul L (Jun 03)
- RE: Questionadam.w.hogan (Jun 03)
About idmef xmllucy lee (Apr 08)
- <Possible follow-ups>
- About IDMEF XMLlucy lee (Apr 13)
- about idmef xmllucy lee (Apr 16)
Re: OT: Help with BarnyardRalf Spenneberg (Apr 08)
- RE: OT: Help with BarnyardGordon Cunningham (Apr 09)
  - RE: OT: Help with BarnyardRalf Spenneberg (Apr 09)
    - RE: OT: Help with BarnyardGordon Cunningham (Apr 10)
    - RE: OT: Help with BarnyardRalf Spenneberg (Apr 10)
    - RE: OT: Help with BarnyardGordon Cunningham (Apr 10)
    - RE: OT: Help with BarnyardRalf Spenneberg (Apr 10)
    - RE: OT: Help with BarnyardGordon Cunningham (Apr 10)
- RE: OT: Help with BarnyardGordon Cunningham (Apr 09)
- <Possible follow-ups>
- Re: OT: Help with BarnyardRalf Spenneberg (Apr 10)
Capturing only specific dataquantum (Apr 09)
HOME_NET and EXTERNAL_NET snort.confAllan Dover (Apr 09)
Small n00b questionSnow Jacob C KPWA (Apr 09)
/var/log/snort/some.ip.addr.dir/ permissions problemDonnie Green (Apr 09)
- Re: /var/log/snort/some.ip.addr.dir/ permissions problemErek Adams (Apr 09)
  - Re: /var/log/snort/some.ip.addr.dir/ permissions problemDonnie Green Jr (Apr 10)
Firewalls on IDSTom Culpepper (Apr 09)
- RE: Firewalls on IDSBrian Laing (Apr 09)
- <Possible follow-ups>
- RE: Firewalls on IDSMiller, Eoin (Apr 09)
  - RE: Firewalls on IDSDon Weber (Apr 09)
- RE: Firewalls on IDSRobert Reid (Apr 09)
  - RE: Firewalls on IDSBrian Laing (Apr 10)
Quick QuestionMcBurnett, Jim (Apr 09)
- Re: Quick QuestionErick Mechler (Apr 09)
Alert messages in packet dumpsNeil Dickey (Apr 09)
- <Possible follow-ups>
- Re: Alert messages in packet dumpsNeil Dickey (Apr 14)
  - Re: Alert messages in packet dumpsEdin Dizdarevic (Apr 14)
How to Use Throttle when using Swatch for duplicate email alertsSudhakar Gummadi (Apr 09)
- Re: How to Use Throttle when using Swatch for duplicate email alertsSam Evans (Apr 09)
- Re: How to Use Throttle when using Swatch for duplicate email alertsErek Adams (Apr 09)
- <Possible follow-ups>
- RE: How to Use Throttle when using Swatch for duplicate email alertsHutchinson, Andrew (Apr 10)
OT- Can anyone recommend a log parser for cisco?David Gianndrea (Apr 09)
- Re: OT- Can anyone recommend a log parser for cisco?James Hoagland (Apr 10)
- Re: OT- Can anyone recommend a log parser for cisco?Erek Adams (Apr 10)
P2P rule not workingJimmy Hernandez (Apr 09)
- Re: P2P rule not workingJeff (Apr 09)
Problems with Snort 2.0rc4Anderson Johnston (Apr 09)
stream5?raybo (Apr 09)
- Re: stream5?Erek Adams (Apr 11)
(A little off topic but not really) Connection dropping.Brei, Matt (Apr 09)
sending snort output to a database OFFLINERakesh Kumar (Apr 09)
Does snort support cygwin?Tay Chuan (Apr 10)
- RE: Does snort support cygwin?Michael Steele (Apr 10)
snortdb-extraPaulo Gomes (Apr 10)
- <Possible follow-ups>
- RE: snortdb-extraHutchinson, Andrew (Apr 10)
New Rules QuestionSh J (Apr 10)
- Re: New Rules QuestionErek Adams (Apr 10)
  - Re: New Rules QuestionMatt Kettler (Apr 10)
getting error when using -ssnort snort (Apr 10)
- Re: getting error when using -sErek Adams (Apr 10)
- <Possible follow-ups>
- Re: getting error when using -ssnort snort (Apr 10)
Snort inline configurationUeli Kistler (Apr 10)
Re: OT- Can anyone recommend a log parser forcisco?Dusty Hall (Apr 10)
ACID issueSlighter, Tim (Apr 10)
- Re: ACID issueMichael Anderson (Apr 10)
- <Possible follow-ups>
- RE: ACID issueSlighter, Tim (Apr 10)
  - RE: ACID issueMike (Apr 10)
- RE: ACID issueSlighter, Tim (Apr 10)
stream4Steven Rudolph (Apr 10)
- Re: stream4Erek Adams (Apr 10)
  - Re: stream4Chris Green (Apr 10)
SNORT-1.9.0 problem with wireless network interface - network ge ts disabledSadanapalli, Pradeep Kumar (MED, TCS) (Apr 10)
- Re: SNORT-1.9.0 problem with wireless network interface - network ge ts disabledJeff (Apr 10)
- Re: SNORT-1.9.0 problem with wireless network interface - network ge ts disabledBennett Todd (Apr 10)
Acid and PHP Redhat 8.0Tom Morgan (Apr 10)
- Re: Acid and PHP Redhat 8.0David T Hollis (Apr 10)
- Re: Acid and PHP Redhat 8.0Keg (Apr 10)
- Re: Acid and PHP Redhat 8.0Franklin Rierson (Apr 11)
- <Possible follow-ups>
- FW: Acid and PHP Redhat 8.0SecurityAdmin (Apr 10)
snort+mysql+acid questionHarish S (Apr 10)
- Re: snort+mysql+acid questionMike Mentges (Apr 10)
- <Possible follow-ups>
- RE: snort+mysql+acid questionMatt Yackley (Apr 10)
aswer to snortFrancisco Javier Gonzalez Gonzalez (Apr 10)
- Re: aswer to snortDavid Alonso De La Vega Tapage (Apr 10)
How to centralize trafficGustavo Santos (Apr 10)
OT- Can any one recommend a turnkey log parser for cisco.David Gianndrea (Apr 10)
helpli wei (Apr 10)
- <Possible follow-ups>
- RE: helpChapman, Justin T (Apr 10)
snmp traps for snortRonan Horgan (Apr 10)
Snort inline configuration - Additional informationsUeli Kistler (Apr 10)
- Re: Snort inline configuration - Additional informationsErek Adams (Apr 11)
SnortCenter - Problem with sensor Retry ConnectingJeff Bolden (Apr 10)
ignored 1 duplicate alert(s)ipwitch (Apr 10)
RE: SNORT-1.9.0 problem with wireless network interface - network ge ts disabledSadanapalli, Pradeep Kumar (MED, TCS) (Apr 10)
RE: /var/log/snort/some.ip.addr.dir/ permissions problemMatt Yackley (Apr 10)
- Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblemDavid Alonso De La Vega Tapage (Apr 10)
  - Re: /var/log/snort/some.ip.addr.dir/ permissions pr oblemipwitch (Apr 10)
are the Snort Signature Database or arachNIDS downloadable?snort (Apr 10)
RE: [Snort-sigs] SMTP From Comment Overflow rule problemsRon Shuck (Apr 11)
[Snort-users]SNORT, +MySQL, +Acid, Apache on winXpCory D. (Apr 11)
- RE: [Snort-users]SNORT, +MySQL, +Acid, Apache on winXpMichael Steele (Apr 11)
- <Possible follow-ups>
- RE: [Snort-users]SNORT, +MySQL, +Acid, Apache on winXpCory D. (Apr 11)
Snort_inline and MySQL compile problemspieter claassen (Apr 11)
- OT: The Signature from HellErek Adams (Apr 11)
- <Possible follow-ups>
- RE: Snort_inline and MySQL compile problemsSlighter, Tim (Apr 11)
RE: What have I screwed up on this SQL call?Hutchinson, Andrew (Apr 11)
- Re: What have I screwed up on this SQL call?Jason Haar (Apr 11)
Ignore hostDavid Scott (Apr 11)
- Re: Ignore hostErek Adams (Apr 11)
  - Re: Ignore hostDavid Alonso De La Vega Tapage (Apr 11)
    - Re: Ignore hostErek Adams (Apr 11)
    - Re: Ignore hostDavid Alonso De La Vega Tapage (Apr 11)
- Re: Ignore hostKenneth G. Arnold (Apr 11)
Sensor Config Creation in SnortCenterShlomo Dubrowin (Apr 11)
- Re: Sensor Config Creation in SnortCenterShlomo Dubrowin (Apr 13)
Understanding spp_portscan2 resultsDomingos Costa (Apr 11)
- <Possible follow-ups>
- RE: Understanding spp_portscan2 resultsSasa Jusic (Apr 16)
RE: [Snort-users]SNORT, +MySQL, +Acid, Apache on winXpSecurityAdmin (Apr 11)
- <Possible follow-ups>
- RE: [Snort-users]SNORT, +MySQL, +Acid, Apache on winXpSecurityAdmin (Apr 11)
interpreting logs...Bruyere, Michel (Apr 11)
RE: OT: The Signature from HellSchmehl, Paul L (Apr 11)
- <Possible follow-ups>
- RE: OT: The Signature from HellBob Dehnhardt (Apr 11)
Snort & RHL 9Brian M. Diehl (Apr 11)
- Re: Snort & RHL 9David T Hollis (Apr 11)
- RE: Snort & RHL 9Paul D. Shaffer (Apr 11)
  - RE: Snort & RHL 9Patrick S. Harper (Apr 12)
  - Frag2Blake Frantz (Apr 14)
SNMP request UDPAndrade, Leonardo F. Buonsanti de (IT - Brasil) (Apr 11)
capturing arpPatrick Amirian (Apr 11)
- Re: capturing arpChris Green (Apr 14)
- <Possible follow-ups>
- Re: capturing arpSergio Aldo Casas (Apr 13)
- RE: capturing arpSpencer, Arthur (Apr 14)
  - RE: capturing arpRich Adamson (Apr 14)
  - Re: capturing arpJacques (Apr 14)
  - Re: capturing arpEdin Dizdarevic (Apr 14)
- RE: capturing arpL. Christopher Luther (Apr 14)
Web Session Capture and ReplaySuwarna Patel (Apr 11)
- Re: Web Session Capture and ReplayEdin Dizdarevic (Apr 12)
  - DROP connections?/dev/null (Apr 12)
    - Re: DROP connections?Alberto Gonzalez (Apr 12)
    - Re: DROP connections?Derya Sezen (Apr 12)
Best OSRyan Finnesey (Apr 11)
- Re: Best OSEdin Dizdarevic (Apr 12)
  - Re: Best OSJeff (Apr 12)
- Re: Best OSMike Mentges (Apr 14)
- <Possible follow-ups>
- RE: Best OSRyan Finnesey (Apr 12)
  - RE: Best OSPatrick S. Harper (Apr 12)
  - Dual Alerts ?David Markle (Apr 13)
- RE: Best OSSecurityAdmin (Apr 12)
  - Re: Best OSBruno Benchimol a.k.a. Misty MSt (Apr 13)
Applied Watch for the Snort IDS is Now Available for Free DownloadEric Hines (Apr 12)
How can I stop checking for Truncated Tcp Options?Jacques (Apr 12)
- Re: How can I stop checking for Truncated Tcp Options?Jacques (Apr 12)
- Re: How can I stop checking for Truncated Tcp Options?Chris Green (Apr 15)
RE: Applied Watch for the Snort IDS is Now Available for Free DownloadSecurityAdmin (Apr 12)
- RE: Applied Watch for the Snort IDS is Now Available for Free DownloadMichael Steele (Apr 12)
  - RE: Applied Watch for the Snort IDS is Now Available for Free DownloadEric Hines (Apr 13)
Snort 1.9.1, 1.9.1 chrooted and 2.0 rc4, Barnyard, Mudpit RPMs for RedHat 7.3, 8.0 and 9Ralf Spenneberg (Apr 13)
Time-modules problem in PPMvictor.lee (Apr 13)
- RE: Time-modules problem in PPMMichael Steele (Apr 13)
Where and when do snort decide which CID to give to a event?jkv (Apr 13)
- Re: Where and when do snort decide which CID to give to a event?Paul Schmehl (Apr 13)
- Re: Where and when do snort decide which CID to give to a event?jkv (Apr 13)
Snort-inline and MySQLpieter claassen (Apr 13)
- <Possible follow-ups>
- Snort-inline and MySQLpieter claassen (Apr 14)
MY SQL, SNORT.rehanann (Apr 13)
- RE: MY SQL, SNORT.David Markle (Apr 14)
  - Re: MY SQL, SNORT.Jacques (Apr 14)
- Re: MY SQL, SNORT.Patrick S. Harper (Apr 14)
snort 2.0.0rc4 openbsd 3.2 short udp packet complaintsrobin (Apr 13)
- Re: snort 2.0.0rc4 openbsd 3.2 short udp packet complaintsChris Green (Apr 14)
Inaccurate info !!KD Rajkumar (Apr 13)
Trouble reading snort.log.*Jacques (Apr 13)
- Re: Trouble reading snort.log.*Michael Boman (Apr 13)
AW: About IDMEF XMLPoppi, Sandro (Apr 14)
Can snort detect the SYN flood?Wei Nan (Apr 14)
- Re: Can snort detect the SYN flood?Chris Green (Apr 15)
ODBC+TDS woesJeff (Apr 14)
- <Possible follow-ups>
- ODBC+TDS woesJeff (Apr 14)
  - Re: ODBC+TDS woesPaul Schmehl (Apr 14)
    - Re: ODBC+TDS woesJeff (Apr 14)
Snort Windows - not working with ISDN AdapterMirko Matytschak (Apr 14)
- Re: Snort Windows - not working with ISDN Adaptersnort (Apr 14)
- <Possible follow-ups>
- Snort Windows - not working with ISDN AdapterMirko Matytschak (Apr 14)
  - RE: Snort Windows - not working with ISDN AdapterMichael Steele (Apr 14)
- RE: Snort Windows - not working with ISDN AdapterJoe Lawson (Apr 14)
- RE: Snort Windows - not working with ISDN AdapterL. Christopher Luther (Apr 14)
snort 1-9-1 W2K ISDN not workingMirko Matytschak (Apr 14)
- <Possible follow-ups>
- RE: snort 1-9-1 W2K ISDN not workingL. Christopher Luther (Apr 14)
snort a Gbps?Bennett Todd (Apr 14)
Re: snort 2.0.0rc4 openbsd 3.2 short udppacketcomplaints (Absent jusqu'au 29/07/2002)Pascal Painparay (Apr 14)
Snort 2.0 Released!Martin Roesch (Apr 14)
- Re: [Snort-devel] Snort 2.0 Released!Kevin J. Schmidt (Apr 14)
  - Re: Re: [Snort-devel] Snort 2.0 Released!Chris Green (Apr 15)
    - Re: Re: [Snort-devel] Snort 2.0 Released!Kevin J. Schmidt (Apr 15)
    - SNMP plugin removed from SnortJose Vicente Nunez Z (Apr 15)
    - Re: SNMP plugin removed from Snort + stream4 patch for 1.9.1Martin Olsson (Apr 17)
    - Re: SNMP plugin removed from Snort + stream4 patchfor 1.9.1Martin Roesch (Apr 18)
    - Re: SNMP plugin removed from Snort + stream4 patch for 1.9.1Erick Mechler (Apr 18)
    - Re: SNMP plugin removed from Snort + stream4 patchfor 1.9.1Kevin J. Schmidt (Apr 18)
    - Re: SNMP plugin removed from Snort + stream4 patchfor 1.9.1Jose Vicente Nunez Zuleta (Apr 18)
    - Re: Re: [Snort-users] SNMP plugin removed from Snort + stream4 patch for 1.9.1Ian S. Nelson (Apr 20)
- Windump doesn't work now.LucAdmin (Apr 15)
  - Re: Windump doesn't work now.Rich Adamson (Apr 15)
RE: Dual Alerts ?L. Christopher Luther (Apr 14)
- RE: Dual Alerts ?David Markle (Apr 14)
- <Possible follow-ups>
- RE: Dual Alerts ?L. Christopher Luther (Apr 14)
Too many links errorJaya Shankar (Apr 14)
Snort on Windows 2003 serverRobert Reid (Apr 14)
- RE: Snort on Windows 2003 serverMichael Steele (Apr 14)
Snortcenter and windowsSnow Jacob C KPWA (Apr 14)
- RE: Snortcenter and windowsMichael Steele (Apr 14)
- <Possible follow-ups>
- RE: Snortcenter and windowsMichael Steele (Apr 14)
snort rules flow optionMichael Goodman (Apr 14)
- Re: snort rules flow optionChris Green (Apr 21)
- Re: snort rules flow optionBrian (Apr 25)
Re: capturing arp (Absent jusqu'au 29/07/2002)Pascal Painparay (Apr 14)
- Re: capturing arp (Absent jusqu'au 29/07/2002)Edin Dizdarevic (Apr 15)
  - Re: capturing arp (Absent jusqu'au 29/07/2002)Chris Green (Apr 16)
    - Re: capturing arp (Absent jusqu'au 29/07/2002)Edin Dizdarevic (Apr 16)
- <Possible follow-ups>
- Re: capturing arp (Absent jusqu'au 29/07/2002)Pascal Painparay (Apr 16)
- Re: capturing arp (Absent jusqu'au 29/07/2002)Pascal Painparay (Apr 16)
A little pass rule helpKeg (Apr 14)
- Re: A little pass rule helpChris Green (Apr 21)
- <Possible follow-ups>
- RE: A little pass rule helpL. Christopher Luther (Apr 14)
  - Re: A little pass rule helpKeg (Apr 15)
  - Re: A little pass rule helpKeg (Apr 15)
- RE: A little pass rule helpL. Christopher Luther (Apr 15)
Applied Watch is now FREE for Non-Commercial Use after overwhelming Demand!Eric Hines (Apr 14)
old version of snort?Liuhy (Apr 15)
- Re: old version of snort?Patrick S. Harper (Apr 15)
- Re: old version of snort?Brian (Apr 16)
No output to ACIDJill Tovey (Apr 15)
- Re: No output to ACIDEdin Dizdarevic (Apr 15)
  - Re: No output to ACIDJill Tovey (Apr 15)
    - Re: No output to ACIDEdin Dizdarevic (Apr 15)
    - Message not available
    - Re: No output to ACIDEdin Dizdarevic (Apr 15)
    - Re: No output to ACIDJoerg Weber (Apr 15)
- Message not available
  - Re: No output to ACIDJill Tovey (Apr 15)
writing rules for snort 1.6Liuhy (Apr 15)
Portscan with ICMP?Edin Dizdarevic (Apr 15)
snortrules.tar.gzGrime, Richard S (Apr 15)
- Re: snortrules.tar.gzErick Mechler (Apr 15)
  - Re: snortrules.tar.gzPaul Schmehl (Apr 15)
    - Re: snortrules.tar.gzAndreas Östling (Apr 15)
    - Re: snortrules.tar.gzPaul Schmehl (Apr 16)
Clean DB && Barnyard StartJoerg Weber (Apr 15)
AW: writing rules for snort 1.6Poppi, Sandro (Apr 15)
Help Needed: i want to make a firewallJunaid (Apr 15)
- <Possible follow-ups>
- Help Needed: i want to make a firewallJunaid (Apr 15)
- Help Needed: i want to make a firewallJunaid (Apr 15)
- RE: Help Needed: i want to make a firewallPhilip Davidson (Apr 15)
[Fwd: Re: No output to ACID]Jill Tovey (Apr 15)
- <Possible follow-ups>
- [Fwd: Re: No output to ACID]Jill Tovey (Apr 15)
Re: Re: [Snort-devel] Snort 2.0 Released!(Absent jusqu'au 29/07/2002)Pascal Painparay (Apr 15)
spp_stream4 possible EVASIVE RSTKD Rajkumar (Apr 15)
RE: Re: [Snort-devel] Snort 2.0 Released!larosa, vjay (Apr 15)
Snort 2.0 and SnortCenterReda Hicham (Apr 15)
logsnorterRolf Brusletto (Apr 15)
Re: Can snort detect the SYN flood? (Absentjusqu'au 29/07/2002)Pascal Painparay (Apr 15)
Re: How can I stop checking for TruncatedTcpOptions? (Absent jusqu'au 29/07/2002)Pascal Painparay (Apr 15)
Still Help Needed: i want to make a firewallJunaid (Apr 15)
- Re: Still Help Needed: i want to make a firewallMike Mentges (Apr 15)
  - Re: Still Help Needed: i want to make a firewallPaul Schmehl (Apr 15)
- Re: {SPAM} Still Help Needed: i want to make a firewallMatt Kettler (Apr 15)
- Re: Still Help Needed: i want to make a firewallPatrick S. Harper (Apr 15)
  - Re: Still Help Needed: i want to make a firewallJason (Apr 15)
- <Possible follow-ups>
- Still Help Needed: i want to make a firewallJunaid (Apr 15)
- RE: Still Help Needed: i want to make a firewallbmcdowell (Apr 15)
- RE: Still Help Needed: i want to make a firewallRobert Reid (Apr 15)
  - RE: Still Help Needed: i want to make a firewallMichael Steele (Apr 16)
    - RE: Still Help Needed: i want to make a firewallMike Mentges (Apr 16)
    - RE: Still Help Needed: i want to make a firewallMatt Kettler (Apr 16)
    - RE: Still Help Needed: i want to make a firewallMichael Steele (Apr 16)
    - RE: Still Help Needed: i want to make a firewallRich Adamson (Apr 17)
- RE: Still Help Needed: i want to make a firewallHorta, Benny (Apr 16)
- RE: Still Help Needed: i want to make a firewallMirko Matytschak (Apr 17)
- RE: Still Help Needed: i want to make a firewallRobert Reid (Apr 17)
- RE: Still Help Needed: i want to make a firewallJames Bly (Apr 17)
- RE: Still Help Needed: i want to make a firewallRobert Reid (Apr 17)
  - RE: Still Help Needed: i want to make a firewallMichael Steele (Apr 17)
    - RE: Still Help Needed: i want to make a firewallPaul Schmehl (Apr 17)
    - RE: Still Help Needed: i want to make a firewallMatt Kettler (Apr 17)
- RE: Still Help Needed: i want to make a firewallDonofrio, Lewis (Apr 17)
SID 1042 and WebDAVScott, Joshua (Apr 15)
[Fwd: CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability]Jose Vicente Nunez Z (Apr 15)
stream4 vulnerabilityErick Mechler (Apr 15)
RE: Windump doesn't work now.L. Christopher Luther (Apr 15)
New stream 4 messages in 2.0Russell Fulton (Apr 15)
- Re: New stream 4 messages in 2.0Chris Green (Apr 21)
- <Possible follow-ups>
- RE: New stream 4 messages in 2.0Slighter, Tim (Apr 21)
RE: {SPAM} Still Help Needed: i want to make a firewallRobert Reid (Apr 15)
Problem with Snort 2.0.0 and MySQL Client with Redhat 9Mike Chandler (Apr 15)
some strange alertsdawnshade (Apr 15)
- <Possible follow-ups>
- some strange alertsdawnshade (Apr 16)
Need to MAKE/DEVELOP my own firewallJunaid (Apr 16)
- Re: {SPAM} Need to MAKE/DEVELOP my own firewallMatt Kettler (Apr 16)
How to handle BPDU packet in Snort?Mzhuzeus (Apr 16)
- Re: How to handle BPDU packet in Snort?Chris Green (Apr 21)
  - Re: How to handle BPDU packet in Snort?twig les (Apr 21)
can I remove asn1_decode preprocessor?Clayton Mascarenhas (Apr 16)
- Re: can I remove asn1_decode preprocessor?Paul B. Poh (Apr 16)
plz helppreethi suvarna (Apr 16)
- <Possible follow-ups>
- RE: plz helpSemerjian, Ohanes (Apr 17)
- plz helpsmitha rao (Apr 22)
  - Re: plz helpTantravahi Venkata Aditya (Apr 23)
    - Re: plz helpMatt Schillinger (Apr 23)
- plz helpGaurav Kumar (Jun 16)
  - RE: plz helpChris N. (Jun 16)
- RE: plz helpEsler, Joel Contractor (Jun 16)
False positives portscan2bob gunzel (Apr 16)
AW: plz helpPoppi, Sandro (Apr 16)
what version of SPADE to use with Snort?BHR Hana (Apr 16)
- Re: what version of SPADE to use with Snort?James Hoagland (Apr 16)
Confiremation of BO needed!Edin Dizdarevic (Apr 16)
- Re: Confiremation of BO needed!Edin Dizdarevic (Apr 16)
no portscan trafficGosswiler Bjoern (Apr 16)
AW: no portscan trafficPoppi, Sandro (Apr 16)
snort-inline errorKathy A (Apr 16)
snort, postgres, acidJason (Apr 16)
snort 2.0 errorsmichaeltone1975 (Apr 16)
Acid vs FwlogwatchDrew Cutter (Apr 16)
Oracle Compromise (Tftp + Netcat)Dusty Hall (Apr 16)
OpenPcap( ) error with snort 2.0Storment, Brandon (Apr 16)
Acid slownessComcast (Apr 16)
- Re: Acid slownessMike Mentges (Apr 16)
- <Possible follow-ups>
- Re: Acid slownessDusty Hall (Apr 16)
- Re: Acid slownessJP Vossen (Apr 16)
- Re: Acid slownessDusty Hall (Apr 17)
- RE: Acid slownessfrancisv (Apr 21)
- Re: Acid slownessDusty Hall (Apr 22)
portscan target filter ?Charles Gillet (Apr 16)
- <Possible follow-ups>
- RE: portscan target filter ?L. Christopher Luther (Apr 22)
  - Re: portscan target filter ?Charles Gillet (Apr 23)
- RE: portscan target filter ?L. Christopher Luther (Apr 23)
Fw: DATETIME Data Type? Snort & Acid Intrusion Dectection Packages broken with 7.3.2 ReleaseDavid Benham (Apr 16)
- Re: Fw: DATETIME Data Type? Snort & Acid IntrusionDectection Packages broken with 7.3.2 ReleaseFrank Knobbe (Apr 16)
Re: Your message to Snort-users awaits moderator approvalsmitha rao (Apr 16)
Portscan2 ignorehostsArtur Bittencourt (Apr 16)
- <Possible follow-ups>
- RE: Portscan2 ignorehostsL. Christopher Luther (Apr 22)
Snort Advisory: Integer Overflow in Stream4Brian Caswell (Apr 16)
Re: Fw: DATETIME Data Type? Snort & Acid Intrusion Dectection Packages broken with 7.3.2 Release]Jason (Apr 16)
install snort on RH linuxvictor (Apr 16)
- Re: install snort on RH linuxMike Mentges (Apr 16)
- <Possible follow-ups>
- Re: install snort on RH linuxTy Bodell (Apr 16)
RSA Conference 2003Michael Steele (Apr 16)
- Re: RSA Conference 2003mcmurry jim (Apr 17)
  - RE: RSA Conference 2003Michael Steele (Apr 17)
Securing a Snort machineElvira_Byrnes (Apr 16)
- Re: Securing a Snort machinePatrick S. Harper (Apr 16)
- <Possible follow-ups>
- RE: Securing a Snort machineElvira_Byrnes (Apr 16)
  - Re: Securing a Snort machineMichael Anderson (Apr 17)
  - RE: Securing a Snort machineMatt Kettler (Apr 17)
    - Re: Securing a Snort machineSaad Kadhi (Apr 18)
    - Performance BottleneckDaniel R. Miessler (Apr 18)
- RE: Securing a Snort machineElvira_Byrnes (Apr 16)
- RE: Securing a Snort machineSemerjian, Ohanes (Apr 17)
- RE: Securing a Snort machineSemerjian, Ohanes (Apr 17)
- Re: Securing a Snort machineM M (Apr 17)
- RE: Securing a Snort machineDean Scott (Apr 17)
- RE: Securing a Snort machineElvira_Byrnes (Apr 22)
RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9Elvira_Byrnes (Apr 17)
- RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9Mike Chandler (Apr 17)
- snort: relocation error: /usr/lib/libmysqlclient.so.10 symbol error with Redhat 9Mike Chandler (Apr 19)
  - RE: snort: relocation error: /usr/lib/libmysqlclient.so.10 symbol error with Redhat 9Paul D. Shaffer (Apr 19)
    - RE: snort: relocation error: /usr/lib/libmysqlclient.so.10 symbol error with Redhat 9Mike Chandler (Apr 19)
    - Snort and MySQL - Do they benefit from multiple processors ???Daniel R. Miessler (Apr 19)
    - PureSecure using Snort 2.x now...Daniel R. Miessler (Apr 19)
udpflood attack !Liuhy (Apr 17)
- Re: udpflood attack !Matt Kettler (Apr 17)
emty logsBart Decker (Apr 17)
Creating a new ruleDavid Cintron (Apr 17)
Installations of Snort on linuxhu ming (Apr 17)
Snort on WirelessSadanapalli, Pradeep Kumar (MED, TCS) (Apr 17)
- Re: Snort on WirelessJason (Apr 17)
- Re: Snort on WirelessMichael Santos (Apr 17)
  - Re: Snort on WirelessBennett Todd (Apr 17)
- Re: Snort on WirelessChris Green (Apr 21)
  - Re: Snort on WirelessBennett Todd (Apr 21)
- <Possible follow-ups>
- RE: Snort on WirelessPhilip Davidson (Apr 17)
- Re: Snort on WirelessBrent Wrisley (Apr 22)
- snort on wirelessVaidehi Kasarekar (May 31)
empty logs..how come ??Bart Decker (Apr 17)
- Re: empty logs..how come ??Matt Kettler (Apr 17)
Two items that are hard to digest...Michael Steele (Apr 17)
- Re: Two items that are hard to digest...Sam Evans (Apr 17)
  - RE: Two items that are hard to digest...Michael Steele (Apr 17)
    - Re: Two items that are hard to digest...Michael Anderson (Apr 17)
    - RE: Two items that are hard to digest...Michael Steele (Apr 17)
    - RE: Two items that are hard to digest...Matt Kettler (Apr 17)
    - RE: Two items that are hard to digest...Michael Steele (Apr 17)
    - RE: Two items that are hard to digest...Matt Kettler (Apr 17)
    - Re: Two items that are hard to digest...Chris Reid (Apr 17)
    - Re: Two items that are hard to digest...Sam Evans (Apr 17)
    - Re: Two items that are hard to digest...Chris Reid (Apr 17)
    - Clarification: Two items that are hard to digest...Michael Steele (Apr 17)
    - Re: Clarification: Two items that are hard to digest...Matt Kettler (Apr 17)
    - Re: Where's Waldo^H^H^H^H^HErekErek Adams (Apr 21)
    - Re: Re: Where's Waldo^H^H^H^H^HErekDavid Alonso De La Vega Tapage (Apr 21)
    - RE: Two items that are hard to digest...Michael Steele (Apr 17)
  - Re: Two items that are hard to digest...Jose Vicente Nunez Z (Apr 17)
- Re: Two items that are hard to digest...Edin Dizdarevic (Apr 17)
- Re: Two items that are hard to digest...Matt Kettler (Apr 17)
  - RE: Two items that are hard to digest...Michael Steele (Apr 17)
    - RE: Two items that are hard to digest...Matt Kettler (Apr 17)
    - RE: Two items that are hard to digest...Michael Steele (Apr 17)
    - Re: Two items that are hard to digest...Erick Mechler (Apr 17)
- <Possible follow-ups>
- RE: Two items that are hard to digest...Matt Kettler (Apr 17)
Snort 2.0Ma, Kenneth K. (Apr 17)
- Re: Snort 2.0Mike Mentges (Apr 17)
  - Re: Snort 2.0Mike Mentges (Apr 17)
- RE: Snort 2.0Michael Steele (Apr 17)
- Re: Snort 2.0Michael Anderson (Apr 17)
Editing rules within WebminPaul Jacobs (Apr 17)
- <Possible follow-ups>
- Editing rules within WebminRobin Brown (Apr 17)
Alert file exceeds 2GBDusty Hall (Apr 17)
- Re: Alert file exceeds 2GBErick Mechler (Apr 17)
  - Re: Alert file exceeds 2GBErek Adams (Apr 21)
Snort Alert Content Telnetkaihansen (Apr 17)
Configure Error in snort 2.0.0David Alonso De La Vega Tapage (Apr 17)
- <Possible follow-ups>
- Re: Configure Error in snort 2.0.0Neil Dickey (Apr 17)
  - Re: Configure Error in snort 2.0.0David Alonso De La Vega Tapage (Apr 17)
  - Re: Configure Error in snort 2.0.0David Alonso De La Vega Tapage (Apr 17)
- RE: Configure Error in snort 2.0.0Schmehl, Paul L (Apr 17)
Procedure to upgrade snort 1.9.1 to 2.0 on linux 8.0Sudhakar Gummadi (Apr 17)
FW: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort PreprocessorsVicky Rode (Apr 17)
- <Possible follow-ups>
- Fw: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort PreprocessorsJames-lists (Apr 17)
Cert Advisory and now no SNMP traps.larosa, vjay (Apr 17)
- Re: Cert Advisory and now no SNMP traps.Kevin J. Schmidt (Apr 17)
- Re: Cert Advisory and now no SNMP traps.Chris Green (Apr 21)
RE: (Off List) Two items that are hard to digest...Michael Steele (Apr 17)
- <Possible follow-ups>
- RE: (Off List) Two items that are hard to digest...L. Christopher Luther (Apr 17)
unknown preprocessor "asn1_decode"Kit Massengill (Apr 17)
- Re: unknown preprocessor "asn1_decode"Matt Kettler (Apr 17)
- <Possible follow-ups>
- RE: unknown preprocessor "asn1_decode"SRH-Lists (Apr 17)
Email Alert for Windows - Testers NeededMichael Steele (Apr 17)
Users and Groups for Snort rules - filesKit Massengill (Apr 17)
- <Possible follow-ups>
- Re: Users and Groups for Snort rules - filesNeil Dickey (Apr 17)
Upgrade, 1.8.6->2.0.0rc5 - new version won't alert to syslog?Glenn Forbes Fleming Larratt (Apr 17)
- Re: Upgrade, 1.8.6->2.0.0rc5 - new version won't alert to syslog?Chris Reid (Apr 17)
Re: Upgrade, 1.8.6->2.0.0rc5 - new version won't alert to syslog?Matt Kettler (Apr 17)
- Re: Upgrade, 1.8.6->2.0.0rc5 - new version won't alert to syslog?Rich Adamson (Apr 18)
generating an alertRick S. (Apr 17)
- RE: generating an alertMichael Steele (Apr 17)
  - RE: generating an alertRick S. (Apr 17)
Upgrade snort 1.9.1 to 2.0 on Linux 8 (No alerts)Sudhakar Gummadi (Apr 17)
- RE: Upgrade snort 1.9.1 to 2.0 on Linux 8 (No alerts)Michael Steele (Apr 17)
Benchmarking snortMichael L. Artz (Apr 17)
- Re: Benchmarking snortBennett Todd (Apr 17)
snort 2.x.x RPMMichael Mansour (Apr 18)
time problemTAYLAN KIRAN (Apr 18)
- Re: time problemMatt Kettler (Apr 18)
(spp_stream4) TTL LIMIT ExceededJohn Hally (Apr 18)
Upgrade, 1.8.6->2.0.0rc5 - new version won't alert to syslog? (fwd)Glenn Forbes Fleming Larratt (Apr 18)
strange behavior with ACIDSlighter, Tim (Apr 18)
MySql-Acid loggingCilin (Apr 18)
- Re: MySql-Acid loggingRolf Brusletto (Apr 18)
- RE: MySql-Acid loggingMichael Steele (Apr 18)
- Re: MySql-Acid loggingShawn Duffy (Apr 18)
- <Possible follow-ups>
- RE: MySql-Acid loggingElvira_Byrnes (Apr 22)
RH8 + Snort 2.0.0 Segmentation Fault on startupJames Garrison (Apr 18)
- Re: RH8 + Snort 2.0.0 Segmentation Fault on startupJames Garrison (Apr 18)
Attention Windows Users : Install Complete IDS Solution on Windows - New Updates!Michael Steele (Apr 18)
historical records of Snort logs?Ryan Finnesey (Apr 18)
- Re: historical records of Snort logs?Paul Schmehl (Apr 19)
  - RE: historical records of Snort logs?Toby Miller (Apr 19)
- Re: historical records of Snort logs?Skip Carter (Apr 19)
Snort 2.0.0 RPMs?Ty Bodell (Apr 18)
Re: snort 2.x.x RPM (Michael Mansour)Ralf Spenneberg (Apr 19)
multiple files off of stdin?Michael L. Artz (Apr 19)
- Re: multiple files off of stdin?Phil Wood (Apr 19)
  - Re: multiple files off of stdin?Michael L. Artz (Apr 19)
- Re: multiple files off of stdin?Chris Green (Apr 23)
RE: PureSecure using Snort 2.x now...Robert Reid (Apr 19)
Sample Pass rulesAlways Bishan (Apr 20)
Snort Security ? How to ?Always Bishan (Apr 20)
- Re: Snort Security ? How to ?d_greenjr (Apr 20)
  - Re: Snort Security ? How to ? {correctios}d_greenjr (Apr 22)
Pass rule not passing preprocessorsAlways Bishan (Apr 20)
- Re: Pass rule not passing preprocessorsBennett Todd (Apr 20)
- Re: Pass rule not passing preprocessorsChris Green (Apr 21)
Snort 2.0 dropping packetsAlways Bishan (Apr 20)
- Re: Snort 2.0 dropping packetsBennett Todd (Apr 20)
- Re: Snort 2.0 dropping packetsEdin Dizdarevic (Apr 20)
  - Re: Snort 2.0 dropping packetsGary Flynn (Apr 21)
    - Re: Snort 2.0 dropping packetsBennett Todd (Apr 21)
- <Possible follow-ups>
- Re: Snort 2.0 dropping packetsNeil Dickey (Apr 21)
  - Re: Snort 2.0 dropping packetsEdin Dizdarevic (Apr 21)
    - Re: Snort 2.0 dropping packetsBennett Todd (Apr 21)
Byte_jump & byte_checkmjanssens (Apr 20)
new features of snort 2.0fa007883 (Apr 20)
Snort 2.0.0 upgraded failed miserablyBill Frische (Apr 20)
Re: Re: [Snort-users] SNMP plugin removed from Snort + stream4 patch for 1.9.1Roman Danyliw (Apr 20)
- Re: Re: [Snort-users] SNMP plugin removed from Snort+ stream4 patch for 1.9.1Kevin J. Schmidt (Apr 21)
mrtg machineBen Whittaker (Apr 20)
- Rule help PleaseBen Whittaker (Apr 21)
- <Possible follow-ups>
- RE: mrtg machineSlighter, Tim (Apr 21)
detecting http-tunnel trafficDerya Sezen (Apr 20)
iptables vs snort vs portsentry orderSonia Hamilton (Apr 20)
BPF filterLiuhy (Apr 21)
- Re: BPF filterChris Reid (Apr 21)
- Re: BPF filterEdin Dizdarevic (Apr 21)
snort -r outputTay Chee Yong (Apr 21)
- Re: snort -r outputJohn Sage (Apr 21)
- Re: snort -r outputtwig les (Apr 21)
Re: New stream 4 messages in 2.0 (Absentjusqu'au 29/07/2002)Pascal Painparay (Apr 21)
Re: How to handle BPDU packet in Snort? (Absentjusqu'au 29/07/2002)Pascal Painparay (Apr 21)
Re: New stream 4 messages in 2.0 (test)Alex Polevoy (Apr 21)
Re: A little pass rule help (Absent jusqu'au29/07/2002)Pascal Painparay (Apr 21)
threadedMatt Schillinger (Apr 21)
Re: Cert Advisory and now no SNMP traps. (Absentjusqu'au 29/07/2002)Pascal Painparay (Apr 21)
Re: Pass rule not passing preprocessors (Absentjusqu'au 29/07/2002)Pascal Painparay (Apr 21)
Re: snort rules flow option (Absent jusqu'au29/07/2002)Pascal Painparay (Apr 21)
Problems with ACIDSlighter, Tim (Apr 21)
- Re: Problems with ACIDMarc Spitzer (Apr 21)
Installing Snort with PHP, MySQL, ACID,etcGary and El Byrnes (Apr 21)
- Re: Installing Snort with PHP, MySQL, ACID,etcDavid Alonso De La Vega Tapage (Apr 21)
- Re: Installing Snort with PHP, MySQL, ACID,etcPatrick S. Harper (Apr 21)
  - Re: Installing Snort with PHP, MySQL, ACID,etcGary and El Byrnes (Apr 22)
    - Re: Installing Snort with PHP, MySQL, ACID,etcPatrick S. Harper (Apr 22)
- <Possible follow-ups>
- RE: Installing Snort with PHP, MySQL, ACID,etcSlighter, Tim (Apr 21)
  - Re: Installing Snort with PHP, MySQL, ACID,etcDavid Alonso De La Vega Tapage (Apr 21)
- RE: Installing Snort with PHP, MySQL, ACID,etcSlighter, Tim (Apr 21)
  - Re: Installing Snort with PHP, MySQL, ACID,etcGary and El Byrnes (Apr 22)
Snort 2.0 and Barnyard 0.1.0Francis Vidal (Apr 21)
- Re: Snort 2.0 and Barnyard 0.1.0Andrew R. Baker (Apr 22)
  - RE: Snort 2.0 and Barnyard 0.1.0Francis Vidal (Apr 22)
Re: "Saving State" in Snort (Absent jusqu'au29/07/2002)Pascal Painparay (Apr 21)
Re: Snort on Wireless (Absent jusqu'au29/07/2002)Pascal Painparay (Apr 21)
Snort on an Voice over IP NetworkSnow Jacob C KPWA (Apr 21)
snort 2.0.0 with mysql ..David Alonso De La Vega Tapage (Apr 21)
- <Possible follow-ups>
- RE: snort 2.0.0 with mysql ..Slighter, Tim (Apr 21)
  - Re: snort 2.0.0 with mysql ..David Alonso De La Vega Tapage (Apr 21)
ERROR: Please activate spp_conversation before trying to activate spp_portscan2Kit Massengill (Apr 21)
- <Possible follow-ups>
- Re: ERROR: Please activate spp_conversation before trying to activate spp_portscan2Neil Dickey (Apr 21)
re: snort 2.0.0 with mysqlMike Chandler (Apr 21)
- Re: snort 2.0.0 with mysqlDavid Alonso De La Vega Tapage (Apr 21)
  - Re: snort 2.0.0 with mysqlMike Chandler (Apr 21)
    - Re: snort 2.0.0 with mysqlDavid Alonso De La Vega Tapage (Apr 21)
    - Re: snort 2.0.0 with mysqlMike Chandler (Apr 22)
    - Re: snort 2.0.0 with mysqlDavid Alonso De La Vega Tapage (Apr 22)
- <Possible follow-ups>
- re: snort 2.0.0 with mysqlDavid Powell (Apr 22)
  - re: snort 2.0.0 with mysqltwig les (Apr 22)
  - Re: snort 2.0.0 with mysqlDavid Alonso De La Vega Tapage (Apr 22)
Newbie questionChris (Apr 21)
- Re: Newbie questionErick Mechler (Apr 21)
- Re: Newbie question (FAQ 4.3 update requested)Matt Kettler (Apr 21)
- <Possible follow-ups>
- RE: Newbie questionPotts, Ross A. (Apr 23)
- Newbie QuestionWilcoxen, Scott (Apr 25)
- RE: Newbie QuestionPacheco, Michael F. (Apr 25)
- RE: Newbie QuestionWilcoxen, Scott (Apr 27)
Re: Pascal Painparay [pascal.painparay () tdf fr]Slighter, Tim (Apr 21)
Re: Re: Pascal Painparay [pascal.painparay () tdf fr]Matt Kettler (Apr 21)
preprocessor definition in snort manual!?!?!?Derya Sezen (Apr 21)
- Re: preprocessor definition in snort manual!?!?!?Matt Kettler (Apr 21)
Re: snort -r output (Absent jusqu'au 29/07/2002)twig les (Apr 21)
snort breakdownHanumantha R. Manchala (Apr 21)
- Re: snort breakdownBennett Todd (Apr 21)
Updated Snort Enterprise Implementation GuideSteven J. Scott (Apr 21)
Define sealth eth0David Alonso De La Vega Tapage (Apr 21)
unscribeBENZ LEE (Apr 21)
flexresp problemReet (Apr 22)
- Re: flexresp problemMuenz, Michael (Apr 22)
  - Re: flexresp problemReet (Apr 22)
    - Re: flexresp problemMuenz, Michael (Apr 22)
    - Re: flexresp problemReet (Apr 22)
snotJill Tovey (Apr 22)
snort + email + alertMario Karcevski (Apr 22)
- Re: snort + email + alertMatt Kettler (Apr 22)
- <Possible follow-ups>
- Re: snort + email + alertPatrice . Arnal (Apr 25)
Strange ICMP LogRon Shuck (Apr 22)
- <Possible follow-ups>
- FW: Strange ICMP LogRon Shuck (Apr 22)
Snort DB schema for Postgresql has wrong data type "datetime"Roberto Suarez Soto (Apr 22)
snort 2 / mysql / static/ undefined reference to uncompressMike Caughran (Apr 22)
- Re: snort 2 / mysql / static/ undefined reference to uncompressDavid Alonso De La Vega Tapage (Apr 22)
- <Possible follow-ups>
- Re: snort 2 / mysql / static/ undefined reference to uncompressMike Caughran (Apr 23)
Fuzzy Matching in SnortThoplaop (Apr 22)
smb alertsChris (Apr 22)
Invalid Iterface...Mohammad Alimohammadi (Apr 22)
- <Possible follow-ups>
- RE: Invalid Iterface...L. Christopher Luther (Apr 22)
  - RE: Invalid Iterface...Mohammad Alimohammadi (Apr 22)
    - RE: Invalid Iterface...Michael Steele (Apr 22)
- RE: Invalid Iterface...L. Christopher Luther (Apr 22)
- Re: Invalid Iterface...Thomas Schweikle (Apr 22)
Invalid Iterface with snort 2.0.0...Mohammad Alimohammadi (Apr 22)
- RE: Invalid Iterface with snort 2.0.0...Michael Steele (Apr 22)
  - RE: Invalid Iterface with snort 2.0.0...Mohammad Alimohammadi (Apr 22)
- <Possible follow-ups>
- RE: Invalid Iterface with snort 2.0.0...L. Christopher Luther (Apr 22)
- RE: Invalid Iterface with snort 2.0.0...L. Christopher Luther (Apr 22)
  - RE: Invalid Iterface with snort 2.0.0...Mohammad Alimohammadi (Apr 22)
    - Re: Invalid Iterface with snort 2.0.0...Chris Reid (Apr 22)
    - RE: Invalid Iterface with snort 2.0.0...Michael Steele (Apr 22)
- RE: Invalid Iterface with snort 2.0.0...L. Christopher Luther (Apr 22)
  - RE: Invalid Iterface with snort 2.0.0...Michael Steele (Apr 22)
- RE: Invalid Iterface with snort 2.0.0...L. Christopher Luther (Apr 22)
SNMP?larosa, vjay (Apr 22)
- Kazaa P2P RulesAllan Dover (Apr 22)
  - Re: Kazaa P2P RulesSam Evans (Apr 22)
- Re: SNMP?Glenn Mansfield Keeni (Apr 23)
  - Re: SNMP?Martin Olsson (May 23)
- <Possible follow-ups>
- RE: SNMP?larosa, vjay (Apr 23)
Re: German Book covering SnortRalf Spenneberg (Apr 22)
Snort 2.0 as a Windows Service??kerberos K (Apr 22)
- RE: Snort 2.0 as a Windows Service??Michael Steele (Apr 22)
- <Possible follow-ups>
- RE: Snort 2.0 as a Windows Service??Uhte, Russ (Apr 22)
- RE: Snort 2.0 as a Windows Service??kerberos K (Apr 22)
  - RE: Snort 2.0 as a Windows Service??Erek Adams (Apr 23)
    - RE: Snort 2.0 as a Windows Service??Michael Steele (Apr 23)
    - RE: Snort 2.0 as a Windows Service??Erek Adams (Apr 23)
    - RE: Snort 2.0 as a Windows Service??Erek Adams (Apr 23)
- RE: Snort 2.0 as a Windows Service??Uhte, Russ (Apr 23)
  - RE: Snort 2.0 as a Windows Service??Michael Steele (Apr 23)
- RE: Snort 2.0 as a Windows Service??Uhte, Russ (Apr 23)
- RE: Snort 2.0 as a Windows Service??Michael Steele (Apr 23)
snort/syslog/Win2kJulian Brown (Apr 22)
- RE: snort/syslog/Win2kMichael Steele (Apr 22)
  - RE: snort/syslog/Win2kJulian Brown (Apr 22)
- <Possible follow-ups>
- RE: snort/syslog/Win2kL. Christopher Luther (Apr 22)
options for considerationSlighter, Tim (Apr 22)
- <Possible follow-ups>
- RE: options for considerationL. Christopher Luther (Apr 22)
  - Re: options for considerationAllan Dover (Apr 23)
new user, great product, but ...Allen, Garrett (Apr 22)
- Re: new user, great product, but ...twig les (Apr 22)
- Re: new user, great product, but ...Erek Adams (Apr 23)
- <Possible follow-ups>
- RE: new user, great product, but ...Allen, Garrett (Apr 22)
  - RE: new user, great product, but ...twig les (Apr 22)
  - Re: new user, great product, but ...Michael Anderson (Apr 22)
- Re: new user, great product, but ...Neil Dickey (Apr 22)
- RE: new user, great product, but ...Allen, Garrett (Apr 22)
snort logs timestampRomildo Wildgrube (Apr 22)
- Re: snort logs timestampErek Adams (Apr 23)
- <Possible follow-ups>
- Re: snort logs timestampRoman Danyliw (Apr 23)
RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9Elvira_Byrnes (Apr 22)
- RE: Problem with Snort 2.0.0 and MySQL Client with Redhat 9Patrick S. Harper (Apr 23)
  - Fixed My Problems with Snort 2.0.0 and MySQL Client with Redhat 9Mike Chandler (Apr 23)
Snortcenter 1.0 + Snort 2.0Michael (Apr 23)
upgradeRajagopal, Sriram(TSD) (Apr 23)
- <Possible follow-ups>
- Re: upgradeNeil Dickey (Apr 23)
Taking out the traffic on ports 22 and 443 suggestive?Edin Dizdarevic (Apr 23)
- Re: Taking out the traffic on ports 22 and 443 suggestive?Erek Adams (Apr 23)
- Re: Taking out the traffic on ports 22 and 443 suggestive?Alberto Gonzalez (Apr 23)
  - Re: Taking out the traffic on ports 22 and 443 suggestive?Edin Dizdarevic (Apr 23)
- Re: Taking out the traffic on ports 22 and 443 suggestive?Brian (Apr 24)
  - Re: Taking out the traffic on ports 22 and 443 suggestive?Brian (Apr 24)
Strange AlertsBrett . Gillett (Apr 23)
- <Possible follow-ups>
- Re: Strange AlertsNeil Dickey (Apr 23)
  - Re: Strange AlertsArtur Bittencourt (Apr 23)
    - Re: Strange AlertsErek Adams (Apr 23)
    - Re: Strange AlertsDavid Alonso De La Vega Tapage (Apr 23)
- Re: Strange AlertsNeil Dickey (Apr 23)
- Re: Strange AlertsBrett . Gillett (Apr 23)
- RE: Strange AlertsAllen, Garrett (Apr 23)
- Re: Strange AlertsBrett . Gillett (Apr 23)
HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0Kevin Van Der Hart (Apr 23)
- Re: HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0Erek Adams (Apr 23)
Protocol/Service/Source Bytes/Dest bytes neededMalcolm Rodgers (Apr 23)
- Re: Protocol/Service/Source Bytes/Dest bytes neededBamm Visscher (Apr 23)
Barnyard writing cleartext MySQL-password to /var/log/messages!!!Edin Dizdarevic (Apr 23)
swatch alternatives?Chris (Apr 23)
- Re: swatch alternatives?Jim Prewett (Apr 23)
  - Re: swatch alternatives?Andreas Östling (Apr 25)
- <Possible follow-ups>
- RE: swatch alternatives?Nelson, Ben (Apr 23)
- RE: swatch alternatives?Slighter, Tim (Apr 23)
Recall: Question about Snort/ACID/MySQL and how they play togethe rSnow Jacob C KPWA (Apr 23)
Question about Snort/ACID/MySQL and how they play togetherSnow Jacob C KPWA (Apr 23)
- RE: Question about Snort/ACID/MySQL and how they play togetherMichael Steele (Apr 23)
- Re: Question about Snort/ACID/MySQL and how they play togetherErek Adams (Apr 24)
- <Possible follow-ups>
- Question about Snort/ACID/MySQL and how they play togetherSnow Jacob C KPWA (Apr 23)
- RE: Question about Snort/ACID/MySQL and how they play togetherMichael Steele (Apr 25)
RE: Question about Snort/ACID/MySQL and how they play togetherL. Christopher Luther (Apr 23)
- <Possible follow-ups>
- RE: Question about Snort/ACID/MySQL and how they play togetherL. Christopher Luther (Apr 25)
Re: Snort 2.0 Upgrade - Sensor is very chattyBrett . Gillett (Apr 23)
- <Possible follow-ups>
- Snort 2.0 Upgrade - Sensor is very chattyPacheco, Michael F. (Apr 23)
- FW: Snort 2.0 Upgrade - Sensor is very chattyPacheco, Michael F. (Apr 23)
Snort not seeing all traffic?Patrick Jones (Apr 23)
- Re: Snort not seeing all traffic?Matt Kettler (Apr 23)
  - RE: Snort not seeing all traffic?PJ-ML (Apr 24)
    - Re: Snort not seeing all traffic?Erick Mechler (Apr 24)
    - Snort is not seeing all traffic...PJ-ML (May 07)
    - Re: Snort is not seeing all traffic...Matt Kettler (May 08)
    - Re: Snort is not seeing all traffic...PJ-ML (May 08)
  - Message not available
    - Re: Snort not seeing all traffic?Erick Mechler (Apr 24)
    - Re: Snort not seeing all traffic?PJ (Apr 24)
    - Re: Snort not seeing all traffic?Erick Mechler (Apr 24)
- <Possible follow-ups>
- Re: Snort not seeing all traffic?PJ (Apr 24)
chroot problems with Red Hat Advanced serverChapman, Justin T (Apr 23)
- Re: chroot problems with Red Hat Advanced serverCharles Philip Chan (Apr 23)
- <Possible follow-ups>
- RE: chroot problems with Red Hat Advanced serverChapman, Justin T (Apr 23)
- RE: chroot problems with Red Hat Advanced serverChapman, Justin T (Apr 24)
  - Re: chroot problems with Red Hat Advanced serverCharles Philip Chan (Apr 24)
Relation between events and rules set.Julio Jaime (Apr 23)
- Re: Relation between events and rules set.John Sage (Apr 23)
- <Possible follow-ups>
- RE: Relation between events and rules set.Julio Jaime (Apr 24)
  - Re: Relation between events and rules set.David Alonso De La Vega Tapage (Apr 24)
- RE: Relation between events and rules set.bmcdowell (Apr 24)
- RE: Relation between events and rules set.Julio Jaime (Apr 24)
  - Re: Relation between events and rules set.David Alonso De La Vega Tapage (Apr 24)
- RE: Relation between events and rules set.Julio Jaime (Apr 24)
- RE: Relation between events and rules set.Julio Jaime (Apr 25)
  - Re: Relation between events and rules set.David Alonso De La Vega Tapage (Apr 25)
RE: Justin ChapmanSanderson, Josh (Apr 23)
home_net and ext_net questionMike Zupan (Apr 23)
- <Possible follow-ups>
- Re: home_net and ext_net questionNeil Dickey (Apr 23)
- RE: home_net and ext_net questionL. Christopher Luther (Apr 23)
- RE: home_net and ext_net questionEverist, Benjamin S. (NASWI) (Apr 24)
  - RE: home_net and ext_net questionMatt Kettler (Apr 24)
- RE: home_net and ext_net questionL. Christopher Luther (Apr 25)
- RE: home_net and ext_net questionMatt Kettler (Apr 25)
- RE: home_net and ext_net questionL. Christopher Luther (Apr 25)
- RE: home_net and ext_net questionNeil Dickey (Apr 25)
  - RE: home_net and ext_net questionMatt Kettler (Apr 25)
Too little traffic being seen!Adrian . Mink (Apr 23)
- Re: Too little traffic being seen!Matt Kettler (Apr 23)
- Re: Too little traffic being seen!John Sage (Apr 23)
- <Possible follow-ups>
- RE: Too little traffic being seen!Adrian . Mink (Apr 24)
[Fwd: Snort <=1.9.1 exploit]Jose Vicente Nunez Z (Apr 23)
WARNING: Not IPv4 datagram!Jeremia d. (Apr 23)
- <Possible follow-ups>
- RE: WARNING: Not IPv4 datagram!Petriz, Pablo (Apr 24)
Only Smtp trafficSh J (Apr 23)
- Re: Only Smtp trafficChris Green (Apr 24)
upgrading snort versionRajagopal, Sriram(TSD) (Apr 23)
- Re: upgrading snort versionDavid Alonso De La Vega Tapage (Apr 24)
Snort v2 rule order help (long)JP Vossen (Apr 23)
tag keyword for TCP sessionsEmmanuel Dardaine (Apr 24)
portscan preprocessor and scan rulesFabrizio Tivano (Apr 24)
Problem logging to postgresRoger D. Vargas (Apr 24)
- <Possible follow-ups>
- RE: Problem logging to postgresEmmanuel Dardaine (Apr 24)
- RE: Problem logging to postgresRoger D. Vargas (Apr 24)
  - RE: Problem logging to postgresFrank Knobbe (Apr 24)
    - RE: Problem logging to postgresFrank Knobbe (Apr 24)
    - RE: Problem logging to postgresRoger D. Vargas (Apr 25)
    - RE: Problem logging to postgresFrank Knobbe (Apr 25)
    - RE: Problem logging to postgresRoger D. Vargas (Apr 25)
- RE: Problem logging to postgresHutchinson, Andrew (Apr 25)
  - RE: Problem logging to postgresRoger D. Vargas (Apr 25)
    - RE: Problem logging to postgresFrank Knobbe (Apr 25)
    - RE: Problem logging to postgresRoger D. Vargas (Apr 25)
    - RE: Problem logging to postgresFrank Knobbe (Apr 25)
    - RE: Problem logging to postgresRoger D. Vargas (Apr 25)
    - RE: Problem logging to postgresFrank Knobbe (Apr 25)
Fw: problem with snort inline -unknown option -Qparikshit (Apr 24)
Hogwash x RedhatLuiz Alberto Cataldo Jr (Apr 24)
SnortSam Firewall PortLance Worthington (Apr 24)
- Re: SnortSam Firewall PortFrank Knobbe (Apr 24)
search method lowmemGerhard Brauer (Apr 24)
- Re: search method lowmemChris Green (Apr 24)
[ANN] HenWen 2.0!Nick Zitzmann (Apr 24)
Mike Sands/ITS/Element K is out of the office.Mike_Sands (Apr 24)
- <Possible follow-ups>
- Mike Sands/ITS/Element K is out of the office.Mike_Sands (Apr 24)
VPN and UDP alertsAllan Dover (Apr 24)
- <Possible follow-ups>
- Re: VPN and UDP alertsNeil Dickey (Apr 25)
  - Promiscuous interface hacks?Paul Schmehl (May 01)
    - Re: Promiscuous interface hacks?Frank Knobbe (May 01)
    - Re: Promiscuous interface hacks?Paul Schmehl (May 01)
    - Re: Promiscuous interface hacks?Matt Kettler (May 01)
    - Re: Promiscuous interface hacks?Paul Schmehl (May 01)
    - Re: Promiscuous interface hacks?Matt Kettler (May 01)
    - Re: Promiscuous interface hacks?Paul Schmehl (May 02)
    - Re: Promiscuous interface hacks?Frank Knobbe (May 01)
    - Re: Promiscuous interface hacks?Paul Schmehl (May 02)
- RE: VPN and UDP alertsSlighter, Tim (Apr 25)
  - Re: VPN and UDP alertsAllan Dover (Apr 28)
- Re: VPN and UDP alertsNeil Dickey (Apr 25)
  - Re: VPN and UDP alertsAllan Dover (Apr 29)
- RE: VPN and UDP alertsSRH-Lists (Apr 29)
segmentation fault...Filipe Dantas (Apr 24)
Port for MYsqlDavid Alonso De La Vega Tapage (Apr 24)
RE: Fw: problem with snort inline -unknown option -QSlighter, Tim (Apr 24)
- Re: Fw: problem with snort inline -unknown option -Qparikshit (Apr 24)
- Re: Fw: problem with snort inline -unknown option -Qparikshit (Apr 24)
- <Possible follow-ups>
- RE: Fw: problem with snort inline -unknown option -QSlighter, Tim (Apr 25)
Win32 MisconfigurationJulian Brown (Apr 24)
- RE: Win32 MisconfigurationMichael Steele (Apr 24)
Question about Snort/ACID/MySQL and portscansSnow Jacob C KPWA (Apr 24)
- RE: Question about Snort/ACID/MySQL and portscansMichael Steele (Apr 24)
- <Possible follow-ups>
- RE: Question about Snort/ACID/MySQL and portscansSlighter, Tim (Apr 25)
OT - Spambmcdowell (Apr 24)
- Re: OT - SpamMatt Kettler (Apr 24)
- Re: OT - Spammikem (Apr 24)
  - Re: OT - SpamJulian Brown (Apr 25)
  - Re: OT - SpamThomas Templin (Apr 25)
    - RE: OT - SpamMichael Steele (Apr 25)
- OT: list archives and e-mail addresses (Re: OT - Spam)Andrew R. Baker (Apr 25)
- <Possible follow-ups>
- Re: OT - SpamJP Vossen (Apr 24)
PHP installDavid Powell (Apr 24)
stream4 reassembly seems to lose last packetDaniel OKeefe (Apr 24)
Automatic Update of the Rule-base using SnortCenterAtul Shrivastava (Apr 25)
Test data logs available?Shwaine (Apr 25)
AW: Test data logs available?Poppi, Sandro (Apr 25)
pass ruleGosswiler Bjoern (Apr 25)
spp_portscan / unknown IPGosswiler Bjoern (Apr 25)
AW: pass rulePoppi, Sandro (Apr 25)
Snort RulesBajamundi, Ricardo P (Apr 25)
swatch alternatives - secraft na (Apr 25)
No longer seeing exploit traffic on version 2.0.0Lloyd_Ardoin (Apr 25)
- Re: No longer seeing exploit traffic on version 2.0.0Chris Green (Apr 28)
snort 2.0.0 on Tru64 5.1Darryl Cook (Apr 25)
- snort 2.0.0 on Tru64 5.1Darryl Cook (Apr 24)
Netbios rules and keeping snort quiet about them ;)James Nonya (Apr 25)
snmp support under rh 8Roger D. Vargas (Apr 25)
- Re: snmp support under rh 8Florin Andrei (Apr 25)
  - Re: snmp support under rh 8Roger D. Vargas (Apr 25)
    - Re: snmp support under rh 8Florin Andrei (Apr 25)
segmantation faultFilipe Dantas (Apr 25)
- Re: segmantation faultErek Adams (Apr 29)
  - Re: segmantation faultFilipe Dantas (Apr 29)
what is rstatd?Shashank Bhide (Apr 25)
- Re: what is rstatd?Matt Kettler (Apr 25)
  - FreeBSD-5 / Snort 2.0 Installation DocumentDavid Markle (Apr 25)
snort -A unsock featureYuri Leikind (Apr 25)
is there a 2.0 build that is mysql compatibleAllen, Garrett (Apr 25)
- RE: is there a 2.0 build that is mysql compatibleDavid Markle (Apr 25)
- <Possible follow-ups>
- RE: is there a 2.0 build that is mysql compatibleJP Vossen (Apr 25)
Allow me to field a questionSlighter, Tim (Apr 25)
RE: MySQL & ACID IssuesSlighter, Tim (Apr 25)
Book soon availableSlighter, Tim (Apr 25)
- Re: Book soon availabletwig les (Apr 25)
- Re: Book soon availableChris Green (Apr 28)
- <Possible follow-ups>
- RE: Book soon availableSlighter, Tim (Apr 28)
It worked!Roger D. Vargas (Apr 25)
Snort (any version) with Barnyard logging payload in hexEdin Dizdarevic (Apr 25)
- Re: Snort (any version) with Barnyard logging payload in hexAndrew R. Baker (Apr 28)
Mysql questionjared (Apr 25)
- RE: Mysql questionDavid Markle (Apr 25)
- <Possible follow-ups>
- RE: Mysql questionDavid Markle (Apr 25)
Hi Im new to Snort and I keep getting wierd errors....please help !Gill, Rob (Apr 25)
Re: Hi Im new to Snort and I keep getting wierd errors....please help !Matt Kettler (Apr 25)
A Friday afternoon hohoMichael Northup (Apr 25)
RE: Question about Snort/ACID/MySQL + Barnyard and how they play togetherMatt Yackley (Apr 25)
trying snort as nids of preludesmitha rao (Apr 26)
setting up a mirroring port at switchsmitha rao (Apr 26)
- Re: setting up a mirroring port at switchd_greenjr (Apr 26)
- <Possible follow-ups>
- RE: setting up a mirroring port at switchMatt Yackley (Apr 26)
- Re: setting up a mirroring port at switchsmitha rao (Apr 29)
snort architecture...Mohammad Alimohammadi (Apr 26)
- Re: snort architecture...twig les (Apr 26)
Snort 2.0 isn't alertingLloyd_Ardoin (Apr 26)
- Re: Snort 2.0 isn't alertingJohn Sage (Apr 27)
- Re: Snort 2.0 isn't alertingGlenn Forbes Fleming Larratt (Apr 30)
(snort_decoder): Truncated Tcp OptionsJason Beveridge (Apr 26)
- Re: (snort_decoder): Truncated Tcp OptionsMH (Apr 27)
snort.conf problemsstormshadow (Apr 26)
- <Possible follow-ups>
- RE: snort.conf problemsL. Christopher Luther (Apr 27)
Is there a program to test snort rules?Joe Horton (Apr 26)
- RE: Is there a program to test snort rules?Michael Steele (Apr 26)
- Re: Is there a program to test snort rules?Paul B. Poh (Apr 28)
  - RE: Is there a program to test snort rules?Brian Laing (Apr 28)
Barnyard Shell ScriptJason Linden (Apr 26)
- Re: Barnyard Shell ScriptAndrew R. Baker (Apr 28)
  - RE: Barnyard Shell ScriptJason Linden (Apr 29)
- <Possible follow-ups>
- Barnyard Shell ScriptJason Linden (Apr 27)
unsubscribeLieberg, Mark (Apr 27)
what does this command do?stormshadow (Apr 27)
- <Possible follow-ups>
- RE: what does this command do?L. Christopher Luther (Apr 28)
Need Help Installing snort on OpenBSDJOE & ANGIE (Apr 27)
- Re: Need Help Installing snort on OpenBSDMH (Apr 28)
- Re: Need Help Installing snort on OpenBSDAndy Sutton (Apr 28)
- <Possible follow-ups>
- RE: Need Help Installing snort on OpenBSDAndy Sutton (Apr 28)
Snort and Bastille LinuxElvira_Byrnes (Apr 27)
log fileTom Murdock (Apr 27)
DemarcBart Decker (DCS) (Apr 28)
Re: Demarc (Bart Decker (DCS) (Snort-users digest, Vol 1 #3115 - 5 msgs)Ralf Spenneberg (Apr 28)
Flex Resp Is Resetting The Wrong PortAndy Wood (Apr 28)
Tutorial on Bpf filtersAlways Bishan (Apr 28)
- Re: Tutorial on Bpf filtersEdin Dizdarevic (Apr 28)
- Re: Tutorial on Bpf filterstwig les (Apr 28)
- Re: Tutorial on Bpf filtersMH (Apr 28)
Realtime alertsAlways Bishan (Apr 28)
Firewall vs IDSAlways Bishan (Apr 28)
- <Possible follow-ups>
- Re: Firewall vs IDSNeil Dickey (Apr 28)
- RE: Firewall vs IDSBrian M. Diehl (Apr 28)
  - Re: Firewall vs IDSSimon Gray (Apr 29)
Automated snort tunerAlways Bishan (Apr 28)
- Re: Automated snort tunerBennett Todd (Apr 28)
- Re: Automated snort tunerMatt Kettler (Apr 28)
Snort upgrade from 1.9.1 to 2.0.0Lloyd_Ardoin (Apr 28)
- <Possible follow-ups>
- Re: Snort upgrade from 1.9.1 to 2.0.0Neil Dickey (Apr 28)
New Release of snort_inline!Rob McMillen (Apr 28)
newbie question on Stream4 preprocessing - missing last packetDan O'Keefe (Apr 28)
Looking for opinions...Wilcoxen, Scott (Apr 28)
- <Possible follow-ups>
- RE: Looking for opinions...L. Christopher Luther (Apr 28)
postgres schema errorMartin A. Brooks (Apr 28)
- Re: postgres schema errorFrank Knobbe (Apr 28)
  - Re: postgres schema errorMartin A. Brooks (Apr 28)
Snort-inlineSlighter, Tim (Apr 28)
one other itemSlighter, Tim (Apr 28)
how to get snort to ignore kazaapeter moody (Apr 28)
Stumpedlarosa, vjay (Apr 28)
- <Possible follow-ups>
- RE: Stumpedlarosa, vjay (Apr 28)
- RE: StumpedFriesz, Ross (Apr 28)
Net_SSLeay updated Makefile.PL for RH9David Powell (Apr 28)
- Re: Net_SSLeay updated Makefile.PL for RH9David T Hollis (Apr 28)
No memory errorSutton, Andrew (Apr 28)
- <Possible follow-ups>
- RE: No memory errorSRH-Lists (Apr 28)
- RE: No memory errorSutton, Andrew (Apr 28)
  - RE: No memory errorErek Adams (Apr 29)
false alarm with snort 2.0, why?Holger Marzen (Apr 28)
- <Possible follow-ups>
- Re: false alarm with snort 2.0, why?Matt Kettler (Apr 28)
  - Re: false alarm with snort 2.0, why?Holger Marzen (Apr 29)
Noob question about different parts of a rulestormshadow (Apr 28)
- Re: Noob question about different parts of a ruleMatt Kettler (Apr 28)
- <Possible follow-ups>
- RE: Noob question about different parts of a ruleSchmehl, Paul L (Apr 28)
- RE: Noob question about different parts of a ruleL. Christopher Luther (Apr 28)
Making snort smarter...Tobias Rice (Apr 28)
- Re: Making snort smarter...Paul Schmehl (Apr 28)
  - Re: Making snort smarter...Jason Haar (Apr 29)
    - Re: Making snort smarter...Paul Schmehl (Apr 29)
    - Re: Making snort smarter...Jason Haar (Apr 29)
    - Re: Making snort smarter...Jason Haar (Apr 29)
- <Possible follow-ups>
- RE: Making snort smarter...bmcdowell (Apr 29)
  - RE: Making snort smarter...Paul Schmehl (Apr 29)
    - Re: Making snort smarter...Jason (Apr 29)
- RE: Making snort smarter...bmcdowell (Apr 29)
  - RE: Making snort smarter...Paul Schmehl (Apr 29)
- Re: Making snort smarter...JP Vossen (Apr 29)
Trouble with pass ruleCarl (Apr 28)
- <Possible follow-ups>
- Re: Trouble with pass ruleNeil Dickey (Apr 29)
  - Re: Trouble with pass ruleCarl (Apr 29)
log the contentDerya Sezen (Apr 28)
- <Possible follow-ups>
- RE: log the contentSnow Jacob C KPWA (Apr 29)
Alert.ids log file not being createdMichael Steele (Apr 28)
- <Possible follow-ups>
- Alert.ids log file not being createdMichael Steele (Apr 29)
- RE: Alert.ids log file not being createdSnow Jacob C KPWA (Apr 29)
  - RE: Alert.ids log file not being createdMichael Steele (Apr 29)
false alarm or not ?Liuhy (Apr 29)
Snort 2.0.0 & syslogMLH (Apr 29)
- Re: Snort 2.0.0 & syslogSimon Gray (Apr 29)
  - Re: Snort 2.0.0 & syslogMLH (Apr 29)
    - Re: Snort 2.0.0 & syslogMLH (Apr 30)
    - Re: Snort 2.0.0 & syslog (solved)Hubert Adgié (Apr 30)
(spp_conversation) Bad IP protocolMike Koponick (Apr 29)
Disabling two alert messagesJukka Juslin (Apr 29)
- Re: Disabling two alert messagesErick Mechler (Apr 29)
- <Possible follow-ups>
- Disabling two alert messagesJukka Juslin (Apr 29)
FW: Not logging to MYSQLJeremy Campbell (Apr 29)
- <Possible follow-ups>
- Not logging to MYSQLJeremy Campbell (Apr 29)
  - Re: Not logging to MYSQLErick Mechler (Apr 29)
Difference between distance and withinMadhu Joshi (Apr 29)
- Re: Difference between distance and withinErick Mechler (Apr 29)
- Re: Difference between distance and withinBrian (Apr 30)
Setting up snort to syslog diffrent priority'sJason A. Kates (Apr 29)
- Re: Setting up snort to syslog diffrent priority'sErek Adams (Apr 29)
- <Possible follow-ups>
- RE: Setting up snort to syslog diffrent priority'sL. Christopher Luther (Apr 29)
New to SnortYijia_Zhou (Apr 29)
sidestepJill Tovey (Apr 29)
- Re: sidestepMatt Kettler (Apr 29)
Re: Not logging to MYSQL Snort-users digest, Vol 1 #3122 - 13 msgsRalf Spenneberg (Apr 29)
Re: Alert.ids log file not being created Snort-users digest, Vol 1 #3122 - 13 msgsRalf Spenneberg (Apr 29)
XML output support for snort 2.0David Stubblefield (Apr 29)
Snort 2.0.0 logging everything when using (session: printable)McKim, Tim (Apr 29)
re: Snort 2.0.0 logging everything when using (session:printable)Gary Flynn (Apr 29)
php is too old !?!?Filipe Dantas (Apr 29)
- Re: php is too old !?!?David Alonso De La Vega Tapage (Apr 29)
  - Re: php is too old !?!?Filipe Dantas (Apr 29)
    - Re: php is too old !?!?David Alonso De La Vega Tapage (Apr 29)
- <Possible follow-ups>
- RE: php is too old !?!?SRH-Lists (Apr 29)
  - RE: php is too old !?!?Filipe Dantas (Apr 30)
Frag Preprocessor Preventing Log ParsingGary Flynn (Apr 29)
porno rulesBryan Irvine (Apr 29)
- Re: porno rulesMatt Kettler (Apr 29)
  - Re: porno rulesBryan Irvine (Apr 29)
    - Broken config directive? or just me?Sam Evans (Apr 29)
    - Re: Broken config directive? or just me?Matt Kettler (Apr 29)
    - Re: Broken config directive? or just me?Chris Green (Apr 30)
- Re: porno rulesBryan Irvine (Apr 29)
  - Re: porno rulesMatt Kettler (Apr 29)
- <Possible follow-ups>
- Re: porno rulesNeil Dickey (Apr 29)
  - Re: porno rulesMatt Kettler (Apr 29)
Question on /var/log/snort directorystormshadow (Apr 29)
- Re: Question on /var/log/snort directoryMatt Kettler (Apr 29)
- <Possible follow-ups>
- Re: Question on /var/log/snort directoryNeil Dickey (Apr 29)
- RE: Question on /var/log/snort directorySlighter, Tim (Apr 29)
catch the http-tunnel traffic with snortDerya Sezen (Apr 29)
RE: porno rules [OT]bmcdowell (Apr 29)
- Re: porno rules [OT]David Alonso De La Vega Tapage (Apr 30)
Snort FilteringMichale (Apr 29)
- Re: Snort FilteringMatt Kettler (Apr 29)
- <Possible follow-ups>
- Re: Snort FilteringNeil Dickey (Apr 29)
  - Re[2]: Snort FilteringMichale (Apr 29)
    - Re: Re[2]: Snort Filteringtwig les (Apr 29)
- RE: Snort FilteringL. Christopher Luther (Apr 29)
- Re: Re[2]: Snort FilteringNeil Dickey (Apr 29)
Re: porno rules -- portscan2 &cNeil Dickey (Apr 29)
- Re: porno rules -- portscan2 &cSkip Carter (Apr 29)
  - Re: portscan2 effectiveness.Matt Kettler (Apr 29)
OT: Drinking game - Content filter replies?Matt Kettler (Apr 29)
- Re: OT: Drinking game - Content filter replies?Skip Carter (Apr 29)
- Re: OT: Drinking game - Content filter replies?Erek Adams (Apr 30)
  - Re: OT: Drinking game - Content filter replies?Matt Kettler (Apr 30)
APPLET catchingDerya Sezen (Apr 29)
False positives due to stream4 issue?Jason Haar (Apr 29)
- Re: False positives due to stream4 issue?Matt Kettler (Apr 29)
  - Re: False positives due to stream4 issue?Jason Haar (Apr 29)
Installing Snort2.0 w/ MySQL supportsnort (Apr 29)
- Re: Installing Snort2.0 w/ MySQL supportDavid Alonso De La Vega Tapage (Apr 30)
- <Possible follow-ups>
- RE: Installing Snort2.0 w/ MySQL supportSecurityAdmin (Apr 30)
regex support problemDerya Sezen (Apr 29)
- Re: regex support problemMatt Kettler (Apr 29)
Role of snort.conf regarding rules? (noob)stormshadow (Apr 29)
- Re: Role of snort.conf regarding rules? (noob)Erek Adams (Apr 30)
- <Possible follow-ups>
- RE: Role of snort.conf regarding rules? (noob)L. Christopher Luther (Apr 30)
Unable to open rules file: snort.conf errorstormshadow (Apr 30)
- Re: Unable to open rules file: snort.conf errord_greenjr (Apr 30)
- Re: Unable to open rules file: snort.conf errorErek Adams (Apr 30)
Quick(noob) question on rules. Role of snort.conf?Ryan C. Sebastian (Apr 30)
snort 2.0.0 under visual C++Ronan Horgan (Apr 30)
- Re: snort 2.0.0 under visual C++Erek Adams (Apr 30)
  - Re: snort 2.0.0 under visual C++Chris Reid (Apr 30)
RE: Quick(noob) question on rules. Role of snort.conf?Bruyere, Michel (Apr 30)
- <Possible follow-ups>
- RE: Quick(noob) question on rules. Role of snort.conf?L. Christopher Luther (Apr 30)
Can snort add a rule to iptables?Eduardo Faria (Apr 30)
- Re: Can snort add a rule to iptables?Erek Adams (Apr 30)
- Re: Can snort add a rule to iptables?Matt Kettler (Apr 30)
Re: portscan2 effectiveness.Neil Dickey (Apr 30)
RE: re: Snort 2.0.0 logging everything when using (session:printable)McKim, Tim (Apr 30)
sql.rules and instanat messengingJames Nonya (Apr 30)
Snort 2.0 changes?Joseph Gresham (Apr 30)
- Re: Snort 2.0 changes?Demetri Mouratis (Apr 30)
Sid 466David Powell (Apr 30)
- Re: Sid 466Matt Kettler (Apr 30)
- Re: Sid 466Erick Mechler (Apr 30)
- <Possible follow-ups>
- RE: Sid 466Semerjian, Ohanes (May 01)
Wrong port numbers - Snort or ACID bug - how to fix?Jerry . L . Rose (Apr 30)
Help with Hogwash on OpenBSDJOE & ANGIE (Apr 30)
- Re: Help with Hogwash on OpenBSDMatt Kettler (Apr 30)
Snort 2.0 not logging any alertsstormshadow (Apr 30)
- Re: Snort 2.0 not logging any alertsMatt Kettler (Apr 30)
Email for Michael Steele - Please redirect - Read InsideMichael Steele (Apr 30)
- Acid user securityJason Linden (May 01)
RE: Wrong port numbers - Snort or ACID bug - how to fix?Semerjian, Ohanes (May 01)
How config Preprocessor (other than the portscan PP) to ignore c ertain hosts?Brad . Watkins (May 01)
- Re: How config Preprocessor (other than the portscan PP) to ignore c ertain hosts?Erek Adams (May 01)
SQL ALert LoggingWilcoxen, Scott (May 01)
RE: Promiscuous interface hacks?Slighter, Tim (May 01)
- snort decoder/dev/null (May 01)
- <Possible follow-ups>
- Re: Promiscuous interface hacks?Carl (May 02)
RE: snort decoderAndy Wood (May 01)
Rule OrderRon Shuck (May 01)
- Re: Rule OrderAllan Dover (May 02)
- <Possible follow-ups>
- RE: Rule OrderRon Shuck (May 02)
Win32, output alert_syslog: host=xxxx broken?JP Vossen (May 01)
- Re: Win32, output alert_syslog: host=xxxx broken?Rich Adamson (May 01)
  - Fixed: Win32, output alert_syslog: host=xxxx broken?JP Vossen (May 01)
NEWBIE-Using Enterprise Snort documentel_wyrm (May 01)
False Positives on POP3 USER & PASS overflow attempt?James M. Driskell (May 01)
Snort - Logsurfer examplesMatt Howell (May 01)
- Message not available
  - Re: Snort - Logsurfer examplesMatt Howell (May 05)
- <Possible follow-ups>
- Re: Snort - Logsurfer examplesMatt Howell (May 01)
snort_decoderBryan Irvine (May 01)
- Re: snort_decoderErick Mechler (May 01)
- Re: snort_decoderMH (May 02)
T/TCP resources -- answer for Andy WoodRichard Bejtlich (May 01)
- <Possible follow-ups>
- RE: T/TCP resources -- answer for Andy WoodAndy Wood (May 01)
  - RE: T/TCP resources -- answer for Andy WoodMH (May 02)
Packet Contents using IDS ModeTay Chee Yong (May 02)
packet traces to test snortBudi Rahardjo (May 02)
- Re: packet traces to test snortErek Adams (May 02)
- Re: packet traces to test snortsnort-users-admin (May 05)
- Re: packet traces to test snortsnort-users-admin (May 06)
- Re: packet traces to test snortsnort-users-admin (May 06)
- <Possible follow-ups>
- Re: packet traces to test snortEric Arnoth (May 06)
RPC + snortJill Tovey (May 02)
Anyone know of a Snort signature for the Deborm worm?Gill, Rob (May 02)
Portscan2 woesRobin Brown (May 02)
- Re: Portscan2 woesMatt Kettler (May 02)
  - Re: Portscan2 woesErek Adams (May 02)
- <Possible follow-ups>
- FW: Portscan2 woesGavin Lowe (May 02)
- FW: Portscan2 woesRobin Brown (May 02)
What NICs are people using?Gordon Cunningham (May 02)
- Re: What NICs are people using?Terence Runge (May 02)
  - RE: What NICs are people using?Gordon Cunningham (May 02)
    - Re: What NICs are people using?Terence Runge (May 02)
- Re: What NICs are people using?Bennett Todd (May 05)
  - RE: What NICs are people using?Gordon Cunningham (May 05)
- <Possible follow-ups>
- RE: What NICs are people using?JP Vossen (May 03)
  - Re: What NICs are people using?David Alonso De La Vega Tapage (May 06)
Snort with DHCPSadanapalli, Pradeep Kumar (MED, TCS) (May 02)
- Re: Snort with DHCPErek Adams (May 02)
  - Re: Snort with DHCPDavid Alonso De La Vega Tapage (May 02)
- <Possible follow-ups>
- RE: Snort with DHCPSadanapalli, Pradeep Kumar (MED, TCS) (May 02)
  - RE: Snort with DHCPErek Adams (May 02)
- RE: Snort with DHCPSadanapalli, Pradeep Kumar (MED, TCS) (May 02)
  - RE: Snort with DHCPErek Adams (May 02)
- RE: Snort with DHCPSadanapalli, Pradeep Kumar (MED, TCS) (May 02)
  - RE: Snort with DHCPErek Adams (May 03)
Archieving Snort Data - Best timeDavid Alonso De La Vega Tapage (May 02)
Lightweight Intrusion Detection for Networks paperPhillip Lynn (May 02)
- Re: Lightweight Intrusion Detection for Networks paperErek Adams (May 02)
RE: Sid 466 (Semerjian, Ohanes)David Powell (May 02)
snort 2.0 on redhat 9.0Anthony Watters (May 03)
- Re: snort 2.0 on redhat 9.0Patrick S. Harper (May 03)
- <Possible follow-ups>
- RE: snort 2.0 on redhat 9.0LAKHANI, AAMIR (May 05)
  - RE: snort 2.0 on redhat 9.0Patrick S. Harper (May 05)
Merging Snort capture files (take 2)JP Vossen (May 04)
Snort 1.9.1 logging to mysql 3.23 ERRORRon Hartmann (May 04)
What are the possible search-method directives?JP Vossen (May 04)
- Re: What are the possible search-method directives?Erek Adams (May 05)
  - Re: What are the possible search-method directives?JP Vossen (May 05)
    - Re: What are the possible search-method directives?Erek Adams (May 05)
snort 2.0: is icmp type missing from syslog format?Michael Scheidell (May 05)
ssp_conversion BAD IP protocol, why?Mike Koponick (May 05)
- Re: ssp_conversion BAD IP protocol, why?Erek Adams (May 05)
- <Possible follow-ups>
- Re: ssp_conversion BAD IP protocol, why?Neil Dickey (May 05)
- RE: ssp_conversion BAD IP protocol, why?Mike Koponick (May 06)
snort v2.0 logging to mysql databaseSemerjian, Ohanes (May 05)
- Re: snort v2.0 logging to mysql databaseErek Adams (May 05)
- <Possible follow-ups>
- RE: snort v2.0 logging to mysql databaseSemerjian, Ohanes (May 06)
- RE: snort v2.0 logging to mysql databaseSemerjian, Ohanes (May 06)
Updated install document for RedHat 9 and Snort 2Patrick S. Harper (May 05)
http decodingDerya Sezen (May 05)
ACID Error: Error (p) connecting to DBPaul Pearston (May 05)
- RE: ACID Error: Error (p) connecting to DBMichael Steele (May 05)
  - RE: ACID Error: Error (p) connecting to DBPaul Pearston (May 05)
- <Possible follow-ups>
- RE: ACID Error: Error (p) connecting to DBSlighter, Tim (May 05)
  - RE: ACID Error: Error (p) connecting to DBPaul Pearston (May 05)
- RE: ACID Error: Error (p) connecting to DBDavid Powell (May 05)
- Re: ACID Error: Error (p) connecting to DBYijia_Zhou (May 06)
- Re: ACID Error: Error (p) connecting to DBDavid Powell (May 06)
Snort sensor on a Firewallsireesha gaddipati (May 05)
- RE: Snort sensor on a FirewallMichael Steele (May 05)
  - RE: Snort sensor on a Firewallsireesha gaddipati (May 05)
    - RE: Snort sensor on a FirewallRafeeq Rehman (May 05)
    - RE: Snort sensor on a FirewallMatt Kettler (May 05)
  - RE: Snort sensor on a FirewallRafeeq Rehman (May 05)
Send data to MySQL and Alert fileAnthony Seung (May 05)
- RE: Send data to MySQL and Alert fileRafeeq Rehman (May 05)
- Re: Send data to MySQL and Alert fileErek Adams (May 05)
- <Possible follow-ups>
- RE: Send data to MySQL and Alert fileL. Christopher Luther (May 05)
- Re: Send data to MySQL and Alert fileYijia_Zhou (May 06)
Sensor agent in SnortCenterDavid Powell (May 05)
- <Possible follow-ups>
- Re: Sensor agent in SnortCenterShawn Truax (May 06)
SNORT On IIS 6.0 and windows 2003 EnterpriseCory D. (May 05)
SnortCenter (Php issue-?)Kuriscak, Ronald (May 05)
RE: Snort-users digest, Vol 1 #3147 - 3 msgsDavid Powell (May 05)
snortcenter questionJames M. Driskell (May 05)
Multiple snorts same monitoring pointbacolod85 (May 05)
it's a test mail.Liuhy (May 05)
RE: Automated snort tuner - IDEA?Scott, Joshua (May 06)
unsubscribe <benz=me> [liqs () neusoft com]BENZ LEE (May 06)
- Re: unsubscribe <benz=me> [liqs () neusoft com]BENZ LEE (May 06)
  - Re: {SPAM} Re: unsubscribe <benz=me> [liqs () neusoft com]Matt Kettler (May 07)
Portscan Traffic (0%)Gosswiler Bjoern (May 06)
making a rule for passing data on a source networkDavid Powell (May 06)
- tcpreplayHanumantha R. Manchala (May 06)
  - Re: tcpreplayMatt Kettler (May 06)
    - Re: tcpreplayEdin Dizdarevic (May 06)
    - RE: tcpreplayMatt Foster (May 07)
  - Re: tcpreplayEdin Dizdarevic (May 06)
SMTP ETRN overflow attemptNO JUNK MAIL (May 06)
- Re: SMTP ETRN overflow attemptMatt Kettler (May 06)
SNORTCENTER connecting to MySQL!!!!Pedro Cunha (May 06)
Snort/Linux NewbieMark Kirkbride (May 06)
- Re: Snort/Linux NewbiePatrick S. Harper (May 06)
- <Possible follow-ups>
- Re: Snort/Linux NewbieMichael Hughes (May 06)
disable /var/log/snort loggingNick White (May 06)
- Re: disable /var/log/snort loggingAnderson Johnston (May 06)
- <Possible follow-ups>
- RE: disable /var/log/snort loggingNick White (May 07)
  - Re: disable /var/log/snort loggingBamm Visscher (May 08)
- RE: disable /var/log/snort loggingJoesph Bowling (May 07)
- RE: disable /var/log/snort loggingL. Christopher Luther (May 07)
- RE: disable /var/log/snort loggingNick White (May 08)
- RE: disable /var/log/snort loggingNick White (May 08)
  - Re: disable /var/log/snort loggingBamm Visscher (May 08)
- RE: disable /var/log/snort loggingL. Christopher Luther (May 08)
- RE: disable /var/log/snort loggingL. Christopher Luther (May 08)
- RE: disable /var/log/snort loggingNick White (May 08)
Rule Type viewDavid Powell (May 06)
New Snort Book - Snort 2.0 Intrusion DetectionBrian Caswell (May 06)
test mailLiuhy (May 07)
Snort 2 inline, demarc -puresecure ?Christophe Zwecker (May 07)
Solaris/hme problemsPaul Carroll (May 07)
Sourcefire and ACIDDeBerry, Casey (May 07)
- RE: Snort agent?Jeronimo Bezerra - Rede/Bol (May 09)
problem in setting up snortAnu Raz (May 07)
- <Possible follow-ups>
- RE: problem in setting up snortL. Christopher Luther (May 07)
DNS Help/ SID 1948Everist, Benjamin S. (NASWI) (May 07)
- <Possible follow-ups>
- RE: DNS Help/ SID 1948Vanish Pattni (DSL AK) (May 07)
  - RE: DNS Help/ SID 1948Demetri Mouratis (May 07)
    - Re: DNS Help/ SID 1948Mathias Gygax (May 07)
- RE: DNS Help/ SID 1948Joesph Bowling (May 07)
Apache for snortLAKHANI, AAMIR (May 07)
- Re: Apache for snortDavid Alonso De La Vega Tapage (May 07)
  - Re: Apache for snortshrek-m () gmx de (May 08)
- <Possible follow-ups>
- Re: Apache for snortJP Vossen (May 07)
- RE: Re: Apache for snortLAKHANI, AAMIR (May 08)
  - Re: Apache for snortshrek-m () gmx de (May 09)
- RE: Re: Apache for snortSlighter, Tim (May 08)
2 instances of Snort running concurrentlyElvira_Byrnes (May 07)
- <Possible follow-ups>
- 2 instances of Snort running concurrentlyElvira_Byrnes (May 08)
Sniffer ModeJeff Jirka (May 07)
- <Possible follow-ups>
- RE: Sniffer ModeL. Christopher Luther (May 12)
RE :2 instances of Snort running concurrentlyElvira_Byrnes (May 07)
public keyTyler Hudak (May 08)
error while connecting snort to mysqlkamblesantosh (May 08)
- Re: error while connecting snort to mysqlDavid Alonso De La Vega Tapage (May 08)
- Re: error while connecting snort to mysqlPatrick S. Harper (May 08)
- <Possible follow-ups>
- RE: error while connecting snort to mysqlElvira_Byrnes (May 08)
snort 2.0 mysql logging &'s >'s and <'smichaeltone1975 (May 08)
Snort missing traffic...?PJ-ML (May 08)
- Message not available
  - Re: Snort missing traffic...?PJ-ML (May 08)
    - Re: Snort missing traffic...?PJ-ML (May 08)
    - Re: Snort missing traffic...?Rich Adamson (May 08)
- <Possible follow-ups>
- RE: Snort missing traffic...?Ponte, Paul F (May 08)
Perl interpreter for Snort rules / CanSecWest talkChristian Kreibich (May 08)
[Snort-Users] new to snort and intrusion detectionJonathan Jesse (May 08)
- Re: [Snort-Users] new to snort and intrusion detectionMichael Boman (May 08)
- <Possible follow-ups>
- RE: [Snort-Users] new to snort and intrusion detectionL. Christopher Luther (May 08)
- RE: [Snort-Users] new to snort and intrusion detectionCloppert, Michael (May 09)
Redhat 8John Hally (May 08)
- Re: Redhat 8Patrick S. Harper (May 08)
alert log file nameErik Tank (May 08)
Re: Snort is not seeing all traffic...Joesph Bowling (May 08)
- Re: Snort is not seeing all traffic...PJ-ML (May 09)
- Re: Snort is not seeing all traffic...PJ-ML (May 09)
- <Possible follow-ups>
- Re: Snort is not seeing all traffic...Joesph Bowling (May 09)
Snortcenter and v2?Kevin Peuhkurinen (May 09)
Anyone Use 3Com Gigabit Fiber-SX NIC?John Crain (May 09)
- <Possible follow-ups>
- RE: Anyone Use 3Com Gigabit Fiber-SX NIC?Ricardo, Gerson (May 09)
  - RE: Anyone Use 3Com Gigabit Fiber-SX NIC?John Crain (May 09)
- RE: Anyone Use 3Com Gigabit Fiber-SX NIC?Ricardo, Gerson (May 09)
Guardian with Snort - HelpImran Ahmad (May 09)
- Re: Guardian with Snort - HelpSnortman (Jun 04)
possible Snort 2.0 bugShoshin (May 09)
- Re: possible Snort 2.0 bugMatt Kettler (May 09)
Sigs for MSN Messenger.David Gianndrea (May 09)
- Re: Sigs for MSN Messenger.Brian (May 20)
Re: A question about flow:established keywordRisto Vaarandi (May 09)
- Re: A question about flow:established keywordRisto Vaarandi (May 09)
infocristal_ball (May 09)
- Re: infoPatrick S. Harper (May 09)
What data does "-A unsock" really send?Emmanuel Guiton (May 09)
- Re: What data does "-A unsock" really send?Paul B. Poh (May 09)
snort-decoderJohn Hally (May 09)
- <Possible follow-ups>
- snort-decoderJohn Hally (May 12)
- Re: snort-decoderMatt Kettler (May 12)
Check for NO TCP Flags set?Sheahan, Paul (May 09)
- Re: Check for NO TCP Flags set?Chris Green (May 09)
- <Possible follow-ups>
- Re: Check for NO TCP Flags set?MH (May 09)
- Re: Check for NO TCP Flags set?Matt Kettler (May 09)
RE: Snort agent?Joesph Bowling (May 09)
Need recommendations for good books on the security topicBjørn Rasmussen (May 09)
- Re: Need recommendations for good books on thesecurity topicShawn Duffy (May 10)
- Re: [Users] Need recommendations for good books on the security topicHaitham (May 11)
- Re: [Users] Need recommendations for good books on the security topicAndreas Steffen (May 12)
Announcing sp_perlJeff Nathan (May 10)
- Re: [Snort-sigs] Announcing sp_perlChris Green (May 12)
- RE-Announcing sp_perlBrian (May 13)
RE: Need recommendations for good booksRichard Bejtlich (May 11)
Acid shows sensors as 0Saquib Khan (May 11)
- Re: Acid shows sensors as 0Patrick S. Harper (May 11)
Evading IDSJoe Horton (May 11)
packetscristal_ball (May 12)
- Tracing certain file requests ...Jon Baer (May 12)
Logging facilities...peter . grosse-hering (May 12)
ACID problem: PHP Fatal error: Cannot instantiate non-existent class (adodb)Edin Dizdarevic (May 12)
- Re: ACID problem: PHP Fatal error: Cannot instantiate non-existent class (adodb)David Alonso De La Vega Tapage (May 12)
Re: AW: ACID problem: PHP Fatal error: Cannot instanti ate non-existent class (adodb)Edin Dizdarevic (May 12)
Accessing SnortCenterLAKHANI, AAMIR (May 12)
- <Possible follow-ups>
- RE: Accessing SnortCenterLAKHANI, AAMIR (May 12)
  - RE: Accessing SnortCenterPaul Pearston (May 12)
writing signaturesRobert Quenville (May 12)
- RE: writing signaturesMatt Nelson (May 12)
Fizzer Worm SignatureTy Bodell (May 12)
- Re: Fizzer Worm SignatureMichael Bell (May 13)
- <Possible follow-ups>
- Re: Fizzer Worm SignatureHudak, Tyler (May 13)
Bus error on sparcMichael Bell (May 12)
- Re: Bus error on sparcMichael Bell (May 13)
  - Re: Bus error on sparcMichael Bell (May 14)
    - Re: Bus error on sparcMichael Bell (May 14)
    - Re: Bus error on sparcMichael Bell (May 14)
    - Re: Bus error on sparcAndrew R. Baker (May 15)
    - Re: Bus error on sparcMichael Bell (May 16)
    - Re: Re: [Snort-users] Bus error on sparcAndrew R. Baker (May 16)
Newbie - log and alert - what is the difference?Jon Paterson (May 13)
- Re: Newbie - log and alert - what is the difference?Joerg Weber (May 13)
Snort+Real SecureGustavo Tamae (May 13)
NewbieStefan Kohn (May 13)
Running Acid for the first timeSaquib Khan (May 13)
signature updateJochen Vogel (May 13)
Snort 2.0 + mysql, Make problemsMahdi Kefayati (May 13)
Anyone Using a Compaq/HP ProLiant DL360?John Crain (May 13)
- <Possible follow-ups>
- Re: Anyone Using a Compaq/HP ProLiant DL360?Chris Mann (May 13)
- RE: Anyone Using a Compaq/HP ProLiant DL360?Ghercoias, Catalin (May 13)
Question on acid - Rules questionSnow Jacob C KPWA (May 13)
HOWTO Ignore specific IP addressesMichael Parkinson (May 13)
- Re: HOWTO Ignore specific IP addressesDemetri Mouratis (May 13)
- Re: HOWTO Ignore specific IP addressesEdin Dizdarevic (May 13)
- Re: HOWTO Ignore specific IP addressesDragos Ruiu (May 13)
- <Possible follow-ups>
- RE: HOWTO Ignore specific IP addressesSteven Rudolph (May 13)
Fizzer Virus SignatureJeremy Junginger (May 13)
- <Possible follow-ups>
- Fizzer Virus SignatureJeremy Junginger (May 13)
  - Re: Fizzer Virus SignatureChris Keladis (May 14)
- RE: Fizzer Virus SignatureL. Christopher Luther (May 13)
- RE: Fizzer Virus Signatureoperator (May 14)
  - Re: Fizzer Virus SignatureJason Haar (May 14)
Re: Multiple interfaces? and SNort 2.0Ueli Kistler (May 13)
Couldn't resolve hostname HOME_NETCarlos Felix (May 13)
- <Possible follow-ups>
- Re: Couldn't resolve hostname HOME_NETNeil Dickey (May 13)
  - Re: Couldn't resolve hostname HOME_NETCarlos Felix (May 13)
- RE: Couldn't resolve hostname HOME_NETSchmehl, Paul L (May 13)
- RE: Couldn't resolve hostname HOME_NETL. Christopher Luther (May 13)
snmp trap handlerJosh Restivo (May 13)
- <Possible follow-ups>
- RE: snmp trap handlerlarosa, vjay (May 13)
Questionable snort data downloaded from incidents.org for practicalDon Murdoch (May 13)
MS-SQL ping attempt is illegal or not?sb ch (May 13)
False Alarm - still not solvedHolger Marzen (May 14)
Snort 2.0 + MySQL + SMBalerts questionDirk Stubbs (May 14)
- <Possible follow-ups>
- RE: Snort 2.0 + MySQL + SMBalerts questionL. Christopher Luther (May 14)
how to use snort in a switched environmentJeremy Rodriguez (May 14)
- Re: how to use snort in a switched environmentErek Adams (May 14)
- Re: how to use snort in a switched environmentCarlos Felix (May 14)
  - Message not available
    - RE: how to use snort in a switched environmentCarlos Felix (May 14)
  - Re: how to use snort in a switched environmentCarlos Felix (May 14)
- <Possible follow-ups>
- Re: how to use snort in a switched environmentLes Addison (May 14)
  - Re: how to use snort in a switched environmentMatt Schillinger (May 14)
How to log as ASCII?peter . grosse-hering (May 14)
- Re: How to log as ASCII?Erek Adams (May 14)
Snort on-line detection rate?方磊 (May 14)
- Re: Snort on-line detection rate?Erek Adams (May 14)
Snort sensor agentsireesha gaddipati (May 14)
- Re: Snort sensor agentlarc (May 14)
  - Re: Snort sensor agentsireesha gaddipati (May 14)
SnortCenter 1.0-RC1 releasedlarc (May 14)
Dangerous to use custom ruletypes?Martin Olsson (May 14)
- Re: Dangerous to use custom ruletypes?Erek Adams (May 14)
  - Re: Dangerous to use custom ruletypes?Martin Olsson (May 14)
- <Possible follow-ups>
- Re: Dangerous to use custom ruletypes?Neil Dickey (May 14)
interface initializationd . sherred (May 14)
- Re: interface initializationtwig les (May 14)
- Re: interface initializationsecurity people (May 14)
- RE: interface initializationDavid Markle (May 14)
announcing a new spo_xmlRoman Danyliw (May 14)
- <Possible follow-ups>
- Re: announcing a new spo_xmlRoman Danyliw (May 14)
using snortcenter agents on multiple interface sensor?Horta, Benny (May 14)
dump of IPSEC and PPTPdreamwvr () dreamwvr com (May 14)
- Re: dump of IPSEC and PPTPMatt Kettler (May 14)
SnortCenter v1.0-RC1David Powell (May 14)
- Re: SnortCenter v1.0-RC1larc (May 15)
  - unsubscribeBlack Jack (May 15)
- Re: SnortCenter v1.0-RC1stefan dens (May 15)
Rule codeJan van den Berg (May 14)
Disabling flow control from command lineRoberto Suarez Soto (May 15)
Snort AlertsTed Sanft (May 15)
Hi,Derek Sherred (May 15)
- Re: Hi,Jason Boykin (May 15)
- Re: Hi,Erek Adams (May 15)
- Re: Hi,David Alonso De La Vega Tapage (May 16)
  - IP Header Data Type PreferenceDavid Markle (May 16)
    - Re: IP Header Data Type PreferencePaul B. Poh (May 16)
    - Re: IP Header Data Type PreferenceBrian (May 16)
    - Re: IP Header Data Type PreferenceMichael L. Artz (May 18)
Snort 2.0.0, Running but no activity. No loggingIlo Lorusso (May 15)
syslog output pluginJosé M. Fandiño (May 15)
- <Possible follow-ups>
- RE: syslog output pluginL. Christopher Luther (May 15)
Switch TAP placement question.Brei, Matt (May 15)
- Re: Switch TAP placement question.Erek Adams (May 15)
3 questions on rulesGarrett . Allen (May 15)
- Re: 3 questions on rulesErek Adams (May 15)
  - Re: 3 questions on rulesBrian (May 15)
    - Re: 3 questions on rulesErek Adams (May 15)
- <Possible follow-ups>
- RE: 3 questions on rulesGarrett . Allen (May 15)
  - RE: 3 questions on rulesErek Adams (May 15)
- RE: 3 questions on rulesGarrett . Allen (May 15)
Snort's config detection: optionsUeli Kistler (May 15)
Snort Reporting ToolsVendl, Mark E. (May 15)
- Re: Snort Reporting ToolsTerence Runge (May 15)
  - Re: Snort Reporting ToolsJason Boykin (May 15)
    - Re: Snort Reporting Toolsjeremy chartier (May 16)
SegfaultIntelliSTAR Security (May 15)
- Re: SegfaultChris Timmons (May 15)
- Re: SegfaultErek Adams (May 15)
  - Re: SegfaultChris Timmons (May 15)
Using RESP with two Eth interfacesAndrew Cogger (May 15)
- Re: Using RESP with two Eth interfacesJeff Nathan (May 15)
Snort MySQL databaseElvira_Byrnes (May 15)
- <Possible follow-ups>
- RE: Snort MySQL databaseNelson, Ben (May 15)
- RE: Snort MySQL databaseElvira_Byrnes (May 15)
- RE: Snort MySQL databaseElvira_Byrnes (May 15)
Where is the bottleneck?方磊 (May 15)
- RE: Where is the bottleneck?Yiming Gong (May 15)
Snort with MySQL,ACIDElvira_Byrnes (May 15)
- Re: Snort with MySQL,ACIDoperator (May 15)
- <Possible follow-ups>
- RE: Snort with MySQL,ACIDElvira_Byrnes (May 16)
SnortReportElvira_Byrnes (May 16)
Log to database don't work.mnemonic (May 16)
- Re: Log to database don't work.Jan Gruber (May 16)
- <Possible follow-ups>
- Log to database don't work.mnemonic (May 16)
- log to database don't work.dm (May 16)
DB Problem (long lines)Jan Gruber (May 16)
- Re: DB Problem (long lines)Jan Gruber (May 16)
- <Possible follow-ups>
- DB Problem (long lines)Jan Gruber (May 16)
$HTTP_SERVERS variableBrian.Kiefel (May 16)
SnortSnarf usesMike Koponick (May 16)
Log to DB don't workDmitri Manushin (May 16)
- Re: Log to DB don't workErek Adams (May 16)
Snort Signature UpdatesSteve An (May 16)
- Re: Snort Signature UpdatesErek Adams (May 16)
how do you delete a dbase to upgrade snortcenter?Horta, Benny (May 16)
- RE: how do you delete a dbase to upgrade snortcenter?David Markle (May 16)
Who can explain this?where is the bottleneck?rocky (May 16)
- Re: Who can explain this?where is the bottleneck?Edin Dizdarevic (May 16)
- <Possible follow-ups>
- RE: Who can explain this?where is the bottleneck?Ricardo, Gerson (May 16)
Postgres VS mysql performanceHorta, Benny (May 16)
how would you log failed windows logins etc?Horta, Benny (May 16)
- RE: how would you log failed windows logins etc?Gavin Lowe (May 16)
ACID 1.0 RC1 - Archive ProblemChris Kuivenhoven (May 16)
- RE: ACID 1.0 RC1 - Archive ProblemChris (May 16)
- <Possible follow-ups>
- ACID 1.0 RC1 - Archive ProblemChris Kuivenhoven (May 19)
SID 1549 alerts -- what the heck is this ?Fritsche, Jeff (May 16)
- <Possible follow-ups>
- Re: SID 1549 alerts -- what the heck is this ?Matt Kettler (May 16)
RE: IP Header Data Type PreferenceL. Christopher Luther (May 16)
Problem with flow:establishedMichael Schwartzkopff (May 17)
ACID' errorTom Murdock (May 17)
Strange Alert discrepancy reading from log-fileDaniel Clark (May 17)
can't use the connection after the start of snortpayothlh (May 18)
- <Possible follow-ups>
- Re: can't use the connection after the start of snortJavier Liendo (May 18)
  - Re: can't use the connection after the start of snortpayothlh (May 18)
- can't use the connection after the start of snortjjeux (May 19)
- can't use the connection after the start of snortjjeux (May 19)
ignore thispayothlh (May 18)
- Re: ignore thisPatrick S. Harper (May 18)
snort-replay problem-urgentVaidehi Kasarekar (May 18)
- Re: snort-replay problem-urgentAndreas Östling (May 19)
no longer connection after starting snortjjeux (May 19)
- Re: no longer connection after starting snortRich Adamson (May 19)
Snort.conf & stealth modefrancesco (May 19)
- <Possible follow-ups>
- Snort.conf & stealth modefrancesco (May 23)
  - Re: Snort.conf & stealth modeDemetri Mouratis (May 23)
  - Re: Snort.conf & stealth modeErek Adams (May 23)
Rules just don't show up in SNortcenterMatthew McCarty (May 19)
- Re: Rules just don't show up in SNortcenterJoerg Weber (May 20)
- Re: Rules just don't show up in SNortcenterDaniel Clark (May 20)
Tips for using ACID in a mult-admin environment?Williams Jon (May 19)
- Re: Tips for using ACID in a mult-admin environment?Anthony Kim (May 30)
Syslog,MySql, IDS Center /Eagle XMcBurnett, Jim (May 19)
- Re: Syslog,MySql, IDS Center /Eagle XUeli Kistler (May 19)
- Re: Syslog,MySql, IDS Center /Eagle XUeli Kistler (May 19)
- <Possible follow-ups>
- RE: Syslog,MySql, IDS Center /Eagle XMcBurnett, Jim (May 19)
Snort output redirection bufferedJP Vossen (May 19)
- Re: Snort output redirection bufferedChris Green (May 19)
Snort_decoder questionHobgood, Frankie (May 19)
Alerts and packet capture - MYSQLSnow Jacob C KPWA (May 19)
- Re: Alerts and packet capture - MYSQLErek Adams (May 19)
- <Possible follow-ups>
- Alerts and packet capture - MYSQLSnow Jacob C KPWA (May 19)
ACID displaying 0 SensorsKuriscak, Ronald (May 19)
- RE: ACID displaying 0 SensorsBrian Gregorcy (May 20)
Can I do the flow equiv of "Flags:S"?Jason Haar (May 19)
- Re: Can I do the flow equiv of "Flags:S"?Matt Kettler (May 20)
fnord pluginMichael L. Artz (May 19)
SnortSnarfElvira_Byrnes (May 19)
- <Possible follow-ups>
- RE: SnortSnarfPotts, Ross A. (May 20)
AW: Syslog,MySql, IDS Center /Eagle XFreddie Soerensen (May 20)
- Re: AW: Syslog,MySql, IDS Center /Eagle XUeli Kistler (May 20)
pb with ports...phelles (May 20)
- Re: pb with ports...payothlh (May 20)
- Re: pb with ports...Matt Kettler (May 20)
  - Re: pb with ports...Glenn Forbes Fleming Larratt (May 20)
ICMP Ping NMAP troubleshootingStephen W. Thomas (May 20)
- Re: ICMP Ping NMAP troubleshootingErek Adams (May 20)
- Re: ICMP Ping NMAP troubleshootingSimon Gray (May 20)
- <Possible follow-ups>
- RE: ICMP Ping NMAP troubleshootingStephen W. Thomas (May 20)
  - RE: ICMP Ping NMAP troubleshootingErek Adams (May 20)
- RE: ICMP Ping NMAP troubleshootingStephen W. Thomas (May 20)
- RE: ICMP Ping NMAP troubleshootingStephen W. Thomas (May 20)
  - RE: ICMP Ping NMAP troubleshooting [snort-users-admin () lists sourceforge net in Pass-Through List] ['snort' in Pass-Through List] ['snort-users' in Pass-Through List] ['snort' in Pass-Through List]Erek Adams (May 20)
Compilation Bug (Solaris 9, Snort 2.0.0, Sun CC)Roy S. Rapoport (May 20)
- Re: Compilation Bug (Solaris 9, Snort 2.0.0, Sun CC)Chris Green (May 20)
  - Re: Compilation Bug (Solaris 9, Snort 2.0.0, Sun CC)Roy S. Rapoport (May 20)
AW: SnortSnarfPoppi, Sandro (May 20)
AW: AW: Syslog,MySql, IDS Center /Eagle XFreddie Soerensen (May 20)
RE: Compilation Bug (Solaris 9, Snort 2.0.0, Sun CC)SRH-Lists (May 20)
Trouble Snorting with Multiple InterfacesTravis Rodak (May 20)
- Re: Trouble Snorting with Multiple InterfacesDavid Alonso De La Vega Tapage (May 21)
- RE: Trouble Snorting with Multiple InterfacesGordon Cunningham (May 22)
Re: Snort & AcidColin . Slevin (May 21)
- Re: Re: Snort & AcidErek Adams (May 21)
- <Possible follow-ups>
- Snort & AcidColin . Slevin (May 21)
- Snort & AcidColin . Slevin (May 21)
  - Re: Snort & AcidErek Adams (May 21)
- Re: Snort & AcidColin . Slevin (May 22)
  - Re: Snort & AcidErek Adams (May 21)
- Re: Snort & AcidColin . Slevin (May 22)
error with mysqlgaojiang (May 21)
- Re: error with mysqlErek Adams (May 21)
- <Possible follow-ups>
- RE: error with mysqlTinsley Paul (May 21)
- RE: error with mysqlJonathan Jesse (May 21)
Newbie looking for helpAtkins, Dwane P (May 21)
Re: My Linux libpcapPhil Wood (May 21)
Acid database lost events, help!!!Brei, Matt (May 21)
- <Possible follow-ups>
- RE: Acid database lost events, help!!!Tinsley Paul (May 21)
- RE: Acid database lost events, help!!!Brei, Matt (May 21)
- RE: Acid database lost events, help!!!Tinsley Paul (May 21)
Some help with barnyard neededNicholas Delo (May 21)
- Re: Some help with barnyard neededAndrew R. Baker (May 21)
- Re: Some help with barnyard neededErek Adams (May 21)
- Re: Some help with barnyard neededEdin Dizdarevic (May 21)
- <Possible follow-ups>
- RE: Some help with barnyard neededSRH-Lists (May 21)
is there an ftp site to fetch rulesGarrett . Allen (May 21)
- Re: is there an ftp site to fetch rulesJon Baer (May 21)
- Re: is there an ftp site to fetch rulesBamm Visscher (May 21)
- Re: is there an ftp site to fetch rulesMatt Kettler (May 21)
- Re: is there an ftp site to fetch rulesGeorge Theall (May 21)
- <Possible follow-ups>
- RE: is there an ftp site to fetch rulesGarrett . Allen (May 21)
- RE: is there an ftp site to fetch rulesSchmehl, Paul L (May 21)
Rule order--almost works?JP Vossen (May 21)
- <Possible follow-ups>
- RE: Rule order--almost works?Ron Shuck (May 21)
Problem & Solution - Snort binary log file timestamps screwed upCloppert, Michael (May 21)
Very basic questionRyan Koster (May 21)
- Re: Very basic questionDemetri Mouratis (May 21)
- <Possible follow-ups>
- Re: Very basic questionMatt Kettler (May 21)
- RE: Very basic questionTinsley Paul (May 21)
Snort alerts to SNMPPaul . Fiero (May 21)
- Re: Snort alerts to SNMPRafeeq Rehman (May 21)
  - Re: Snort alerts to SNMPRoy S. Rapoport (May 21)
    - Re: Snort alerts to SNMPRafeeq Rehman (May 21)
Sguil-0.2 ReleasedBamm Visscher (May 21)
- Re: Sguil-0.2 Releasedfatb (May 21)
  - Re: Sguil-0.2 ReleasedBamm Visscher (May 21)
IDS PricingComcast (May 21)
- RE: IDS PricingBrian Gregorcy (May 21)
  - RE: IDS Pricingtwig les (May 21)
- RE: IDS PricingChris (May 21)
IDMEF PluginTimothy Lelesi (May 21)
Interest in Snort/Acid/SnortCenter/etc... Integrated RPM and Setup?Chris (May 21)
- Re: Interest in Snort/Acid/SnortCenter/etc... Integrated RPM and Setup?Sumit Dhar (May 21)
- <Possible follow-ups>
- Interest in Snort/Acid/SnortCenter/etc... Integrated RPM and Setup?Steve Nutt (May 22)
Distributed Snort managementNelson, Ben (May 21)
- Re: Distributed Snort managementMichael L. Artz (May 21)
- Re: Distributed Snort managementRichard DeYoung (May 21)
- <Possible follow-ups>
- Re: Distributed Snort managementShawn Truax (May 23)
AW: IDMEF PluginPoppi, Sandro (May 22)
central logging and bufferingJochen Vogel (May 22)
- Re: central logging and bufferingEdin Dizdarevic (May 22)
  - Re: central logging and bufferingJason Haar (May 22)
error Snort + MySQLKim Depover (May 22)
Misfiring Rule SID1948Steve Halligan (May 22)
fail to access mysqlhonda (May 22)
Starter DoubtsMarcelo Ribeiro (May 22)
- <Possible follow-ups>
- RE: Starter DoubtsJose Fernandes (IT) (May 22)
  - switched environmentM. Yu (May 22)
Best External_Net settingStephen W. Thomas (May 22)
- Re: Best External_Net settingErek Adams (May 22)
- Re: Best External_Net settingRoy S. Rapoport (May 22)
AW: Starter DoubtsPoppi, Sandro (May 22)
False Alerts 1882 id check returned useridLance Worthington (May 22)
- <Possible follow-ups>
- RE: False Alerts 1882 id check returned useridStephen W. Thomas (May 23)
way for test snort ?payothlh (May 22)
- RE: way for test snort ?Matt Nelson (May 22)
- Re: way for test snort ?Nicholas Bachmann (May 22)
  - RE: way for test snort ?Brian Laing (May 27)
- Re: way for test snort ?David Alonso De La Vega Tapage (May 23)
- <Possible follow-ups>
- RE: way for test snort ?Johan Sunnerstig (May 23)
  - Re: way for test snort ?payothlh (May 23)
Can snort create actual traffic? (imp)Vaidehi Kasarekar (May 22)
- Re: Can snort create actual traffic? (imp)security people (May 23)
- Re: Can snort create actual traffic? (imp)Erek Adams (May 23)
Any Fortune 500 users out thereAndy S Shrock (May 23)
- Re: Any Fortune 500 users out thereNicholas Bachmann (May 23)
MySQL error during SNORT setupArnold Trauth (May 23)
- RE: MySQL error during SNORT setupBrian Gregorcy (May 23)
- Re: MySQL error during SNORT setupGuillaume Rix (May 23)
- <Possible follow-ups>
- RE: MySQL error during SNORT setupHutchinson, Andrew (May 23)
- RE: MySQL error during SNORT setupSlighter, Tim (May 23)
- RE: MySQL error during SNORT setupL. Christopher Luther (May 23)
Suggestions.......Remo Mattei (May 23)
Portscan2 dies ...Neil Dickey (May 23)
error snort + MySQL - SAME PROBLEM HERE.Christopher . Downs (May 23)
- Re: error snort + MySQL - SAME PROBLEM HERE.Kenneth G. Arnold (May 23)
- <Possible follow-ups>
- Re: error snort + MySQL - SAME PROBLEM HERE.Christopher . Downs (May 23)
  - Re: error snort + MySQL - SAME PROBLEM HERE.Edin Dizdarevic (May 23)
- Re: error snort + MySQL - SAME PROBLEM HERE.Christopher . Downs (May 23)
  - Re: error snort + MySQL - SAME PROBLEM HERE.Edin Dizdarevic (May 23)
- Re: error snort + MySQL - SAME PROBLEM HERE.Christopher . Downs (May 23)
- Re: error snort + MySQL - SAME PROBLEM HERE.Edin Dizdarevic (May 23)
- Re: error snort + MySQL - SAME PROBLEM HERE.Christopher . Downs (May 23)
(spp_stream4) STEALTH ACTIVITY (unknown) detectionEverist, Benjamin S. (NASWI) (May 23)
unknown output plugin: 'alert_syslog'Jeff Dickens (May 23)
- Re: unknown output plugin: 'alert_syslog'Matt Kettler (May 23)
Creating ACID tables in MySQL databaseArnold Trauth (May 23)
- Re: Creating ACID tables in MySQL databaseJon Baer (May 23)
Quick Poll: RH9 + Snort + MySQL + ACIDSnort Y (May 23)
- Re: Quick Poll: RH9 + Snort + MySQL + ACIDIntelliSTAR Security (May 23)
  - Re: Quick Poll: RH9 + Snort + MySQL + ACIDSnort Y (May 24)
- Re: Quick Poll: RH9 + Snort + MySQL + ACIDsecurity people (May 23)
- Re: Quick Poll: RH9 + Snort + MySQL + ACIDCraig Paterson (May 23)
- <Possible follow-ups>
- Re: Quick Poll: RH9 + Snort + MySQL + ACIDTy Bodell (May 24)
Snort documentationMichael Conlen (May 23)
- Re: Snort documentationErek Adams (May 25)
Barnyard Dumping To Wrong DirectoryPawloski, Kevin (May 23)
stealth mode and openbsd 3.3Bert Beaudin (May 23)
- Re: stealth mode and openbsd 3.3MH (May 24)
- Re: stealth mode and openbsd 3.3Erek Adams (May 27)
ettercap sig?Jon Baer (May 23)
A Working Logsurfer Example for Snort 2.0Matt Howell (May 23)
- Re: A Working Logsurfer Example for Snort 2.0Edin Dizdarevic (May 23)
SNORT / Shadow config setting questionRaven, Mark (May 23)
- Re: SNORT / Shadow config setting questionErek Adams (May 27)
Improved snortd init scriptJP Vossen (May 23)
Snort bug in syslog output?JP Vossen (May 23)
Updated: Improved snortd init scriptJP Vossen (May 23)
Windows Users: Attention to New Support Site...Michael Steele (May 23)
libpcap not found by configureJames Schnack (May 23)
- <Possible follow-ups>
- libpcap not found by configureJames Schnack (May 27)
  - Re: libpcap not found by configurepayothlh (May 27)
- Re: libpcap not found by configureJames Schnack (May 28)
- Re: libpcap not found by configureJames Schnack (May 28)
Stealth syslog to remote serverCarol Overes (May 24)
- <Possible follow-ups>
- RE: Stealth syslog to remote serverJP Vossen (May 24)
turn off some loggingJonathan (May 24)
Truncated Tcp Options?Sh J (May 24)
- Re: Truncated Tcp Options?MH (May 26)
How to install Snort on Jaguar 10.2.6?George Mogiljansky (May 24)
stream4 reassembly bugYonah Russ (May 25)
functionality questionEric Garnel (May 25)
- <Possible follow-ups>
- RE: functionality questionbmcdowell (May 27)
Sorry if repost - can I use Snort with Jaguar?George Mogiljansky (May 25)
- Re: Sorry if repost - can I use Snort with Jaguar?Jason (May 25)
Problems with logging to mysql dbDonnie Green (May 25)
- Re: Problems with logging to mysql dbShawn Duffy (May 26)
- <Possible follow-ups>
- Problems with logging to mysql dbd_greenjr (May 26)
  - Re: Problems with logging to mysql dbDavid Alonso De La Vega Tapage (May 26)
Netmask not specifiedRobert Golovniov (May 26)
- Re: Netmask not specifiedCiprian Badescu (May 26)
openbsd 3.3 sparc64 snort 2.0 core dump.Benjamin Ash (May 26)
RE: using SNORT with JaguarGeorge Mogiljansky (May 26)
- Re: using SNORT with JaguarJason (May 25)
- Re: RE: using SNORT with JaguarNick Zitzmann (May 26)
[Fwd: [Fwd: Re: Snort-snmp for snort-2.0.0]]Glenn Mansfield Keeni (May 27)
- Re: [Fwd: [Fwd: Re: Snort-snmp for snort-2.0.0]]Jose Vicente Nunez Z (May 27)
arpspoof verbose output in 2.0?Arey, Jeff (May 27)
- Re: arpspoof verbose output in 2.0?Jeff Nathan (May 28)
SNORT and Shadow setting questionmark (May 27)
multiple interfaces on a Snort sensorfrancesco (May 27)
- Re: multiple interfaces on a Snort sensorEdin Dizdarevic (May 27)
strange behavior in rule processing?lpj0508 (May 27)
snort 2.0 run errorSemerjian, Ohanes (May 27)
Snort can't determine the hostname correctly when lauch by a scriptIDS snort (May 27)
OT(Sorta): Querying acid/snort db from third party softwareJason (May 27)
Embedded Snort?Michael Whitley (May 27)
Elkern WormLorraine Cannavale (May 27)
- Re: Elkern WormTerence Runge (May 27)
- <Possible follow-ups>
- Re: Elkern WormKenneth G. Arnold (May 27)
Snortcenter / byte_jumpMatthew Southworth (May 27)
- Re: Snortcenter / byte_jumpJoerg Weber (May 28)
- Re: Snortcenter / byte_jumpJoerg Weber (May 30)
- <Possible follow-ups>
- Re: Snortcenter / byte_jumpReeves, Michael (GEAE, Compaq) (Jun 04)
  - Re: Snortcenter / byte_jumplarc (Jun 04)
1.9.1 versus 2.0.xJohn Sage (May 27)
- Re: 1.9.1 versus 2.0.xChris Green (May 27)
  - Re: 1.9.1 versus 2.0.xJohn Sage (May 27)
Snort + IPv6jhorgan (May 27)
- <Possible follow-ups>
- Re: Snort + IPv6Matt Kettler (May 27)
Re: Snort-snmp for snort-2.0.0David Powell (May 27)
- Re: Snort-snmp for snort-2.0.0Glenn Mansfield Keeni (May 27)
  - Snort Event Ids on win2000C Wells (May 27)
    - RE: Snort Event Ids on win2000Michael Steele (May 27)
[Fwd: [Fwd: [Fwd: Re: Snort-snmp for snort-2.0.0]]]Glenn Mansfield Keeni (May 27)
snort - barnyard and acidRussell Fulton (May 27)
RE: Snort Event Ids on win2000Joe Kinsella (May 28)
- RE: Snort Event Ids on win2000Michael Steele (May 28)
- <Possible follow-ups>
- RE: Snort Event Ids on win2000Joe Kinsella (May 28)
  - RE: Snort Event Ids on win2000Michael Steele (May 28)
    - Re: Snort Event Ids on win2000Chris Reid (May 28)
    - Re: Snort Event Ids on win2000Michael A. Davis (May 28)
cannot start snort sensorJeremy Bartels (May 28)
- Re: cannot start snort sensorErick Mechler (May 28)
how to start snort service on win2000 pro successfully?qxw14 (May 28)
- RE: how to start snort service on win2000 pro successfully?Michael Steele (May 28)
Openbsd 3.3 snort no log outputDuncan Matthew Stirling (May 28)
- Re: Openbsd 3.3 snort no log outputErek Adams (May 28)
what's the meaning of "ERROR: OpenPcap() FSM compilation failed:"qxw14 (May 28)
RE: Snort-users digest, Vol 1 #3204 - 10 msgsRon Shuck (May 28)
[Snort-users]: posting the packet's timeBHR Hana (May 28)
Arrrghhh!....help..me...Tim (May 28)
- Re: Arrrghhh!....help..me...Demetri Mouratis (May 28)
Contd'..Arrrghhh!....help..me...Tim (May 28)
no log for the entire networkMilko Ilari (May 29)
- Re: no log for the entire networkErek Adams (May 29)
ERROR: curl: (6) name lookup time-outedJeremy Bartels (May 29)
Arrrghhh!!...help..me...Tim (May 29)
- Re: Arrrghhh!!...help..me...Erek Adams (May 29)
  - Re: Arrrghhh!!...help..me...Jason Boykin (May 29)
unknown sidsBernard Robbins (May 29)
- Re: unknown sidsErick Mechler (May 29)
Jaguar user (i.e. newbie) questionGeorge Mogiljansky (May 29)
unable to start snortNick Scheider (May 29)
- Re: unable to start snortShawn Duffy (May 29)
- RE: unable to start snortBrian Gregorcy (May 29)
  - RE: unable to start snortChris (May 29)
- <Possible follow-ups>
- RE: unable to start snortPacheco, Michael F. (May 29)
- RE: unable to start snortNick Scheider (May 29)
  - Detecting ConnectionsFaiz Ahmad Shuja (May 29)
Firing off Abuse email based on Snort TrafficMatt Howell (May 29)
- Re: Firing off Abuse email based on Snort TrafficMatt Kettler (May 29)
  - RE: Firing off Abuse email based on Snort TrafficChris (May 29)
    - RE: Firing off Abuse email based on Snort Trafficdave (May 29)
  - Re: Firing off Abuse email based on Snort TrafficMatt Howell (May 29)
    - Re: Firing off Abuse email based on Snort TrafficErek Adams (May 29)
    - Re: Firing off Abuse email based on Snort TrafficMatt Howell (May 29)
    - Re: Firing off Abuse email based on Snort TrafficSkip Carter (May 29)
    - Re: Firing off Abuse email based on Snort TrafficBudi Rahardjo (May 29)
    - Re: Firing off Abuse email based on Snort TrafficMichael H. Warfield (May 29)
  - Re: Firing off Abuse email based on Snort TrafficFrank Knobbe (May 29)
  - Re: [OT] Firing off Abuse email based on Snort TrafficMatt Kettler (May 30)
    - Re: [OT] Firing off Abuse email based on Snort TrafficMatt Howell (May 30)
    - Re: [OT] Firing off Abuse email based on Snort Trafficjames (May 30)
- RE: Firing off Abuse email based on Snort TrafficNicholas Delo (May 29)
- Re: Firing off Abuse email based on Snort TrafficMark Rowlands (May 29)
- Re: Firing off Abuse email based on Snort TrafficTodd Holloway (May 30)
- <Possible follow-ups>
- RE: Firing off Abuse email based on Snort Trafficbmcdowell (May 29)
  - RE: Firing off Abuse email based on Snort TrafficMatt Howell (May 29)
- RE: Firing off Abuse email based on Snort TrafficDonofrio, Lewis (May 29)
- Re: Firing off Abuse email based on Snort Trafficscheidell (May 30)
Windows vs Linux for Snort Performance?Jonathan Jesse (May 29)
Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)Williams Jon (May 29)
- Re: Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)Bamm Visscher (May 29)
- RE: Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)dave (May 29)
- Re: Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)Brian (May 29)
- Re: Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)Erek Adams (May 29)
- <Possible follow-ups>
- RE: Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)Jonathan Jesse (May 30)
Re: Am I in the right place? (was: Tips for using ACID in a multi-adm in environment)Matt Kettler (May 29)
Is there a bug in "nocase"?Jason Haar (May 29)
SnortCenter ConfigurationRoy S. Rapoport (May 30)
- Re: SnortCenter ConfigurationRoy S. Rapoport (May 30)
  - Re: Re: SnortCenter ConfigurationJoerg Weber (May 30)
    - Re: Re: SnortCenter ConfigurationRoy S. Rapoport (May 30)
- Re: SnortCenter ConfigurationJoerg Weber (May 30)
byte_test:5,<,65537,0,relative,string;Martin Olsson (May 30)
- Re: byte_test:5,<,65537,0,relative,string;Brian (May 30)
is it possible to extend my partition without losing my dbases?Horta, Benny (May 30)
- Re: is it possible to extend my partition without losing my dbases?Guillaume Rix (May 30)
- Re: is it possible to extend my partition without losing my dbases?Erek Adams (May 30)
  - Re: is it possible to extend my partition without losing my dbases?Roy S. Rapoport (May 30)
Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic)bmcdowell (May 30)
- <Possible follow-ups>
- RE: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic)Chris (May 30)
RE: is it possible to extend my partition without losing my dbases?Philip Davidson (May 30)
RE: is it possible to extend my partition without l osing my dbases?L. Christopher Luther (May 30)
Snort 2.0 and SNMP - Plugin errorMike Koponick (May 30)
- Re: Snort 2.0 and SNMP - Plugin errorErek Adams (May 30)
- <Possible follow-ups>
- RE: Snort 2.0 and SNMP - Plugin errorMike Koponick (Jun 01)
RE: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic)Pacheco, Michael F. (May 30)
- Re: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic) OTAllan Dover (Jun 04)
- <Possible follow-ups>
- RE: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic)Jared Ingersoll (Jun 01)
RE: libpcap-2003.05.29 requirement for SnortPaulinVT (May 30)
spp_stream4 Steath activityJohn Hally (May 30)
How to ingnore a specific host(s) ?CGhercoias (May 30)
- Re: How to ingnore a specific host(s) ?Erek Adams (May 30)
- Re: How to ingnore a specific host(s) ?Shawn Duffy (May 30)
  - Re: How to ingnore a specific host(s) ?Edin Dizdarevic (May 30)
- <Possible follow-ups>
- RE: How to ingnore a specific host(s) ?CGhercoias (May 30)
Tagging into the DB and back out againSean Wheeler (May 30)
RE: Tips for using ACID in a mult-admin environment ?Williams Jon (May 30)
Virus Rules Gone?Steve An (May 30)
- Re: Virus Rules Gone?Erek Adams (May 30)
- <Possible follow-ups>
- Virus Rules Gone?Steve An (May 30)
  - Re: Virus Rules Gone?Matt Kettler (May 30)
Noob question on snort.confstorm (May 31)
- RE: Noob question on snort.confMichael Steele (May 31)
- Re: Noob question on snort.confErek Adams (Jun 01)
- Re: Noob question on snort.confJohn Sage (Jun 07)
SnortsamWilcoxen, Scott (May 31)
- Re: SnortsamFrank Knobbe (Jun 01)
bpf filter by interfaceYonah Russ (Jun 01)
- Re: bpf filter by interfaceErek Adams (Jun 01)
cleanning all AlertsJulio Steffen Jr. (Jun 01)
- Re: cleanning all AlertsPatrick S. Harper (Jun 01)
Auto-updation on rule base from internet in SnortCenterAtul Shrivastava (Jun 01)
- <Possible follow-ups>
- Auto-updation on rule base from internet in SnortCenterAtul Shrivastava (Jun 06)
How do keep update my rules in Snort 2.0 over Windows 2000?Javier Romero (Jun 01)
- Re: How do keep update my rules in Snort 2.0 over Windows 2000?Jon Baer (Jun 01)
  - Re: How do keep update my rules in Snort 2.0 over Windows 2000?Erek Adams (Jun 01)
    - RE: How do keep update my rules in Snort 2.0 over Windows 2000?Michael Steele (Jun 02)
    - Re: How do keep update my rules in Snort 2.0 over Windows 2000?Roy S. Rapoport (Jun 02)
    - Re: How do keep update my rules in Snort 2.0 over Windows 2000?Erek Adams (Jun 02)
    - Re: How do keep update my rules in Snort 2.0 over Windows 2000?Roy S. Rapoport (Jun 02)
- <Possible follow-ups>
- Re: How do keep update my rules in Snort 2.0 over Windows 2000?Javier Romero (Jun 03)
Kontiki Download Manager caused NMAP Ping alertsArey, Jeff (Jun 01)
write rule documentation, get a t-shirtBrian (Jun 01)
- Re: [Snort-sigs] write rule documentation, get a t-shirtGiles Coochey (Jun 04)
  - Re: [Snort-sigs] write rule documentation, get a t-shirtBrian (Jun 01)
barnyard config errorGuy Witney Krocker (Jun 01)
- Re: barnyard config errorBamm Visscher (Jun 01)
Ignoring certain hostsstorm (Jun 01)
- Re: Ignoring certain hostsErek Adams (Jun 02)
Snort Config W2KSteven Williams (Jun 01)
- RE: Snort Config W2KMichael Steele (Jun 01)
- <Possible follow-ups>
- RE: Snort Config W2KSteven Williams (Jun 02)
  - RE: Snort Config W2KMichael Steele (Jun 02)
- RE: Snort Config W2KL. Christopher Luther (Jun 02)
Writing rulesPatrice . Arnal (Jun 02)
- <Possible follow-ups>
- Re: Writing rulesMatt Kettler (Jun 02)
Ugh@snortRyan Vennell (Jun 02)
- Re: Ugh@snortShawn Duffy (Jun 02)
Was my host hijacked?Luiz-Otavio Zorzella (Jun 02)
- Re: Was my host hijacked?Matt Kettler (Jun 02)
  - Re: Was my host hijacked?Luiz-Otavio Zorzella (Jun 02)
- <Possible follow-ups>
- Was my host hijacked?zorzella (Jun 04)
session: printable in local.rules logs ALL trafficMcKim, Tim (Jun 02)
Updating Rules Win2K solutionsScot ~~~ (Jun 02)
- Re: Updating Rules Win2K solutionsUeli Kistler (Jun 02)
3 quick questionsstorm (Jun 02)
- <Possible follow-ups>
- 3 quick questionsstorm (Jun 03)
What am I Protecting Against?Roy S. Rapoport (Jun 02)
- Re: What am I Protecting Against?james (Jun 02)
  - Re: What am I Protecting Against?Roy S. Rapoport (Jun 03)
    - Re: What am I Protecting Against?james (Jun 03)
- Re: What am I Protecting Against?Nicholas Bachmann (Jun 04)
- <Possible follow-ups>
- RE: What am I Protecting Against?Wilcoxen, Scott (Jun 02)
RE: [SMISPAM4] RE: Snort Config W2KSteven Williams (Jun 02)
- RE: [SMISPAM4] RE: Snort Config W2KMichael Steele (Jun 02)
Experience with snort-based IDS like PacketAlarm?Eduardo Rodrigue (Jun 03)
- Re: Experience with snort-based IDS like PacketAlarm?Patrick S. Harper (Jun 03)
- <Possible follow-ups>
- Re: Experience with snort-based IDS like PacketAlarm?Miles Carpenter (Jun 05)
Snort On win2k serverHamish McDermid (Jun 03)
- <Possible follow-ups>
- RE: Snort On win2k serverFrancois CONTAT (Jun 03)
- RE: Snort On win2k serverSnow Jacob C KPWA (Jun 03)
Configuring Snort on LANRobert Golovniov (Jun 03)
- <Possible follow-ups>
- Re: Configuring Snort on LANJP Vossen (Jun 03)
Linux DocumentationNick Scheider (Jun 03)
- Re: Linux DocumentationErek Adams (Jun 03)
- <Possible follow-ups>
- RE: Linux DocumentationFrancois CONTAT (Jun 03)
- RE: Linux DocumentationSchmehl, Paul L (Jun 03)
snort will not log to mysqlHans Steinraht (Jun 03)
- Re: snort will not log to mysqlEdin Dizdarevic (Jun 03)
  - Re: snort will not log to mysqlHans Steinraht (Jun 04)
- Re: snort will not log to mysqlBamm Visscher (Jun 04)
  - Re: snort will not log to mysqlHans Steinraht (Jun 05)
- <Possible follow-ups>
- Re: snort will not log to mysqlRon Shuck (Jun 05)
my emailPetrit Podrimja (Jun 03)
PingDavid Alonso De La Vega Tapage (Jun 03)
- Re: PingMatt Kettler (Jun 03)
  - Re: PingDavid Alonso De La Vega Tapage (Jun 04)
snort 2.0 performance evaluationTerence R.T. Liu (Jun 03)
- Re: snort 2.0 performance evaluationJeff Nathan (Jun 03)
- <Possible follow-ups>
- RE: snort 2.0 performance evaluationJames R. Hendrick (Jun 03)
Libpcap packet statisticslarosa, vjay (Jun 03)
SnortSnarf Demo?Tobias Rice (Jun 03)
- Re: SnortSnarf Demo?James Hoagland (Jun 03)
- <Possible follow-ups>
- RE: SnortSnarf Demo?Potts, Ross A. (Jun 04)
[OT] What sites do you use to research IP's?bmcdowell (Jun 03)
- <Possible follow-ups>
- RE: [OT] What sites do you use to research IP's?L. Christopher Luther (Jun 03)
- RE: [OT] What sites do you use to research IP's?bmcdowell (Jun 03)
- RE: [OT] What sites do you use to research IP's?Robert Reid (Jun 03)
Parsing SID fieldTodd A. Jacobs (Jun 03)
- Re: Parsing SID fieldErek Adams (Jun 03)
- Re: Parsing SID fieldErick Mechler (Jun 03)
- Re: Parsing SID fieldBrian (Jun 03)
- Re: Parsing SID fieldJeff Nathan (Jun 03)
- <Possible follow-ups>
- RE: Parsing SID fieldTinsley Paul (Jun 03)
RE: [SMISPAM4] RE: [SMISPAM4] RE: Snort Config W2KSteven Williams (Jun 03)
- <Possible follow-ups>
- RE: [SMISPAM4] RE: [SMISPAM4] RE: Snort Config W2KSteven Williams (Jun 04)
Topology and placement questionJF (Jun 03)
ACID / PHP / MYSQL -- help!Jon Paterson (Jun 04)
- Re: ACID / PHP / MYSQL -- help!Simon Gray (Jun 04)
- Re: ACID / PHP / MYSQL -- help!Jon Baer (Jun 04)
- RE: ACID / PHP / MYSQL -- help!Faiz Ahmad Shuja (Jun 04)
- <Possible follow-ups>
- RE: ACID / PHP / MYSQL -- help!Mike Koponick (Jun 05)
Re: Foreign Attacks (was Re: Firing off Abuse email based on Snort Traffic) OTAllan Dover (Jun 04)
FW: MySQL errorChris (Jun 04)
- RE: FW: MySQL errorFaiz Ahmad Shuja (Jun 04)
- <Possible follow-ups>
- MySQL errorRomano, Chris (Jun 05)
SCAN UPnP service discover attemptMark Williamson (Jun 04)
- RE: SCAN UPnP service discover attemptThomas T. Evans, III (Jun 04)
  - Re: SCAN UPnP service discover attemptMark Williamson (Jun 04)
- Re: SCAN UPnP service discover attemptJoerg Weber (Jun 04)
- <Possible follow-ups>
- RE: SCAN UPnP service discover attemptBruyere, Michel (Jun 04)
  - Re: SCAN UPnP service discover attemptMark Williamson (Jun 04)
  - Re: SCAN UPnP service discover attemptMark Williamson (Jun 04)
- RE: SCAN UPnP service discover attemptSchmehl, Paul L (Jun 04)
- RE: SCAN UPnP service discover attemptbmcdowell (Jun 04)
- RE: SCAN UPnP service discover attemptGarrett . Allen (Jun 04)
UnPlug n PrayMark Williamson (Jun 04)
question on distributed snort collectionGarrett . Allen (Jun 04)
- Re: question on distributed snort collectionBamm Visscher (Jun 04)
- <Possible follow-ups>
- RE: question on distributed snort collectionWilliams Jon (Jun 04)
IFACE -i any problemMarcus Robb (Jun 04)
- Re: IFACE -i any problemEdin Dizdarevic (Jun 04)
- Re: IFACE -i any problemEdin Dizdarevic (Jun 04)
Scan dedected as WEB-MISC whisker tab splice attackDarrin Powell (Jun 04)
Installation questionTim Slininger (Jun 04)
- <Possible follow-ups>
- RE: Installation questionFrancois CONTAT (Jun 05)
No detail or contents in acid and barnyardRussell Fulton (Jun 04)
- Re: No detail or contents in acid and barnyardBamm Visscher (Jun 05)
- <Possible follow-ups>
- RE: No detail or contents in acid and barnyardNelson, Ben (Jun 05)
snort not start at bootStepanishev Roman (Jun 05)
- Re: snort not start at bootRoman Stepanishev (Jun 05)
- <Possible follow-ups>
- RE: snort not start at bootSchmehl, Paul L (Jun 05)
Gigabit NIC's and snort hardware required??Zach Forsyth (Jun 05)
- Re: Gigabit NIC's and snort hardware required??Roy S. Rapoport (Jun 05)
- Re: Gigabit NIC's and snort hardware required??Bennett Todd (Jun 05)
- <Possible follow-ups>
- RE: Gigabit NIC's and snort hardware required??Zach Forsyth (Jun 05)
  - Re: Gigabit NIC's and snort hardware required??Bennett Todd (Jun 06)
- RE: Gigabit NIC's and snort hardware required??Zach Forsyth (Jun 09)
barnyard with postgres compile problemJochen Vogel (Jun 05)
- Re: barnyard with postgres compile problemEdin Dizdarevic (Jun 05)
- Re: barnyard with postgres compile problemBamm Visscher (Jun 05)
Rules not working?Erik Tank (Jun 05)
- Re: Rules not working?Joerg Weber (Jun 05)
- Re: Rules not working?Matt Kettler (Jun 05)
AW: barnyard with postgres compile problemJochen Vogel (Jun 05)
- Re: AW: barnyard with postgres compile problemEdin Dizdarevic (Jun 05)
Acid problemChris (Jun 05)
- <Possible follow-ups>
- Re: Acid problemguillaume rix - Sun Microsystems - Velizy France (Jun 05)
- RE: Acid problemChris (Jun 05)
  - Re: Acid problempayothlh (Jun 05)
- FW: RE: Acid problemChris (Jun 05)
- RE: Acid problemRomano, Chris (Jun 06)
Connecting through SnortcenterRyan Koster (Jun 05)
- Re: Connecting through SnortcenterRoy S. Rapoport (Jun 05)
UPnP service discover attemptMark Williamson (Jun 05)
- <Possible follow-ups>
- RE: UPnP service discover attemptbmcdowell (Jun 05)
- RE: UPnP service discover attemptDavid Beeson (Jun 05)
- RE: UPnP service discover attemptDavid Beeson (Jun 06)
- RE: UPnP service discover attemptDavid Beeson (Jun 06)
SignaturesVuppala, Vijaybhasker (EM, GECIS) (Jun 05)
- Re: SignaturesMichael Boman (Jun 05)
Re: Snort-users digest, Vol 1 #3238 - 10 msgsdjmurd (Jun 05)
ACID Updates + DevelopmentJon Baer (Jun 05)
Newbie question (sorta): implementing a replacement SNORT boxGreg Webster (Jun 05)
802.1q MonitoringRon Shuck (Jun 05)
- Re: 802.1q MonitoringBennett Todd (Jun 06)
  - Re: 802.1q MonitoringChris Green (Jun 06)
    - Re: 802.1q MonitoringJeff Nathan (Jun 06)
- Re: 802.1q MonitoringJeff Nathan (Jun 06)
- <Possible follow-ups>
- RE: 802.1q MonitoringRon Shuck (Jun 06)
  - Re: 802.1q MonitoringChris Green (Jun 06)
Using ACID to view OpenBSD's pf logsJyri Hovila (Jun 05)
snort hosted on server vs. a tap on networkTom Fulton (Jun 05)
- Re: snort hosted on server vs. a tap on networkRoy S. Rapoport (Jun 06)
  - RE: snort hosted on server vs. a tap on networkTom Fulton (Jun 06)
SMB login FailureAndy Wood (Jun 05)
- <Possible follow-ups>
- RE: SMB login FailureHorta, Benny (Jun 09)
undefined reference uncompress in libmysqlclientRobert Kane (Jun 05)
ACID updates + developementJon Baer (Jun 06)
- Re: ACID updates + developementSimon Gray (Jun 06)
Web Cgi finger questionRyan Sebastian (Jun 06)
- Re: Web Cgi finger questionSnortman (Jun 06)
  - RE: Web Cgi finger questionRyan Sebastian (Jun 09)
- <Possible follow-ups>
- RE: Web Cgi finger questionadam.w.hogan (Jun 06)
Timestamp QuestionSh J (Jun 06)
- Re: Timestamp QuestionAnthony Kim (Jun 06)
stupid questionChris (Jun 06)
- Re: stupid questionJohn Sage (Jun 07)
  - Re: stupid questionjames (Jun 07)
  - Re: stupid questionJeff Nathan (Jun 08)
- <Possible follow-ups>
- RE: stupid questionChris (Jun 09)
Snort drops packets!Vögeli Urs, voegeurs (Jun 06)
- Re: Snort drops packets!Edin Dizdarevic (Jun 06)
Fiber taps?Sven Fichtner (Jun 06)
- Re: Fiber taps?Bennett Todd (Jun 06)
- <Possible follow-ups>
- RE: Fiber taps?larosa, vjay (Jun 06)
ATTACK-RESPONSES id check returned useridCharles Douvier (Jun 06)
- Re: ATTACK-RESPONSES id check returned useridEdin Dizdarevic (Jun 06)
- <Possible follow-ups>
- ATTACK-RESPONSES id check returned useridRoelf Schreurs (Jun 17)
- RE: ATTACK-RESPONSES id check returned useridHudak, Tyler (Jun 17)
[snort] ATTACK-RESPONSES id check returned userid (cont.)Charles Douvier (Jun 06)
W32.Bugbear.B@mm signatureCGhercoias (Jun 06)
Eric Van den Bossche is out of the office.Eric Van den Bossche (Jun 06)
Re: [OT] Eric Van den Bossche is out of the office.Matt Kettler (Jun 06)
- Re: [OT] Eric Van den Bossche is out of the office.Edin Dizdarevic (Jun 06)
Snort on separate machine stealth interfacePaolo Meridiani (Jun 06)
Snort alerts caused by possible legit traffic?NismoSkyline (Jun 07)
- Re: Snort alerts caused by possible legit traffic?John Sage (Jun 07)
SnortCenter Mandrake 9.1Steve Rector (Jun 07)
ACID Problem (page not found...)Uso (Jun 07)
- Re: ACID Problem (page not found...)Jon Baer (Jun 07)
ACID features + developmentJon Baer (Jun 07)
Is this guy really on the list?John Sage (Jun 07)
- Re: Is this guy really on the list?NismoSkyline (Jun 07)
  - Re: [OT] Is this guy really on the list?Matt Kettler (Jun 08)
    - Re: [OT] Is this guy really on the list?Andrew R. Baker (Jun 09)
    - Re: [OT] Is this guy really on the list?John Sage (Jun 09)
    - Re: [OT] Is this guy really on the list?Robert Kane (Jun 10)
    - Re: [OT] Is this guy really on the list?Matt Kettler (Jun 10)
    - Re: [OT] Is this guy really on the list?NismoSkyline (Jun 10)
    - Re: [OT] Is this guy really on the list?Robert Kane (Jun 11)
    - Message not available
    - Problems installing SNORTRobert Kane (Jun 11)
    - Re: Problems installing SNORTRoy S. Rapoport (Jun 11)
SnortWatch. Any docs with detailed installation?NismoSkyline (Jun 08)
some commented rules default?sb ch (Jun 08)
- Re: some commented rules default?John Sage (Jun 08)
Problems with Acid and MySQLedward . hawkins (Jun 09)
- Re: Problems with Acid and MySQLJon Baer (Jun 09)
AlertsVuppala, Vijaybhasker (EM, GECIS) (Jun 09)
Problems with Snort and MySQL on FreeBSD 5Joo Carlos Couto (Jun 09)
- <Possible follow-ups>
- RE: Problems with Snort and MySQL on FreeBSD 5Schmehl, Paul L (Jun 09)
- RE: Problems with Snort and MySQL on FreeBSD 5Joo Carlos Couto (Jun 09)
  - RE: Problems with Snort and MySQL on FreeBSD 5twig les (Jun 09)
- RE: Problems with Snort and MySQL on FreeBSD 5Joo Carlos Couto (Jun 09)
how to uninsallGaurav Kumar (Jun 09)
- Re: how to uninsallJohn Sage (Jun 09)
  - Message not available
    - Re: how to uninsallJohn Sage (Jun 09)
Oinkmaster questionsPhilip Davidson (Jun 09)
- Re: [Snort-sigs] Oinkmaster questionsRussell Fulton (Jun 09)
  - Re: Re: [Snort-sigs] Oinkmaster questionsAnthony Kim (Jun 09)
- <Possible follow-ups>
- RE: Oinkmaster questionsSchmehl, Paul L (Jun 09)
NYC Snort users group?Jon Baer (Jun 09)
- <Possible follow-ups>
- RE: NYC Snort users group?Keith Pachulski (Jun 09)
  - RE: NYC Snort users group?Clarke (Jun 10)
  - Re: NYC Snort users group? www.nycsnort.orgJon Baer (Jun 10)
ACID And MYSQLJohn Ceballos-contr (Jun 09)
- <Possible follow-ups>
- RE: ACID And MYSQLSchmehl, Paul L (Jun 09)
- RE: ACID And MYSQLJohn Ceballos-contr (Jun 09)
- RE: ACID And MYSQLSchmehl, Paul L (Jun 09)
- RE: ACID And MYSQLJohn Ceballos-contr (Jun 13)
- RE: ACID And MYSQLSchmehl, Paul L (Jun 13)
- RE: ACID And MYSQLJohn Ceballos-contr (Jun 13)
unsubscribe zeroone () wel com김영일 (Jun 09)
Notes regarding success with snort 2.0 on low end hardwareMatt Kettler (Jun 09)
- <Possible follow-ups>
- RE: Notes regarding success with snort 2.0 on low end hardwarePetriz, Pablo (Jun 17)
  - RE: Notes regarding success with snort 2.0 on low end hardwareMatt Kettler (Jun 17)
- RE: Notes regarding success with snort 2.0 on low end hardwarePetriz, Pablo (Jun 17)
Starting Snort sgent based Snort at boot timeMahdi Kefayati (Jun 09)
firewall rules modification based on snort logsGaurav Kumar (Jun 10)
- Re: firewall rules modification based on snort logsMatt Kettler (Jun 10)
  - Re: firewall rules modification based on snort logsFrank Knobbe (Jun 10)
    - many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt'Ciprian Badescu (Jun 11)
    - Re: firewall rules modification based on snort logsMatt Kettler (Jun 11)
- <Possible follow-ups>
- RE: firewall rules modification based on snort logsJohn Hally (Jun 10)
AW: firewall rules modification based on snort logsPoppi, Sandro (Jun 10)
installation issuesChris Lewis (Jun 10)
- Re: installation issuesRoy S. Rapoport (Jun 10)
RE: Re: [Snort-sigs] Oinkmaster questionsPhilip Davidson (Jun 10)
- Re: Re: [Snort-sigs] Oinkmaster questionsAndreas Östling (Jun 11)
  - Re: Re: [Snort-sigs] Oinkmaster questionsAnthony Kim (Jun 11)
whats coming after snort 2.0 any ideas?Horta, Benny (Jun 10)
ACID installation woesJim Overholser (Jun 10)
- RE: ACID installation woesMichael Steele (Jun 11)
variable questionMike Ellis (Jun 10)
- Re: variable questionMatt Kettler (Jun 10)
Regarding web-iis rule NOT triggeringAshley Thomas (Jun 10)
Writing a Rule, need helpDon Cook (Jun 10)
Portscan -> Tag ?Sven Bolt (Jun 10)
snort 2.0.0 rulesmsmythe (Jun 10)
- Re: snort 2.0.0 rulesMatt Kettler (Jun 10)
  - snort 2.0.0 rulesmsmythe (Jun 11)
    - Re: snort 2.0.0 rulesMatt Kettler (Jun 11)
How do people generally trigger alerts?Jason Haar (Jun 10)
ACID question 2Esler, Joel Contractor (Jun 11)
- Re: ACID question 2Simon Gray (Jun 11)
- Re: ACID question 2Ciprian Badescu (Jun 11)
- Re: ACID question 2Joerg Weber (Jun 11)
- Re: ACID question 2Guillaume Rix (Jun 12)
- <Possible follow-ups>
- RE: ACID question 2Esler, Joel Contractor (Jun 11)
  - Re: ACID question 2Roy S. Rapoport (Jun 11)
AW: ACIDPoppi, Sandro (Jun 11)
bad IP trafficoperator (Jun 11)
- <Possible follow-ups>
- Re: bad IP trafficMatt Kettler (Jun 20)
[EXCHANGE-SA () nrtc org: ScanMail Message: To Sender Match eManager setting and take actio n.]Roy S. Rapoport (Jun 11)
Barnyard Config Error - Possible Answertforeman (Jun 11)
Barnyard run problemstforeman (Jun 11)
- Re: Barnyard run problemsErek Adams (Jun 11)
- <Possible follow-ups>
- RE: Barnyard run problemsSRH-Lists (Jun 11)
  - RE: Barnyard run problemsErek Adams (Jun 11)
- RE: Barnyard run problemstforeman (Jun 11)
RE: many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt'Everist, Benjamin S. (NASWI) (Jun 11)
re: Pass rule questionlindsay . hunt (Jun 11)
- <Possible follow-ups>
- RE: re: Pass rule questionadam.w.hogan (Jun 11)
- re: pass rule questionlindsay . hunt (Jun 12)
- re: Pass Rule questionlindsay . hunt (Jun 12)
  - Re: re: Pass Rule questionKenneth G. Arnold (Jun 12)
  - Re: re: Pass Rule questionErek Adams (Jun 13)
    - Re: re: Pass Rule questionCiprian Badescu (Jun 27)
    - Re: re: Pass Rule questionErek Adams (Jun 27)
    - Re: re: Pass Rule questionCiprian Badescu (Jun 29)
Riddle me this.larosa, vjay (Jun 11)
ACID - No Alerts found.....sometimesScott O. (Jun 11)
- Re: ACID - No Alerts found.....sometimesJoerg Weber (Jun 12)
errors running ACID in a Win2K configurationFrancesco (Jun 11)
- RE: errors running ACID in a Win2K configurationMichael Steele (Jun 11)
Snort snmp pluginLee Nelson Civ AFRL/IFGA (Jun 11)
error meantmsmythe (Jun 11)
- Re: error meantMatt Kettler (Jun 11)
- <Possible follow-ups>
- error meantmsmythe (Jun 11)
- Re: error meantmsmythe (Jun 11)
  - Re: error meantMatt Kettler (Jun 11)
RE: [OT] Is this guy really on the list?Schmehl, Paul L (Jun 11)
Snort 2.0.0, OpenBSD3.3, Netgear EN104TPGus Faulk (Jun 11)
- Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TPMatt Kettler (Jun 11)
  - Re: Snort 2.0.0, OpenBSD3.3, Netgear EN104TPGus Faulk (Jun 12)
Snort statistics - packet dropsZach Forsyth (Jun 11)
- Re: Snort statistics - packet dropsMartin Olsson (Jun 16)
- <Possible follow-ups>
- Re: Snort statistics - packet dropsMatt Kettler (Jun 12)
- RE: Snort statistics - packet dropsJaya Shankar (Jun 19)
  - RE: Snort statistics - packet dropsErek Adams (Jun 19)
ACID, Barnyard, Snort install guideChris Paul (Jun 12)
Snort doen't write to mysqlkaihansen (Jun 12)
- Message not available
  - Re: Snort doen't write to mysqlkaihansen (Jun 12)
    - Message not available
    - Re: Snort doen't write to mysqlDaniele Gallarato (Jun 12)
Cached Rule Files?Grime, Richard S (Jun 12)
MysqlEsler, Joel Contractor (Jun 12)
- Re: MysqlRoy S. Rapoport (Jun 12)
- <Possible follow-ups>
- RE: MysqlLaRose, Dallas (Jun 12)
- RE: MysqlEsler, Joel Contractor (Jun 12)
  - RE: MysqlErek Adams (Jun 13)
How to lock down a RedHat box running Snort?Walzer, Jeff (Jun 12)
- Re: How to lock down a RedHat box running Snort?Mark Ehle (Jun 12)
- Re: How to lock down a RedHat box running Snort?Paul Gillingwater (Jun 12)
  - Re: How to lock down a RedHat box running Snort?Jason Boykin (Jun 12)
    - Re: How to lock down a RedHat box running Snort?Anthony Kim (Jun 12)
    - Re: Sourcefire (was Locking down Redhat)Paul Gillingwater (Jun 12)
  - Re: How to lock down a RedHat box running Snort?Roy S. Rapoport (Jun 12)
- <Possible follow-ups>
- RE: How to lock down a RedHat box running Snort?SRH-Lists (Jun 12)
- RE: How to lock down a RedHat box running Snort?Everist, Benjamin S. (NASWI) (Jun 12)
Port mirroring on 3com switchPetriz, Pablo (Jun 12)
- Re: Port mirroring on 3com switchCarlos Felix (Jun 12)
- Re: Port mirroring on 3com switchErek Adams (Jun 13)
  - Re: Port mirroring on 3com switchDaniel A. Melo (Jun 13)
- <Possible follow-ups>
- RE: Port mirroring on 3com switchJose Fernandes (IT) (Jun 12)
Question about rule 733Luke Randall (Jun 12)
SNMP plug-in problems (repost)Lee Nelson Civ AFRL/IFGA (Jun 12)
sourcefire RNALuo, Philip (Jun 12)
- Re: sourcefire RNAMartin Roesch (Jun 14)
Ignored x duplicate alerts (ACID, MySQL, Snort)Ron Shuck (Jun 12)
Output pluginmsmythe (Jun 12)
JPGRAPH/ACID/$ChartLib_path ????Tim (Jun 12)
- RE: JPGRAPH/ACID/$ChartLib_path ????D@7@K|N& (Jun 12)
  - Re: JPGRAPH/ACID/$ChartLib_path ????Roy S. Rapoport (Jun 12)
- RE: JPGRAPH/ACID/$ChartLib_path ????Michael Steele (Jun 12)
  - IP queries on multiple pages with ACIDCiprian Badescu (Jun 13)
- Re: JPGRAPH/ACID/$ChartLib_path ????Michael Moore (Jun 13)
Easy questionJohn Deagan (Jun 12)
- Re: Easy questionJoerg Weber (Jun 13)
- <Possible follow-ups>
- RE: Easy questionHutchinson, Andrew (Jun 13)
Promiscious mode + Win2kdarniot benjamin (Jun 13)
- Re: Promiscious mode + Win2kErek Adams (Jun 13)
- RE: Promiscious mode + Win2kMichael Steele (Jun 13)
smb alerts problemGaurav Kumar (Jun 13)
- Re: smb alerts problemJoerg Weber (Jun 13)
- Re: smb alerts problemK Anderson (Jun 13)
RE: errors running ACID in a Win2K configuration - A follow upFrancesco (Jun 13)
- <Possible follow-ups>
- RE: errors running ACID in a Win2K configuration - A follow upfrancesco (Jun 17)
ACID Update Whois Cache ProblemBrian Blake (Jun 13)
Re: Snort-users digest, Vol 1 #3257 - 5 msgsDon Cook (Jun 13)
Fwd: Snort 1.9.1 error that runs on AIX 4.3Richard Powell (Jun 13)
Capturing incoming packets?guano (Jun 13)
- Re: Capturing incoming packets?Erek Adams (Jun 13)
  - Re: Capturing incoming packets?guano (Jun 13)
    - Re: Capturing incoming packets?Erek Adams (Jun 14)
    - Re: Capturing incoming packets?guano (Jun 14)
    - Re: Capturing incoming packets?Erek Adams (Jun 16)
New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Allyn Baskerville (Jun 13)
- RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Michael Steele (Jun 14)
  - RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Allyn Baskerville (Jun 14)
    - RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Michael Steele (Jun 14)
  - RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Allyn Baskerville (Jun 14)
    - RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Allyn Baskerville (Jun 14)
    - RE: New Installation - Problem with No Alerts with Snort, MySQL, SnortCenter and ACID on Redhat 9.0Michael Steele (Jun 14)
Nothing Logged into mysqlRohit (Jun 14)
- <Possible follow-ups>
- RE: Nothing Logged into mysqlEsler, Joel Contractor (Jun 14)
  - Re: Nothing Logged into mysqlRohit (Jun 14)
- RE: Nothing Logged into mysqlEsler, Joel Contractor (Jun 14)
  - Re: Nothing Logged into mysqlRohit (Jun 14)
statically compileJeremy Hefner (Jun 14)
Acid/PHP/MySQL/Apache working ... But one more questionEsler, Joel Contractor (Jun 14)
- RE: Acid/PHP/MySQL/Apache working ... But one more questionMichael Steele (Jun 14)
Action stats: Logged 0 Alerts 0Rohit (Jun 14)
- Re: Action stats: Logged 0 Alerts 0David Alonso De La Vega Tapage (Jun 16)
snort not sending alertsGaurav Kumar (Jun 14)
RE: Acid/PHP/MySQL/Apache working ... But one more questionEsler, Joel Contractor (Jun 14)
snort not sending alerts to windows worstationsGaurav Kumar (Jun 15)
- Re: snort not sending alerts to windows worstationsK Anderson (Jun 15)
Any Commercial Snorts besides Demarc?Uso (Jun 15)
- Re: Any Commercial Snorts besides Demarc?Angela Dickinson (Jun 15)
  - RE: Any Commercial Snorts besides Demarc?Michael Steele (Jun 15)
how to disable "Short UDP packet, length field" alert?sb ch (Jun 15)
- Re: how to disable "Short UDP packet, length field" alert?Erek Adams (Jun 16)
ACID_DB_SETUP questionChris Wong (Jun 15)
Demarc: Snort binary does not exist or is not executable at specified locationUso (Jun 15)
ACID --with-gdJan van den Berg (Jun 15)
SnortCenter and the Snort2.0 fixesJoerg Weber (Jun 16)
- Re: SnortCenter and the Snort2.0 fixesDaniel A. Melo (Jun 17)
  - Re: SnortCenter and the Snort2.0 fixesBrian (Jun 17)
  - Re: SnortCenter and the Snort2.0 fixesMichael (Jun 18)
    - Re: SnortCenter and the Snort2.0 fixesRoy S. Rapoport (Jun 18)
Hogwash Redhat 7.3Gordon McDowall (Jun 16)
ANNOUNCEMENT: Eagle X v2.0 available on http://www.engagesecurity.comUeli Kistler (Jun 16)
- Eagle X v2.0cristal_ball (Jun 17)
  - Re: Eagle X v2.0Ueli Kistler (Jun 17)
    - performance concernFrancisco Morosini (Jun 17)
    - Re: performance concernErek Adams (Jun 17)
    - Re: performance concernMatt Kettler (Jun 17)
- Questions about Eagle X v2.0LucAdmin (Jun 19)
ANNOUNCEMENT: IDScenter 1.1 RC3 released on www.engagesecurity.comUeli Kistler (Jun 16)
TapsPPowenski (Jun 16)
AW: TapsPoppi, Sandro (Jun 16)
- Re: TapsBennett Todd (Jun 16)
Re: Snort-users digest, Vol 1 #3266 - 11 msgs (Out Of Office)Joseph Koval (Jun 16)
variable problemBrian Hughes (Jun 16)
- Re: variable problemErek Adams (Jun 16)
  - RE: variable problemJim Cervantes (Jun 16)
    - RE: variable problemErek Adams (Jun 17)
  - Re: variable problemMatt Kettler (Jun 17)
- <Possible follow-ups>
- RE: variable problemadam.w.hogan (Jun 16)
- RE: variable problemBrian Hughes (Jun 17)
Help with Config IdeaFerguson, Michael (Jun 16)
File size limit exceededJoecat28 (Jun 16)
- <Possible follow-ups>
- File size limit exceededJoecat28 (Jun 17)
  - Re: File size limit exceededMathias Gygax (Jun 17)
  - Re: File size limit exceededErek Adams (Jun 17)
- File Size Limit ExceededMatt Geiger (Jun 24)
  - Re: File Size Limit ExceededErek Adams (Jun 24)
    - FAQ entryRich Adamson (Jun 24)
statistics that Snort can doFrancesco (Jun 16)
- Re: statistics that Snort can doBrian (Jun 16)
- Re: statistics that Snort can doErek Adams (Jun 16)
- <Possible follow-ups>
- RE: statistics that Snort can doKreimendahl, Chad J (Jun 16)
  - Re: statistics that Snort can doTerence Runge (Jun 17)
[OT] RE: Re: Snort-users digest, Vol 1 #3266 - 11 msgs (Out Of Office)Everist, Benjamin S. (NASWI) (Jun 16)
ACID Duplicate entry error??Jon Paterson (Jun 16)
Question about "SCAN SOCKS Proxy attempt" alert .Chris Wong (Jun 16)
- RE: Question about "SCAN SOCKS Proxy attempt" alert .Michael Steele (Jun 16)
leftover unified output files/barnyard operationChris Paul (Jun 17)
unified loggingJochen Vogel (Jun 17)
PHP Installation problemVuppala, Vijaybhasker (EM, GECIS) (Jun 17)
- Re: PHP Installation problemMuenz, Michael (Jun 17)
- Re: PHP Installation problemDavid Alonso De La Vega Tapage (Jun 17)
- <Possible follow-ups>
- RE: PHP Installation problemEsler, Joel Contractor (Jun 17)
Sorry for such question, but ...magre (Jun 17)
- Re: Sorry for such question, but ...Erek Adams (Jun 17)
Database compatibilityVuppala, Vijaybhasker (EM, GECIS) (Jun 17)
- Re: Database compatibilityErek Adams (Jun 17)
- <Possible follow-ups>
- RE: Database compatibilitySchmehl, Paul L (Jun 17)
Combining NIC interfaces on FreeBSDRichard Bejtlich (Jun 17)
I have a problem...Tommy (Jun 17)
Clearing the snort databaseMichael . Mulholland (Jun 17)
- <Possible follow-ups>
- RE: Clearing the snort databaseSchmehl, Paul L (Jun 17)
- RE: Clearing the snort databaseLaRose, Dallas (Jun 17)
- RE: Clearing the snort databasePPowenski (Jun 19)
DDoS?? almost 40k 'TCP Data Offset is less than 5!' alerts in 30 minslpj0508 (Jun 17)
New Feature based on MAC address filterig (Possible !!!!!)Atul Shrivastava (Jun 17)
- Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)Frank Knobbe (Jun 16)
  - Re: Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)David Alonso De La Vega Tapage (Jun 17)
- Re: [Snort-devel] New Feature based on MAC address filterig (Possible !!!!!)Michael Boman (Jun 16)
Cleveland, Ohio Area Snort User's Groupbillford (Jun 17)
Making Snort Rules More "Sensitive"Rich Lichvar (Jun 17)
- Re: Making Snort Rules More "Sensitive"Erek Adams (Jun 17)
  - RE: Making Snort Rules More "Sensitive"D@7@K|N& (Jun 17)
- RE: Making Snort Rules More "Sensitive"D@7@K|N& (Jun 17)
- <Possible follow-ups>
- RE: Making Snort Rules More "Sensitive"L. Christopher Luther (Jun 17)
Default configuration on Win32 .. Not detecting SubSeven?Mark G. Spencer (Jun 17)
Depth and multi content rule help.larosa, vjay (Jun 17)
- Re: [Snort-sigs] Depth and multi content rule help.Chris Green (Jun 18)
RE: [Snort-sigs] Depth and multi content rule help.SRH-Lists (Jun 17)
- <Possible follow-ups>
- RE: [Snort-sigs] Depth and multi content rule help.Steve Halligan (Jun 19)
snort-2.0.0 fails to startRick Waegner (Jun 17)
- Re: snort-2.0.0 fails to startRoy S. Rapoport (Jun 17)
Alerts not showing up in ACIDNick Scheider (Jun 17)
- RE: Alerts not showing up in ACIDMark Wills (Jun 19)
spp_stream4 Stealth Activity detectJohn Hally (Jun 17)
- <Possible follow-ups>
- RE: spp_stream4 Stealth Activity detectEsler, Joel Contractor (Jun 17)
Best HP-UX 11.0 ANSI C compile options?Ray Randolph (Jun 17)
SUMMARY: snort-2.0.0 fails to startRick Waegner (Jun 17)
Snort-2.0 "buglet"? Wrong error on out-of-memory errorJason Haar (Jun 17)
Cross-device link ??Schmehl, Paul L (Jun 17)
- Re: Cross-device link ??Andreas Östling (Jun 17)
Total Cost of Ownership for Snort Implementation?Nicholas Brawn (Jun 17)
- Re: Total Cost of Ownership for Snort Implementation?Bennett Todd (Jun 18)
  - Re: Total Cost of Ownership for Snort Implementation?Derek Glidden (Jun 18)
    - Re: Total Cost of Ownership for Snort Implementation?twig les (Jun 18)
WinSnort: Packets Statistics not showingUso (Jun 18)
Rules optimizationVuppala, Vijaybhasker (EM, GECIS) (Jun 18)
- Re: Rules optimizationErek Adams (Jun 18)
  - AW: Rules optimizationSean Wheeler (Jun 19)
- <Possible follow-ups>
- Re: Rules optimizationMatt Kettler (Jun 18)
- RE: Rules optimizationVuppala, Vijaybhasker (EM, GECIS) (Jun 20)
  - RE: Rules optimizationErek Adams (Jun 20)
snort_inline rule problemGordon McDowall (Jun 18)
- <Possible follow-ups>
- RE: snort_inline rule problemGordon McDowall (Jun 18)
install 2.0.0Julien VARLET (Jun 18)
- Re: install 2.0.0Roy S. Rapoport (Jun 18)
Portscan2 PreprocessorRodney Green (Jun 18)
- <Possible follow-ups>
- RE: Portscan2 PreprocessorEsler, Joel Contractor (Jun 18)
  - Re: Portscan2 PreprocessorRodney Green (Jun 18)
Questions on sourceJohn Deagan (Jun 18)
Snort with three interfaces attached to diferent network segmentartiman (Jun 18)
- RE: Snort with three interfaces attached to diferent network segmentMike Feetham (Jun 18)
- Re: Snort with three interfaces attached to diferent network segmentErek Adams (Jun 18)
- Re: Snort with three interfaces attached to diferent network segmentBennett Todd (Jun 18)
- Re: Snort with three interfaces attached to diferentnetwork segmentCraig Paterson (Jun 18)
offset help.larosa, vjay (Jun 18)
- <Possible follow-ups>
- RE: offset help.larosa, vjay (Jun 19)
  - RE: offset help.Ciprian Badescu (Jun 19)
- RE: offset help.larosa, vjay (Jun 19)
Problems with AICD seeing SensorsAllyn Baskerville (Jun 18)
snort processesDerya Sezen (Jun 18)
- Re: snort processesMatt Kettler (Jun 18)
  - Re: snort processesDerya Sezen (Jun 19)
- Re: snort processesErek Adams (Jun 19)
- <Possible follow-ups>
- RE: snort processesEsler, Joel Contractor (Jun 19)
snort 2.0.0 logging problem?sb ch (Jun 18)
- Re: snort 2.0.0 logging problem?Erek Adams (Jun 19)
- <Possible follow-ups>
- Re: snort 2.0.0 logging problem?sb ch (Jun 19)
  - Re: snort 2.0.0 logging problem?Erek Adams (Jun 20)
slowRodney Green (Jun 18)
- Re: slowChris Green (Jun 19)
  - Re: slowMatt Kettler (Jun 19)
    - Re: slowRodney Green (Jun 19)
    - Re: slowMatt Kettler (Jun 19)
    - Re: slowRodney Green (Jun 19)
    - Re: slowRoy S. Rapoport (Jun 19)
    - Re: slowRoy S. Rapoport (Jun 19)
    - Re: slowRodney Green (Jun 19)
    - Re: slowRoy S. Rapoport (Jun 19)
    - Re: slowtwig les (Jun 19)
    - RE: slowPaul D. Shaffer (Jun 19)
    - Re: slowRoy S. Rapoport (Jun 19)
    - Re: slowJeff Nathan (Jun 23)
    - snortcenter + postgres?Jason Boykin (Jun 23)
eth0 interface does not log? anyone?hallian hallian (Jun 18)
- Re: eth0 interface does not log? anyone?Erek Adams (Jun 19)
Re: eth0 interface does not log? anyone? (fwd)Ciprian Badescu (Jun 19)
snortsam and debianHans Steinraht (Jun 19)
- Re: snortsam and debianErek Adams (Jun 19)
Sylog-ng _and_ Mysql with Snort 2.0.0Thomas Bechtold (Jun 19)
- Re: Sylog-ng _and_ Mysql with Snort 2.0.0Erek Adams (Jun 19)
- <Possible follow-ups>
- Re: Sylog-ng _and_ Mysql with Snort 2.0.0Thomas Bechtold (Jun 19)
ACID/mysql/snort installD@7@K|N& (Jun 19)
- Re: ACID/mysql/snort installErek Adams (Jun 19)
- Re: ACID/mysql/snort installlist (Jun 19)
- Re: ACID/mysql/snort installRodney Green (Jun 19)
- <Possible follow-ups>
- RE: ACID/mysql/snort installEsler, Joel Contractor (Jun 19)
- RE: ACID/mysql/snort installFrancois CONTAT (Jun 19)
  - Re: ACID/mysql/snort installGuillaume Rix (Jun 19)
- RE: ACID/mysql/snort installDean Davis (Jun 19)
log to utf8Chuong Dao (Jun 19)
[no subject]Juergen Anthamatten (Jun 19)
IDScenter 1.1 RC3 updateUeli Kistler (Jun 19)
stream4 - simple experimentCHARLES ASMUTH (Jun 19)
- Re: stream4 - simple experimentMatt Kettler (Jun 19)
a problem installing winPcapguhu bindaas (Jun 19)
- RE: a problem installing winPcapdave (Jun 19)
Snort Users Yahoo GroupRodney Green (Jun 19)
- Message not available
  - Re: Snort Users Yahoo GroupRodney Green (Jun 19)
    - Re: Snort Users Yahoo GroupChris Mann (Jun 19)
    - Re: Snort Users Yahoo GroupMichael Anderson (Jun 19)
- Re: Snort Users Yahoo GroupBrian (Jun 19)
  - Re: Snort Users Yahoo GroupRodney Green (Jun 19)
    - Re: Snort Users Yahoo GroupBrian (Jun 19)
    - Re: Snort Users Yahoo Grouppayothlh (Jun 19)
    - Re: Snort Users Yahoo GroupMatt Kettler (Jun 19)
    - Re: Snort Users Yahoo GroupRoy S. Rapoport (Jun 19)
    - Re: Snort Users Yahoo GroupJeff Nathan (Jun 20)
    - Re: Snort Users Yahoo GroupRoy S. Rapoport (Jun 21)
    - Re: Snort Users Yahoo GroupJeff Nathan (Jun 22)
    - Re: Snort Users Yahoo GroupJeff Nathan (Jun 22)
- <Possible follow-ups>
- RE: Snort Users Yahoo GroupLaRose, Dallas (Jun 19)
  - Re: Snort Users Yahoo GroupBennett Todd (Jun 19)
- RE: Snort Users Yahoo GroupSadanapalli, Pradeep Kumar (MED, TCS) (Jun 19)
no RPM's?Daniel Wittenberg (Jun 19)
- Re: no RPM's?Bennett Todd (Jun 19)
Window SizeAndy Wood (Jun 19)
- Re: Window SizePhil Wood (Jun 19)
Slow? Why mail?Tobias Rice (Jun 19)
- Re: Slow? Why mail?Chris Mann (Jun 19)
  - Re: Slow? Why mail?twig les (Jun 19)
  - Re: Slow? Why mail?Mark Rowlands (Jun 20)
    - Re: Slow? Why mail?Chris Green (Jun 20)
- Re: Slow? Why mail?Bennett Todd (Jun 19)
- Re: Slow? Why mail?Roy S. Rapoport (Jun 19)
- Re: Slow? Why mail?Frank Knobbe (Jun 19)
- <Possible follow-ups>
- RE: Slow? Why mail?Everist, Benjamin S. (NASWI) (Jun 20)
remote interface monitoringEverett Ward (Jun 19)
- Re: remote interface monitoringErek Adams (Jun 19)
using "react" on w32 snort ...Jon Baer (Jun 19)
- Re: using "react" on w32 snort ...Erek Adams (Jun 19)
  - Re: using "react" on w32 snort ...Rich Adamson (Jun 20)
    - Re: using "react" on w32 snort ...Jeff Nathan (Jun 23)
what causes packet drops with low cpu usageHorta, Benny (Jun 20)
- <Possible follow-ups>
- RE: what causes packet drops with low cpu usageGarrett . Allen (Jun 20)
- Re: what causes packet drops with low cpu usageMatt Kettler (Jun 20)
Acid quickieDavid (Jun 20)
- <Possible follow-ups>
- Re: Acid quickieZack Jordan (Jun 23)
- RE: Acid quickieSchmehl, Paul L (Jun 23)
ACID duplicate Key error??Jon Paterson (Jun 20)
- <Possible follow-ups>
- RE: ACID duplicate Key error??Jon Paterson (Jun 23)
how snort detect port scancarl marx (Jun 20)
Re: Submit new detection engine?stephane nasdrovisky (Jun 20)
how to specify network interface card (windows)?Lukasz Gogolewski (Jun 20)
Thoughts.....Future of Linux?Donofrio, Lewis (Jun 20)
- Re: Thoughts.....Future of Linux?Chris Green (Jun 24)
  - OT-Read Only Network cablesMike Feetham (Jun 24)
    - Re: OT-Read Only Network cablesErek Adams (Jun 24)
    - Re: OT-Read Only Network cablessunzi (Jun 24)
    - Re: OT-Read Only Network cablesFrank Knobbe (Jun 24)
- <Possible follow-ups>
- Re: Thoughts.....Future of Linux?Matt Kettler (Jun 20)
RE: how to specify network interface card (windows)?L. Christopher Luther (Jun 20)
RE: how to specify network interface card (windows)?L. Christopher Luther (Jun 20)
Acid Email AlertsRobin Johnson (Jun 20)
- Re: Acid Email AlertsErek Adams (Jun 20)
- RE: Acid Email AlertsBrian Gregorcy (Jun 20)
  - Re: Acid Email AlertsJon Quiros (Jun 20)
    - Re: Acid Email AlertsJon Baer (Jun 20)
    - Re: Acid Email AlertsJon Quiros (Jun 20)
  - Re: Acid Email AlertsCharlie Blue (Jun 20)
  - Re: Acid Email AlertsJon Baer (Jun 20)
- Re: Acid Email AlertsThomas Bechtold (Jun 23)
how to log *only* $HOME_NETJon Baer (Jun 20)
- Re: how to log *only* $HOME_NETErek Adams (Jun 21)
W32/Randex.c?Jon Baer (Jun 20)
performance of the snortsb ch (Jun 20)
Firewall Tester 0.9Andrea Barisani (Jun 21)
Malware Identified (window size 55808)Michael Wright (Jun 21)
- Re: Malware Identified (window size 55808)Jeff Nathan (Jun 22)
Error trapping signatures ...Jon Baer (Jun 21)
- Re: Error trapping signatures ...Erek Adams (Jun 22)
  - Re: Error trapping signatures ...Jon Baer (Jun 22)
Statistics of GNUtella and other trafficCraig Bumpstead (Jun 22)
Feature Request: regex matching available as $n strings for msg:?Jason Haar (Jun 22)
- Re: Feature Request: regex matching available as $n strings for msg:?Jeff Nathan (Jun 22)
install Q ref; Redhat 9.0 Installation Guide, Setup guides @ snort.orgzie inhoud (Jun 23)
Listen at location Q, analyze at location XRichard Bejtlich (Jun 23)
Newbie Snort 2.0 install question...Tony Santos (Jun 23)
- <Possible follow-ups>
- Newbie Snort 2.0 install question...Tony Santos (Jun 30)
Feeding mysql db with alert log files.Daniel Gil (Jun 23)
- Re: Feeding mysql db with alert log files.Erek Adams (Jun 23)
mysqladmin versionmsmythe (Jun 23)
Cisco Catalyst - SNORTFalvo, Jose Luis - (Arg) (Jun 23)
- Re: Cisco Catalyst - SNORTJavier Liendo (Jun 23)
  - Re: Cisco Catalyst - SNORTScott Fringer (Jun 23)
- <Possible follow-ups>
- RE: Cisco Catalyst - SNORTFalvo, Jose Luis - (Arg) (Jun 23)
- RE: Cisco Catalyst - SNORTTinsley Paul (Jun 23)
  - RE: Cisco Catalyst - SNORTtwig les (Jun 23)
    - RE: Cisco Catalyst - SNORTshannong (Jun 24)
  - RE: Cisco Catalyst - SNORTJeff Nathan (Jun 26)
    - snort + 802.11 management frames ...Jon Baer (Jun 26)
    - Re: Cisco Catalyst - SNORTGary Flynn (Jun 27)
    - Re: Cisco Catalyst - SNORTRich Adamson (Jun 27)
    - Re[2]: Cisco Catalyst - SNORTLukasz Bromirski (Jun 27)
    - Re: Cisco Catalyst - SNORTJeff Nathan (Jun 27)
    - Foundry performance? (was "Re: Cisco Catalyst - SNORT")twig les (Jun 27)
    - Re: Foundry performance? (was "Re: Cisco Catalyst - SNORT")Roy S. Rapoport (Jun 28)
    - OT: Re: Foundry performance?Chris Green (Jun 30)
    - Re: Cisco Catalyst - SNORTGary Flynn (Jun 27)
    - Re: Cisco Catalyst - SNORTJeff Nathan (Jun 27)
    - RE: Cisco Catalyst - SNORTMike Feetham (Jun 27)
Snort and PPPoE / tun interfaceUIA Security Team (Jun 23)
- Re: Snort and PPPoE / tun interfaceLiam Reimers (Jun 25)
  - Re: Re: Snort and PPPoE / tun interfaceRich Adamson (Jun 25)
  - Re: Re: Snort and PPPoE / tun interfaceErek Adams (Jun 25)
- <Possible follow-ups>
- Re: Snort and PPPoE / tun interfaceUIA Security Team (Jun 24)
var HOME_NET under LinuxThomas Bechtold (Jun 23)
- Re: var HOME_NET under LinuxJason (Jun 23)
  - Re: var HOME_NET under LinuxThomas Bechtold (Jun 23)
  - Re: var HOME_NET under LinuxRoy S. Rapoport (Jun 23)
  - Re: var HOME_NET under LinuxErek Adams (Jun 23)
    - Re: var HOME_NET under LinuxThomas Bechtold (Jun 27)
    - Re: var HOME_NET under LinuxErek Adams (Jun 27)
    - Re: var HOME_NET under LinuxThomas Bechtold (Jun 28)
    - Re: var HOME_NET under LinuxErek Adams (Jun 28)
    - Re: var HOME_NET under LinuxThomas Bechtold (Jun 30)
    - Re: var HOME_NET under LinuxDavid Alonso De La Vega Tapage (Jun 30)
- <Possible follow-ups>
- RE: var HOME_NET under LinuxLaRose, Dallas (Jun 23)
- RE: var HOME_NET under LinuxSchmehl, Paul L (Jun 30)
Increase in UDP/1434 traffic, or is it meSam Evans (Jun 23)
Sans-giac alert listEsler, Joel Contractor (Jun 23)
Database permissions questionJohn Deagan (Jun 23)
- Re: Database permissions questionsunzi (Jun 23)
  - Re: Database permissions questionFrank Knobbe (Jun 23)
  - RE: Database permissions questionAhmad Farouk (Jun 25)
    - Re: Database permissions questionJason K. Boykin (Jun 25)
    - RE: Database permissions questionErek Adams (Jun 25)
- Re: Database permissions questionErek Adams (Jun 23)
  - newbie type questionsRich Adamson (Jun 23)
    - Re: newbie type questionsJ.C. Woods (Jun 24)
    - Re: newbie type questionsRoy S. Rapoport (Jun 24)
FreeBSD and the socket for a -A unsock optionSnort User (Jun 23)
Minimal OS installation for a Snort sensorFrancesco (Jun 23)
- RE: Minimal OS installation for a Snort sensortim.otten (Jun 24)
- <Possible follow-ups>
- RE: Minimal OS installation for a Snort sensorDonofrio, Lewis (Jun 30)
  - Preprocessor2-ignorehosts NOT WORKING.LucAdmin (Jun 30)
    - Re: Preprocessor2-ignorehosts NOT WORKING.Ciprian Badescu (Jun 30)
    - RE: Preprocessor2-ignorehosts NOT WORKING.LucAdmin (Jun 30)
    - Re: Preprocessor2-ignorehosts NOT WORKING.Matt Kettler (Jun 30)
  - Re: Minimal OS installation for a Snort sensorsunzi (Jun 30)
snort-replay 0.2Andreas Östling (Jun 24)
WinPcap 3.0 supports remote captureRichard Bejtlich (Jun 24)
- <Possible follow-ups>
- RE: WinPcap 3.0 supports remote captureEsler, Joel Contractor (Jun 24)
  - Re: WinPcap 3.0 supports remote capturesunzi (Jun 24)
Rule opinionsJames Nonya (Jun 24)
- RE: Rule opinionsMike Feetham (Jun 24)
  - RE: Rule opinionsMike Feetham (Jun 24)
- Re: Rule opinionsChristian Kreibich (Jun 24)
  - Re: Rule opinionsJames Nonya (Jun 24)
- <Possible follow-ups>
- RE: Rule opinionsGrime, Richard S (Jun 24)
- RE: Rule opinionsKreimendahl, Chad J (Jun 24)
  - Re: Rule opinionsGary Flynn (Jun 24)
  - RE: Rule opinionsJames Nonya (Jun 25)
NMAP scansSteve Murphy (Jun 24)
Re: Snort-users digest, Vol 1 #3293 - 11 msgs (Out Of Office)Joseph Koval (Jun 24)
Part of traffic matching wrong ruleJuergen Anthamatten (Jun 24)
- Re: Part of traffic matching wrong ruleJames Nonya (Jun 24)
- Re: Part of traffic matching wrong ruleErek Adams (Jun 24)
- Re: Part of traffic matching wrong ruleAndrew R. Baker (Jun 24)
- <Possible follow-ups>
- Re: Part of traffic matching wrong ruleJuergen Anthamatten (Jun 25)
- Re: Part of traffic matching wrong ruleJP Vossen (Jun 25)
  - Re: Part of traffic matching wrong ruleChris Green (Jun 26)
RE: OT-Read Only Network cablesbmcdowell (Jun 24)
- <Possible follow-ups>
- Fwd: Re: OT-Read Only Network cablesJason K. Boykin (Jun 24)
- RE: OT-Read Only Network cablesPPowenski (Jun 25)
RE: 55808 window size [WAS: (no subject)]Coyle, Brian (Jun 24)
- Re: RE: 55808 window size [WAS: (no subject)]Frank Knobbe (Jun 24)
newbie rules QSNORT (Jun 25)
- Re: newbie rules QJames Lay (Jun 25)
- Re: newbie rules QDarryl Luff (Jun 25)
RE: Snort-users digest, Vol 1 #3295 - 13 msgsCGhercoias (Jun 25)
Incorrect timestamps in snort log filesstirw (Jun 25)
Using SNORT for Internal IDSPankaj Gupta (Jun 25)
- Re: Using SNORT for Internal IDSErek Adams (Jun 25)
  - Re: Using SNORT for Internal IDSBryan Irvine (Jun 25)
- <Possible follow-ups>
- RE: Using SNORT for Internal IDSHutchinson, Andrew (Jun 25)
Snort Sensor Placement Outside FirewallRich Lichvar (Jun 25)
- Re: Snort Sensor Placement Outside FirewallErek Adams (Jun 25)
  - RE: Snort Sensor Placement Outside FirewallMichael Steele (Jun 25)
    - RE: Snort Sensor Placement Outside FirewallErek Adams (Jun 26)
- Re: Snort Sensor Placement Outside FirewallDavid Alonso De La Vega Tapage (Jun 25)
  - RE: Snort Sensor Placement Outside FirewallMichael Steele (Jun 25)
    - Re: Snort Sensor Placement Outside FirewallDavid Alonso De La Vega Tapage (Jun 26)
- <Possible follow-ups>
- Fw: Snort Sensor Placement Outside FirewallTom Sevy (Jun 26)
  - RE: Snort Sensor Placement Outside FirewallMichael Steele (Jun 26)
eth1 without an IP = no workyJason Whitson (Jun 25)
- Re: eth1 without an IP = no workyJames Lay (Jun 25)
- Re: eth1 without an IP = no workyErek Adams (Jun 25)
- Re: eth1 without an IP = no workyMatt Kettler (Jun 25)
- Re: eth1 without an IP = no workyJoe Matusiewicz (Jun 25)
  - UPDATE eth1 without an IP = no workyJason Whitson (Jun 25)
    - Re: UPDATE eth1 without an IP = no workyJames Lay (Jun 26)
few brief w32 questions ...Jon Baer (Jun 25)
- Re: few brief w32 questions ...Jeff Nathan (Jun 26)
  - Re: few brief w32 questions ...Jon Baer (Jun 26)
    - Re: few brief w32 questions ...Jeff Nathan (Jun 29)
fatal error starting snortGraham, Mike (Jun 25)
- Re: fatal error starting snortRodrigo Goya (Jun 25)
- Re: fatal error starting snortErek Adams (Jun 25)
  - Re: fatal error starting snortRoy S. Rapoport (Jun 25)
  - Re: fatal error starting snortJoerg Weber (Jun 26)
    - Re: fatal error starting snortJason K. Boykin (Jun 26)
    - Re: fatal error starting snortErek Adams (Jun 26)
Disabling syslogd "last message repeated"Scott Williams (Network) (Jun 25)
- <Possible follow-ups>
- RE: Disabling syslogd "last message repeated"Bradberry, John (Jun 30)
Barnyard and postgresqlJason (Jun 25)
- Re: Barnyard and postgresqlAndrew R. Baker (Jun 25)
Snort: WARNING: TCP Data Offset is less than 5!Matthew Connor (Jun 25)
Log vs AlertMatt Geiger (Jun 26)
- Re: Log vs AlertErek Adams (Jun 26)
  - Re: Log vs Alertlist (Jun 26)
- <Possible follow-ups>
- Re: Log vs AlertDusty Hall (Jun 26)
- Re: Log vs AlertJohn Deagan (Jun 26)
- RE: Re: Log vs AlertSRH-Lists (Jun 26)
- Re: Log vs AlertDusty Hall (Jun 26)
- RE: Re: Log vs AlertJohn Deagan (Jun 26)
- RE: Re: Log vs AlertJohn Deagan (Jun 26)
Snort rule questionJames Lay (Jun 26)
- Re: Snort rule questionErek Adams (Jun 26)
- Re: Snort rule questionMatt Kettler (Jun 26)
- Re: Snort rule questionChris Green (Jun 26)
- Re: Snort rule questionBrian (Jun 26)
Re.: Snort Sensor Placement Outside FirewallRich Lichvar (Jun 26)
- RE: Re.: Snort Sensor Placement Outside FirewallMichael Steele (Jun 26)
re: snortcenter/using a sensor with no ip addresslindsay . hunt (Jun 26)
- Re: re: snortcenter/using a sensor with no ip addressErek Adams (Jun 26)
  - Re: re: snortcenter/using a sensor with no ip addressRodrigo Goya (Jun 26)
trouble specifying more than one HOME_NET variablePhilip Davidson (Jun 26)
- Re: trouble specifying more than one HOME_NET variableErek Adams (Jun 26)
- Re: trouble specifying more than one HOME_NET variableJames Lay (Jun 26)
Alerts not Detected during Import?Dusty Hall (Jun 26)
- Re: Alerts not Detected during Import?Erek Adams (Jun 26)
- <Possible follow-ups>
- Re: Alerts not Detected during Import?Dusty Hall (Jun 26)
  - Re: Alerts not Detected during Import?Erek Adams (Jun 26)
  - Re: Alerts not Detected during Import?Chris Green (Jun 26)
hardware requirementsBrei, Matt (Jun 26)
- Re: hardware requirementsErek Adams (Jun 26)
  - Re: hardware requirementsDavid Alonso De La Vega Tapage (Jun 26)
- Re: hardware requirementsDavid Alonso De La Vega Tapage (Jun 26)
- <Possible follow-ups>
- RE: hardware requirementsSchmehl, Paul L (Jun 26)
Snort How IDS Host BasedMiguel Rosales (Jun 26)
- Re: Snort How IDS Host BasedErek Adams (Jun 26)
inbound alerts onlyDavid (Jun 26)
- Re: inbound alerts onlyStephen Dunn (Jun 26)
sid 1882 stable Rule malfunctions in 2.0Matthew McCarty (Jun 26)
- Re: sid 1882 stable Rule malfunctions in 2.0Erek Adams (Jun 26)
- Re: sid 1882 stable Rule malfunctions in 2.0Roy S. Rapoport (Jun 26)
  - Re: sid 1882 stable Rule malfunctions in 2.0Rodrigo Goya (Jun 26)
    - Re: sid 1882 stable Rule malfunctions in 2.0Roy S. Rapoport (Jun 26)
short-circuiting rulesPeter Moody (Jun 26)
- Re: short-circuiting rulestwig les (Jun 26)
- Re: short-circuiting rulesChris Green (Jun 30)
re: public snmp pass questionlindsay . hunt (Jun 26)
- Re: re: public snmp pass questionStephen Dunn (Jun 26)
connection trackingPeter Moody (Jun 26)
Re: add verbage about reading faqJP Vossen (Jun 26)
DMZ and NATRoelf Schreurs (Jun 27)
- Re: DMZ and NATErek Adams (Jun 27)
Collecting Snort statistics automaticallyPaul Gillingwater (Jun 27)
encrypt barnyard connectionsJochen Vogel (Jun 27)
- Re: encrypt barnyard connectionsJoerg Weber (Jun 27)
- <Possible follow-ups>
- RE: encrypt barnyard connectionsHutchinson, Andrew (Jun 27)
Snort problemmshultz (Jun 27)
- RE: Snort problemFaiz Ahmad Shuja (Jun 27)
- RE: Snort problemMichael Steele (Jun 27)
- Re: Snort problemMatt Kettler (Jun 27)
RE: Snort-users digest, Vol 1 #3302 - 13 msgsedward . hawkins (Jun 27)
- Re: RE: Snort-users digest, Vol 1 #3302 - 13 msgsRodrigo Goya (Jun 27)
jPgraphJose Fernandes (IT) (Jun 27)
- Multiple Barnyard questionsGordon Cunningham (Jun 27)
  - Re: Multiple Barnyard questionsAndrew R. Baker (Jun 30)
sid=1042 IIS view source via translate headerEverist, Benjamin S. (NASWI) (Jun 27)
snortcenter 1.0RC1Todd Holloway (Jun 27)
- Re: snortcenter 1.0RC1Rodrigo Goya (Jun 27)
RE: Snort-users digest, Vol 1 #3309 - 9 msgsChristian Tortorich (Jun 27)
- Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgsErek Adams (Jun 27)
  - Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgsRich Adamson (Jun 28)
- Re: RE: Snort-users digest, Vol 1 #3309 - 9 msgsJeff Nathan (Jun 28)
id check returned root ?!?!Michael D. Schleif (Jun 28)
- Re: id check returned root ?!?!MH (Jun 28)
  - Re: id check returned root ?!?!james (Jun 28)
- Re: id check returned root ?!?!Nicholas Delo (Jun 28)
  - Re: id check returned root ?!?!Michael D. Schleif (Jun 28)
    - Re: id check returned root ?!?!Frank Knobbe (Jun 28)
- Re: id check returned root ?!?!Erek Adams (Jun 28)
  - Re: id check returned root ?!?!Michael D. Schleif (Jun 28)
    - Re: id check returned root ?!?!Erek Adams (Jun 28)
RE: Snort 2.0 rc1 availableMcLaughlin, Andrew (Jun 29)
- RE: Snort 2.0 rc1 availableJoerg Weber (Jun 30)
AW: encrypt barnyard connectionsJochen Vogel (Jun 30)
Problem using SnortCenter with Snortedward . hawkins (Jun 30)
- Re: Problem using SnortCenter with SnortMike Wohlgemuth (Jun 30)
snort on smoothwall firewall....Rigoberto De La Portilla (Jun 30)
Snort and matching window size?James Lay (Jun 30)
- Re: Snort and matching window size?Matt Kettler (Jun 30)
  - Re: Snort and matching window size?James Lay (Jun 30)
    - Re: Snort and matching window size?Chris Green (Jun 30)
Re: var HOME_NET under Linux (fwd)Ciprian Badescu (Jun 30)
MYSQL Administration & Data purgingVuppala, Vijaybhasker (EM, GECIS) (Jun 30)
- Re: MYSQL Administration & Data purgingJon Baer (Jun 30)
- Re: MYSQL Administration & Data purgingCiprian Badescu (Jun 30)
statefulnessJavier Verdu Mula (Jun 30)
Rob Flentge/Mechanicsburg/US/Exel is out of the office.Rob . Flentge (Jun 30)
question about a receive-only ethernet cableScott Renna (Jun 30)
- Re: question about a receive-only ethernet cableFrank Knobbe (Jun 30)
Nemesis 1.4 beta3 releasedJeff Nathan (Jun 30)
license QuestionSh J (Jun 30)
- RE: license QuestionMichael Steele (Jun 30)
- Re: license QuestionMatt Kettler (Jun 30)
SQL Error - SQL=ROLLBACKAnthony Seung (Jun 30)
Snort/ACID alerts for Nagios?Martin C. Walker (Jun 30)
Snortcenter/acid referencesMartin C. Walker (Jun 30)
Error on postgresql loggingDilan (Jun 30)

Previous period

Next period