Snort: by thread
2572 messages
starting Sep 30 02 and
ending Dec 31 02
Date index |
Thread index |
Author index
- Trouble getting started Peter Youll (Sep 30)
- stream reassemble and dsize Holger . Woehle (Oct 01)
- Re: stream reassemble and dsize Martin Roesch (Oct 01)
- Re: Seg fault with 1.8.7 and MySQL Richard Ellerbrock (Oct 01)
- <Possible follow-ups>
- RE: Seg fault with 1.8.7 and MySQL Snort (Oct 01)
- Re: UDP Portscans Are Not Capture Grigoris Vidakis (Oct 01)
- RE: Basic snort setup for traffic analysis Nanabhay Mohamed * Group (GP) (Oct 01)
- spp_portscan unproper timestamp in replay(-r option) procedure Grigoris Vidakis (Oct 01)
- Re: spp_portscan unproper timestamp in replay(-r option) procedure James Hoagland (Oct 01)
- barnyard (Payload) Ron Shuck (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 01)
- Re: barnyard (Payload) Martin Roesch (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Jens Krabbenhoeft (Oct 15)
- Re: barnyard (Payload) Martin Roesch (Oct 15)
- Re: barnyard (Payload) Alwin Raymundo (Oct 16)
- Re: barnyard (Payload) Jens Krabbenhoeft (Oct 16)
- Re: barnyard (Payload) Martin Roesch (Oct 16)
- Re: barnyard (Payload) Martin Roesch (Oct 01)
- Re: barnyard (Payload) Bamm Visscher (Oct 01)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Bamm Visscher (Oct 15)
- Re: barnyard (Payload) Alwin Raymundo (Oct 15)
- Re: barnyard (Payload) Alwin Raymundo (Oct 01)
- Acid Toby Nelson (Oct 01)
- RE: Subject: ACID SECURITY JC (Oct 01)
- Announcement: Snort - Next Generation Christopher Kruegel (Oct 01)
- switch port settings? Matthew Harrell (Oct 01)
- Re: switch port settings? Matt Kettler (Oct 01)
- <Possible follow-ups>
- RE: switch port settings? McCammon, Keith (Oct 01)
- Re: barnyard on sparc64 openbsd insane (Oct 01)
- FrontPage Server Extensions 2000/2002 vulnerability Tudor Panaitescu (Oct 01)
- RE: Snort/ACID: Database Error 134 Tim Vruwink (Oct 01)
- <Possible follow-ups>
- RE: Snort/ACID: Database Error 134 JC (Oct 03)
- Snort as service on Win2K Dhruv Chandra (Oct 01)
- RE: Snort as service on Win2K Michael Steele (Oct 01)
- <Possible follow-ups>
- Snort as Service on Win2K Dhruv Chandra (Oct 01)
- RE: Snort as Service on Win2K Michael Steele (Oct 01)
- Portscan parameters shadi Rostami (Oct 01)
- Re: Portscan parameters Glenn Forbes Fleming Larratt (Oct 01)
- Snort 1.9 flow keyword shadi Rostami (Oct 29)
- Re: Snort 1.9 flow keyword Chris Green (Oct 29)
- Re: Snort 1.9 flow keyword Brian (Nov 07)
- stealth interface Dallas Jordan (Oct 01)
- <Possible follow-ups>
- RE: stealth interface Wirth, Jeff (Oct 01)
- RE: stealth interface Dallas Jordan (Oct 01)
- Re: stealth interface Mike Beal (Oct 01)
- Re: stealth interface Joe Matusiewicz (Oct 02)
- RE: stealth interface Matt Yackley (Oct 02)
- Re: stealth interface Jon Quiros (Oct 02)
- Re: 2 sensors/1 interface? Martin Olsson (Oct 02)
- RE: stealth interface Dallas Jordan (Oct 02)
- Other packet capturing libraries for Snort rkeller (Oct 01)
- SnortReport problem Cloppert, Michael (Oct 01)
- Rule Creation Question !. Moreno Poli (Oct 01)
- Re: Rule Creation Question !. Michael Boman (Oct 01)
- <Possible follow-ups>
- Rule Creation Question !. Moreno Poli (Oct 03)
- RE: Rule Creation Question !. Wayne T Work (Oct 03)
- Re: Rule Creation Question !. Bennett Todd (Oct 04)
- Re: Snort Logging error Ian Macdonald (Oct 01)
- tcpdump - showing data size netsec novice (Oct 01)
- Re: tcpdump - showing data size Martin Roesch (Oct 01)
- RE: Snort - Red hat 8.0 Michael Steele (Oct 01)
- Re: Flexresp Support and libnet ver 1.1.0 Jeff Nathan (Oct 02)
- Hi, general question Philippe Dhont (Sea-ro) (Oct 02)
- Re: Hi, general question Arvind Clemente (Oct 02)
- good NIC? mono toy (Oct 02)
- Re: R: Rule Creation Question !. Michael Boman (Oct 02)
- How to capture the Snort sensor ID using SnMP traps Jose Vicente Nunez Zuleta (Oct 02)
- Use Snort to measure HTTP transfer ? Juan José Sánchez Mesa (Oct 03)
- Re: How to capture the Snort sensor ID using SnMP traps Glenn Mansfield Keeni (Oct 10)
- ACID: Problem Viewing Alerts... Michael Gady (Oct 02)
- Re: ACID: Problem Viewing Alerts... Jens Krabbenhoeft (Oct 02)
- <Possible follow-ups>
- RE: ACID: Problem Viewing Alerts... Randy Bey (Oct 02)
- Re: Snort and high-traffic lines Jens Krabbenhoeft (Oct 02)
- Re: Snort and high-traffic lines Gary Flynn (Oct 02)
- Re: Snort and high-traffic lines Jens Krabbenhoeft (Oct 02)
- Re: Snort and high-traffic lines jsp1999 (Oct 03)
- Re: Snort and high-traffic lines Gary Flynn (Oct 02)
- Snort 1.8.7 on winXP laptop Sandy Biring (Oct 02)
- Re: Snort 1.8.7 on winXP laptop Serge M. Slivitzky (Oct 02)
- Re: Snort 1.8.7 on winXP laptop Frank Knobbe (Oct 02)
- Re: Snort 1.8.7 on winXP laptop Dragos Ruiu (Oct 02)
- <Possible follow-ups>
- RE: Snort 1.8.7 on winXP laptop Miller, Eoin (Oct 02)
- Snort Sensors die Scott_Avvento (Oct 02)
- Re: Snort Sensors die Chris Green (Oct 02)
- Re: Snort Sensors die Martin Roesch (Oct 03)
- <Possible follow-ups>
- RE: Snort Sensors die Thorson Shane R Contr 75 CS/SCBS (Oct 03)
- Channel bonding in Linux --- brief HOWTO Bennett Todd (Oct 02)
- Channel bonding in Linux --- brief HOWTO, version 1.1 Bennett Todd (Oct 04)
- Benchmarking load generator? Bennett Todd (Oct 02)
- Re: Benchmarking load generator? creining (Oct 02)
- Public packet traces? (was Re: Benchmarking load generator?) Bennett Todd (Oct 03)
- Re: Public packet traces? (was Re: Benchmarking load generator?) jsp1999 (Oct 03)
- Re: Public packet traces? (was Re: Benchmarking load generator?) Bennett Todd (Oct 03)
- Public packet traces? (was Re: Benchmarking load generator?) Bennett Todd (Oct 03)
- Re: Benchmarking load generator? Michael Boman (Oct 02)
- Re: Benchmarking load generator? creining (Oct 02)
- Re: bugbear signature? Shane Williams (Oct 02)
- Crashes with Dr.Watson errors - WindowsNT4 & Snort-1.8.7b128-Win 32_Barebones_Release.zip Bryce Stenberg (Oct 02)
- Need Paging Capability Based On Alert Severity Ibarra, Michael (Oct 03)
- ACID and SnortReport Questions Ibarra, Michael (Oct 03)
- <Possible follow-ups>
- RE: ACID and SnortReport Questions Hicks, John (Oct 03)
- RE: ACID and SnortReport Questions Ibarra, Michael (Oct 03)
- Corrupted Payloads in MySQL DB? Nick Lange (Oct 03)
- memory leak in Snort 1.8.7? Matthew Harrell (Oct 03)
- Re: memory leak in Snort 1.8.7? Ben Feinstein (Oct 03)
- <Possible follow-ups>
- Re: memory leak in Snort 1.8.7? Matthew Harrell (Oct 03)
- Re: memory leak in Snort 1.8.7? Matthew Harrell (Oct 04)
- Need help with Scan Socks Proxy Attempts Ed Kasky (Oct 03)
- <Possible follow-ups>
- RE: Need help with Scan Socks Proxy Attempts Ibarra, Michael (Oct 03)
- solaris 2.8 compile error on snort 1.9b6 Michael Scheidell (Oct 03)
- Re: solaris 2.8 compile error on snort 1.9b6 Chris Green (Oct 03)
- Re: solaris 2.8 compile error on snort 1.9b6 Michael Scheidell (Oct 03)
- Re: solaris 2.8 compile error on snort 1.9b6 Chris Green (Oct 03)
- Snort testing with Snot Kelly Mandrake (Oct 03)
- Snort-users] ACID: Alert Viewing problem..... Michael (Oct 03)
- Re: Snort-users] ACID: Alert Viewing problem..... Gene Yoo (Oct 04)
- Re: Win2K Advanced Server problems Doolittle, David (Oct 03)
- RE: Use Snort to measure HTTP transfer ? Miller, Eoin (Oct 03)
- --enable-flexresp Larry Calow (Oct 03)
- Re: --enable-flexresp Jeff Nathan (Oct 03)
- signature follow-up how-to doc twig les (Oct 03)
- snort-1.9.0 is released! Chris Green (Oct 03)
- snortrules.tar.gz not updated Martin Olsson (Oct 04)
- Re: snortrules.tar.gz not updated Chris Green (Oct 04)
- Re: snort-1.9.0 is released! twig les (Oct 04)
- Re: snort-1.9.0 is released! Bennett Todd (Oct 04)
- <Possible follow-ups>
- RE: snort-1.9.0 is released! Kreimendahl, Chad J (Oct 04)
- snortrules.tar.gz not updated Martin Olsson (Oct 04)
- Starting SNORT Remus (Oct 04)
- <Possible follow-ups>
- RE: Starting SNORT Snort (Oct 04)
- RE: Starting SNORT Michael Brown (Oct 06)
- Problems with MySQL output Borja Marcos (Oct 04)
- Addendum: Problems with MySQL output Borja Marcos (Oct 07)
- Logging to non local database Helmut Schneider (Oct 07)
- RE: Logging to non local database Wayne T Work (Oct 07)
- Re: Logging to non local database Helmut Schneider (Oct 07)
- RE: Logging to non local database Wayne T Work (Oct 07)
- Re: Logging to non local database Borja Marcos (Oct 08)
- Logging to non local database Helmut Schneider (Oct 07)
- <Possible follow-ups>
- RE: Problems with MySQL output Snort (Oct 04)
- Addendum: Problems with MySQL output Borja Marcos (Oct 07)
- Snort 1.9 and ACID? Pacheco, Michael F. (Oct 04)
- <Possible follow-ups>
- RE: Snort 1.9 and ACID? Uhte, Russ (Oct 04)
- RE: Snort 1.9 and ACID? Pacheco, Michael F. (Oct 04)
- RE: Snort 1.9 and ACID? Uhte, Russ (Oct 04)
- Win32 v1.9 incorrect on snort.org web site Rich Adamson (Oct 04)
- Re: Win32 v1.9 incorrect on snort.org web site Chris Green (Oct 04)
- Re: Win32 v1.9 incorrect on snort.org web site Juan José Sánchez Mesa (Oct 06)
- RE: [Snort-devel] Win32 v1.9 incorrect on snort.org web site Turner Ryan S KPWA (Oct 04)
- RE: [Snort-devel] Win32 v1.9 incorrect on snort.org web site Rich Adamson (Oct 04)
- Executing SQL (postgresql) to get results? Sloan Bowman (Oct 04)
- <Possible follow-ups>
- RE: Executing SQL (postgresql) to get results? Kevin Brown (Oct 04)
- Error: Unknown config: reference Scott_Avvento (Oct 04)
- Weird Messages Ibarra, Michael (Oct 04)
- Re: Weird Messages Chris Green (Oct 04)
- <Possible follow-ups>
- RE: Weird Messages Ibarra, Michael (Oct 04)
- Re: Weird Messages Chris Green (Oct 04)
- snort1.9 WIN32 compile problems Paul Accosta (Oct 04)
- Re: snort1.9 WIN32 compile problems Chris Green (Oct 04)
- <Possible follow-ups>
- snort1.9 WIN32 compile problems Paul Accosta (Oct 06)
- Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 04)
- Re: Snort 1.9, RH 7.3 and Acid Addam Schroll (Oct 04)
- <Possible follow-ups>
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 04)
- RE: Snort 1.9, RH 7.3 and Acid Slighter, Tim (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Erek Adams (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Kevin Brown (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 08)
- RE: Snort 1.9, RH 7.3 and Acid Erek Adams (Oct 08)
- snort1.9.0 source and binary issue Paul Accosta (Oct 04)
- Re: snort1.9.0 source and binary issue Chris Green (Oct 04)
- Snort 1.90 no Spade? Shane Hickey (Oct 04)
- Re: Snort 1.90 no Spade? James Hoagland (Oct 05)
- Re: Snort 1.90 no Spade? james (Oct 05)
- Re: Snort 1.90 no Spade? James Hoagland (Oct 05)
- Library required for --enable-flexresp francisv (Oct 04)
- Re: Library required for --enable-flexresp Frank Knobbe (Oct 05)
- Re: Library required for --enable-flexresp Jeff Nathan (Oct 05)
- <Possible follow-ups>
- RE: Library required for --enable-flexresp Slighter, Tim (Oct 07)
- RE: Library required for --enable-flexresp Jeff Nathan (Oct 07)
- How to log an alert plus x number of packets? Rich Adamson (Oct 05)
- Re: How to log an alert plus x number of packets? Michael Boman (Oct 05)
- Barnyard: classification off by one? Michael Scheidell (Oct 05)
- Re: Barnyard: classification off by one? Dragos Ruiu (Oct 05)
- Re: [Barnyard-users] Barnyard: classification off by one? Andrew R. Baker (Oct 06)
- Initializing Output Plugins! Sander Smeenk (Oct 06)
- Re: Initializing Output Plugins! Erek Adams (Oct 06)
- Re: Initializing Output Plugins! Sander Smeenk (Oct 06)
- Re: Initializing Output Plugins! Erek Adams (Oct 06)
- Re: Initializing Output Plugins! Sander Smeenk (Oct 06)
- Re: Initializing Output Plugins! Sander Smeenk (Oct 06)
- Re: Initializing Output Plugins! Erek Adams (Oct 06)
- mystery arp message robin (Oct 06)
- Re: mystery arp message Chris Reining (Oct 06)
- Re: mystery arp message Jeff Nathan (Oct 06)
- Re: mystery arp message Jeff Nathan (Oct 06)
- Re: mystery arp message Chris Reining (Oct 06)
- Strange Acid/php error: (-upgrade to older version) Magnus.M.Glantz (Oct 06)
- RE: Strange Acid/php error: (-upgrade to older version) Paulo Filipe Mira (Oct 08)
- <Possible follow-ups>
- SV: Strange Acid/php error: (-upgrade to older version) Magnus.M.Glantz (Oct 10)
- Re: SV: Strange Acid/php error: (-upgrade to older version) Lentila de Vultur (Oct 11)
- SV: Strange Acid/php error: (-upgrade to older version) Magnus.M.Glantz (Oct 10)
- Connecting to other than localhost crashes mysqld Josh Harding (Oct 07)
- fewer alerts found with acid than snort reported charella constansia (Oct 07)
- WEB-IIS cmd.exe access Alwin Raymundo (Oct 07)
- <Possible follow-ups>
- RE: WEB-IIS cmd.exe access Laverdière Yvan (Oct 07)
- RE: WEB-IIS cmd.exe access Brown, Bobby (US - Hermitage) (Oct 10)
- RE: Strange Acid/php error: (-upgrade to older vers ion) Slighter, Tim (Oct 07)
- RE: Logging to non local database Miller, Eoin (Oct 07)
- Re: Logging to non local database Helmut Schneider (Oct 07)
- <Possible follow-ups>
- RE: Logging to non local database Miller, Eoin (Oct 07)
- Re: Logging to non local database Helmut Schneider (Oct 07)
- RE: Logging to non local database Ted Stringer (Oct 07)
- Re: Logging to non local database Helmut Schneider (Oct 07)
- Re: Logging to non local database Jeff Nathan (Oct 07)
- Re: Logging to non local database Helmut Schneider (Oct 07)
- Red Hat 8 and Snort Alex Pinheiro Machado Rodrigues (Oct 07)
- Re: Red Hat 8 and Snort shrek-m () gmx de (Oct 07)
- Re: Red Hat 8 and Snort Alex Pinheiro Machado Rodrigues (Oct 07)
- Re: Re: Red Hat 8 and Snort shrek-m () gmx de (Oct 07)
- Re: Red Hat 8 and Snort Alex Pinheiro Machado Rodrigues (Oct 07)
- Re: Red Hat 8 and Snort shrek-m () gmx de (Oct 07)
- loghog question Matthew Harrell (Oct 07)
- <Possible follow-ups>
- Re: loghog question Matthew Harrell (Oct 07)
- RE: loghog question Miller, Eoin (Oct 07)
- Barnyard 0.1 RC3 available Andrew R. Baker (Oct 07)
- Snort 1.9.0 documentation? Cloppert, Michael (Oct 07)
- Re: Snort 1.9.0 documentation? Chris Green (Oct 07)
- simple question Petre Bandac (Oct 07)
- <Possible follow-ups>
- RE: simple question Steve Halligan (Oct 07)
- RE: simple question Robby Desmond (Oct 10)
- Problem with Upgrading to 1.9 linus (Oct 07)
- <Possible follow-ups>
- Problem with Upgrading to 1.9 Linus Hindmarsh (Oct 10)
- improvements with snort-ng Paul Accosta (Oct 07)
- Snorting with a single ethernet card Xavi Altafulla (Oct 08)
- <Possible follow-ups>
- Snorting with a single ethernet card Xavi Altafulla (Oct 10)
- logsnorter Ben Whittaker (Oct 08)
- Snort1.9 TCPdump output file format Grime, Richard S (Oct 08)
- Re: Snort1.9 TCPdump output file format Erek Adams (Oct 08)
- <Possible follow-ups>
- RE: Snort1.9 TCPdump output file format Grime, Richard S (Oct 09)
- RE: Snort1.9 TCPdump output file format Erek Adams (Oct 09)
- (no subject) Abimbola Abiola (Oct 08)
- <Possible follow-ups>
- (no subject) counterping (Oct 08)
- Re: (no subject) Matt Kettler (Oct 08)
- RE: (no subject) Beckett, Josh (Oct 08)
- RE: (no subject) Beckett, Josh (Oct 08)
- (no subject) Adrienne Kotze (Oct 10)
- (no subject) Nathan Whitehouse (Oct 14)
- Re: (no subject) hackerwacker (Oct 14)
- Re: (no subject) Erek Adams (Oct 14)
- RE: (no subject) Bob Dehnhardt (Oct 14)
- (no subject) Nanabhay Mohamed * Group (GP) (Oct 16)
- (no subject) Kreimendahl, Chad J (Oct 22)
- (no subject) Ha Tu (Oct 27)
- Re: (no subject) Erek Adams (Oct 27)
- (no subject) Philippe Dhont (Sea-ro) (Nov 18)
- Re: (no subject) Xavi Altafulla (Nov 18)
- (no subject) counterping (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- Error using the -T option Mike Koponick (Dec 10)
- Re: Error using the -T option Erick Mechler (Dec 10)
- RE: Error using the -T option Mike Koponick (Dec 10)
- Re: (no subject) Erick Mechler (Dec 10)
- (no subject) Jim Terry (Dec 12)
- Re: (no subject) James-lists (Dec 12)
- Re: (no subject) Jim Terry (Dec 14)
- (no subject) netexpress (Dec 17)
- Snort 1.9.0 as Service on Win2k bunger (Oct 08)
- ATTACK RESPONSES id check returned root Dallas Jordan (Oct 08)
- Re: ATTACK RESPONSES id check returned root Chris Green (Oct 08)
- <Possible follow-ups>
- RE: ATTACK RESPONSES id check returned root McCammon, Keith (Oct 08)
- RE: ATTACK RESPONSES id check returned root Metz, Tim (Oct 08)
- RE: ATTACK RESPONSES id check returned root Semerjian, Ohanes (Oct 08)
- Portscan from self? Marc Thomas (Oct 08)
- <Possible follow-ups>
- RE: Portscan from self? Miller, Eoin (Oct 08)
- portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Bennett Todd (Oct 08)
- Re: portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Erek Adams (Oct 08)
- portscan-ignorehosts for portscan2? (was Re: Portscan from self?) Bennett Todd (Oct 08)
- snort & mysql; not using the password?! Folkert van Heusden (Oct 08)
- RE: snort & mysql; not using the password?! Folkert van Heusden (Oct 08)
- AW: snort & mysql; not using the password?! Sean Wheeler (Oct 08)
- <Possible follow-ups>
- RE: snort & mysql; not using the password?! Miller, Eoin (Oct 08)
- RE: snort & mysql; not using the password?! Slighter, Tim (Oct 08)
- AW: snort & mysql; not using the password?! Sean Wheeler (Oct 08)
- RE: snort & mysql; not using the password?! Slighter, Tim (Oct 08)
- Errror : can not get write access to logging directory "1". Abimbola Abiola (Oct 08)
- <Possible follow-ups>
- RE: Errror : can not get write access to logging directory "1". Miller, Eoin (Oct 08)
- stream4 is alerting from my own MySQL Box??? Jeff Ramsey (Oct 08)
- Re: stream4 is alerting from my own MySQL Box??? Erek Adams (Oct 08)
- Query display Toby Nelson (Oct 08)
- Re: Query display Matt Kettler (Oct 08)
- csv output plugin problems on 1.9 w32 John York (Oct 08)
- <Possible follow-ups>
- csv output plugin problems on 1.9 w32 John York (Oct 10)
- RE: csv output plugin problems on 1.9 w32 John York (Oct 10)
- RE: RE: csv output plugin problems on 1.9 w32 John York (Oct 10)
- RE: Miller, Eoin (Oct 08)
- snortsnarf displays 0 alerts Dennis Gorman (Oct 08)
- Re: snortsnarf displays 0 alerts James Hoagland (Oct 08)
- RE: snortsnarf displays 0 alerts Dennis Gorman (Oct 08)
- <Possible follow-ups>
- snortsnarf displays 0 alerts Dennis Gorman (Oct 10)
- snortsnarf displays 0 alerts Dennis Gorman (Oct 14)
- Re: snortsnarf displays 0 alerts James Hoagland (Oct 15)
- RE: snortsnarf displays 0 alerts Dennis Gorman (Oct 16)
- Re: snortsnarf displays 0 alerts James Hoagland (Oct 15)
- Re: snortsnarf displays 0 alerts James Hoagland (Oct 08)
- Query display (Resent w/ more info) Toby Nelson (Oct 08)
- <Possible follow-ups>
- Query display (Resent w/ more info) Toby Nelson (Oct 09)
- Re: Query display (Resent w/ more info) Roman Danyliw (Oct 09)
- error when starting snort on a Linux 8.0 system Nathan Whitehouse (Oct 08)
- Re: error when starting snort on a Linux 8.0 system Erek Adams (Oct 08)
- RE: error when starting snort on a Linux 8.0 system Wayne T Work (Oct 08)
- 1.9.0 and "Unknown Datagram decoding problem" Jason Haar (Oct 08)
- Re: 1.9.0 and "Unknown Datagram decoding problem" Erek Adams (Oct 08)
- Re: 1.9.0 and "Unknown Datagram decoding problem" Chris Green (Oct 08)
- Re: 1.9.0 and "Unknown Datagram decoding problem" Erek Adams (Oct 08)
- RE: My own MySQL server giving me stream4 alerts Jeff Ramsey (Oct 08)
- Editing detect_scans Michael Shekman (Oct 08)
- ADODB ACID SNORT Toby Nelson (Oct 08)
- <Possible follow-ups>
- ADODB ACID SNORT Toby Nelson (Oct 09)
- Snort version comparisons Sabari Devadoss (Oct 08)
- Re: Snort version comparisons Chris Green (Oct 08)
- drive config for sensor? /dev/null (Oct 08)
- Re: drive config for sensor? Erek Adams (Oct 08)
- drive config for sensor? /dev/null (Oct 08)
- Re: Snort version comparisons Erek Adams (Oct 08)
- <Possible follow-ups>
- Re: Snort version comparisons larc (Oct 09)
- RE: Snort version comparisons Crow, Owen (Oct 09)
- Re: Snort version comparisons Chris Green (Oct 08)
- Spade 021008.1 available! James Hoagland (Oct 08)
- Re: Spade 021008.1 available! James Hoagland (Oct 09)
- Segfault on Alpha 1.9.0 Kunos Péter (Oct 09)
- Re: Segfault on Alpha 1.9.0 Erek Adams (Oct 09)
- <Possible follow-ups>
- RE: Segfault on Alpha 1.9.0 Kunos Péter (Oct 09)
- Re: Segfault on Alpha 1.9.0 Alain Fauconnet (Oct 17)
- Re: Segfault on Alpha 1.9.0 Alain Fauconnet (Oct 17)
- installing snort Andrea Iacopini (Oct 09)
- <Possible follow-ups>
- Installing Snort Andrea Iacopini (Oct 17)
- Re: Installing Snort Michael Muenz (Oct 17)
- RE: Installing Snort Slighter, Tim (Oct 17)
- portscan2 Alwin Raymundo (Oct 09)
- Finding SIDs in ACID Michael G. Meskill (MIS) (Oct 09)
- Snortcenter faq/mailing list anywhere? peterm (Oct 09)
- Snortcenter can't connect to sensor peterm (Oct 09)
- Re: Snortcenter can't connect to sensor Larc (Oct 09)
- Re: Snortcenter can't connect to sensor peterm (Oct 09)
- Re: Snortcenter can't connect to sensor Larc (Oct 09)
- Re: Problem with compiling mysql-support on RedHat 7.3 peterm (Oct 09)
- Re: [Snort-users] Snort 1.9.0 Beta 6 Chris Green (Oct 09)
- RE: Acid Issues with snort Slighter, Tim (Oct 09)
- RE: Acid Issues with snort Roman Danyliw (Oct 09)
- <Possible follow-ups>
- RE: Acid Issues with snort Slighter, Tim (Oct 09)
- RE: Acid Issues with snort Cloppert, Michael (Oct 10)
- RE: Acid Issues with snort Slighter, Tim (Oct 10)
- Anything better? Toby Nelson (Oct 09)
- RE: Anything better? Tod Neil (Oct 09)
- <Possible follow-ups>
- RE: Anything better? Ibarra, Michael (Oct 09)
- RE: Anything better? Hicks, John (Oct 09)
- RE: Anything better? Slighter, Tim (Oct 09)
- RE: Anything better? Slighter, Tim (Oct 09)
- RE: Anything better? Hicks, John (Oct 09)
- Snort stall at start Nathan Whitehouse (Oct 09)
- Re: Snort stall at start Matt Kettler (Oct 09)
- Re: RE: [Snort-sigs] Current rule set for snort 1.8.7 netbios.rules -- Windows 2000 to Windows 2000 mapping detecting C$ and ADMIN$ whats the deal? Chris Green (Oct 09)
- Bouncer Sheahan, Paul (PCLN-NW) (Oct 09)
- IP Address's in Rule Mike McCabe (Oct 09)
- Re: IP Address's in Rule Erek Adams (Oct 09)
- Re: IP Address's in Rule Matt Kettler (Oct 09)
- Re: IP Address's in Rule Robby Desmond (Oct 10)
- <Possible follow-ups>
- RE: IP Address's in Rule Slighter, Tim (Oct 09)
- Re: IP Address's in Rule Mike McCabe (Oct 09)
- TCPDUMP Filter don't work :( counterping (Oct 09)
- Re: TCPDUMP Filter don't work :( Phil Wood (Oct 09)
- Re: TCPDUMP Filter don't work :( Jim Cliver (Oct 09)
- Snort and port lists Sean Wheeler (Oct 09)
- Re: Snort and port lists Martin Roesch (Oct 11)
- <Possible follow-ups>
- RE: TCPDUMP Filter don't work :( Wirth, Jeff (Oct 09)
- Newbie questions, Snort on NT, stealth mode vs react/flexresp Dave Thornburgh (Oct 09)
- <Possible follow-ups>
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dave Thornburgh (Oct 09)
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dragos Ruiu (Oct 09)
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Frank Knobbe (Oct 09)
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dragos Ruiu (Oct 09)
- False Alerts Sean T. Ballard (Oct 09)
- <Possible follow-ups>
- Re: False Alerts Peter . VE (Oct 09)
- RE: False Alerts Hicks, John (Oct 09)
- Snort-bloat-1.9.0 Doc JOHN R BLACKMORE (Oct 09)
- snort dead but subsys locked Nathan Whitehouse (Oct 09)
- Re: snort dead but subsys locked Earl D. Fife (Oct 09)
- <Possible follow-ups>
- RE: snort dead but subsys locked Miller, Eoin (Oct 09)
- RE: snort dead but subsys locked Ben Tetu-Pappas (Oct 09)
- Snort portscan false positives? Felipe Alfaro Solana (Oct 09)
- Re: Snort portscan false positives? Erek Adams (Oct 09)
- Re: Snort portscan false positives? Felipe Alfaro Solana (Oct 09)
- Re: Snort portscan false positives? Erek Adams (Oct 09)
- Re: Snort portscan false positives? Bob Van Cleef (Oct 10)
- Re: Snort portscan false positives? Felipe Alfaro Solana (Oct 09)
- <Possible follow-ups>
- RE: Snort portscan false positives? Beckett, Josh (Oct 09)
- Re: Snort portscan false positives? Erek Adams (Oct 09)
- Portscan2 filtering suggestions - Snort 1.9.0 & acid Beckett, Josh (Oct 09)
- <Possible follow-ups>
- RE: Portscan2 filtering suggestions - Snort 1.9.0 & acid Beckett, Josh (Oct 09)
- Hardware config Wim van den Berge (Oct 09)
- Attention: Win32 Users - Snort 1.9.0 "STABLE RELEASE" Binaries Available Michael Steele (Oct 09)
- How to avoid false alarms with Gnutella: Getting a lot of SHELLCODE x86 NOOP and STEALTH ACTIVITY for dest port 6346 Jose Vicente Nunez Zuleta (Oct 09)
- Help with snort connection to MySQL Nathan Whitehouse (Oct 09)
- Session issues Toby Nelson (Oct 09)
- <Possible follow-ups>
- Session issues Toby Nelson (Oct 14)
- SNORT 1.9 As Service - Won't Start bunger (Oct 09)
- RE: SNORT 1.9 As Service - Won't Start Michael Steele (Oct 09)
- <Possible follow-ups>
- RE: SNORT 1.9 As Service - Won't Start Michael Steele (Oct 10)
- RE: SNORT 1.9 As Service - Won't Start Michael Steele (Oct 10)
- portscan.log file Ganu Skop (Oct 09)
- Re: portscan.log file Erek Adams (Oct 09)
- how to show payload data SW (Oct 10)
- Re: how to show payload data Dragos Ruiu (Oct 10)
- how to show payload data SW (Oct 10)
- Re: portscan.log file Erek Adams (Oct 09)
- Migrating from 1.8.6 to 1.9.0 and updating the MySQL-DB scheme, any docs outthere? Edin Dizdarevic (Oct 10)
- RE: Migrating from 1.8.6 to 1.9.0 and updating the MySQL-DB scheme, any docs outthere? Gene Gomez (Oct 10)
- Re: Migrating from 1.8.6 to 1.9.0 and updating the MySQL-DB scheme, any docs outthere? Edin Dizdarevic (Oct 10)
- RE: Migrating from 1.8.6 to 1.9.0 and updating the MySQL-DB scheme, any docs outthere? Gene Gomez (Oct 10)
- i need your help. Abimbola Abiola (Oct 10)
- I need you help. Abimbola Abiola (Oct 10)
- Snort 1.9 on Win 2000 Server Salvatore Basso (Oct 10)
- <Possible follow-ups>
- Re: Snort 1.9 on Win 2000 Server Salvatore Basso (Oct 17)
- Re: Snort 1.9 on Win 2000 Server Salvatore Basso (Oct 18)
- snort on windows automation (Oct 10)
- RE: snort on windows Dennis Gorman (Oct 10)
- Database Error Weber, Wes (Oct 10)
- SMTP_SERVERS error when starting snort Dirty Absu (Oct 10)
- Re: SMTP_SERVERS error when starting snort twig les (Oct 10)
- Snort dropping packages. How to ? armando (Oct 10)
- <Possible follow-ups>
- Snort dropping packages. How to ? armando (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- Re: Snort dropping packages. How to ? Jason (Oct 10)
- Re: Snort dropping packages. How to ? Alberto Gonzalez (Oct 10)
- logging when the connection to MySQL is lost Hubert Karlch (Oct 10)
- RE: logging when the connection to MySQL is lost Gene Gomez (Oct 11)
- Re: logging when the connection to MySQL is lost Erek Adams (Oct 11)
- <Possible follow-ups>
- RE: logging when the connection to MySQL is lost Steve Halligan (Oct 10)
- Help Req: Snort Compile Problems Chris Willis (Oct 10)
- db schema upgrade Vladimir Orlando (Oct 10)
- AW: db schema upgrade Sean Wheeler (Oct 14)
- How to disable a particular interface Grimes, Roger (Oct 10)
- RE: Interesting alerts. Jeremy Junginger (Oct 10)
- I keep getting an alert from my own SQL server Jeff Ramsey (Oct 10)
- Snort 1.9 vs 2.0 Hervé Debar (Oct 10)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 10)
- Re: Snort 1.9 vs 2.0 Andreas Hasenack (Oct 10)
- Re: Snort 1.9 vs 2.0 Martin Roesch (Oct 10)
- Re: Snort 1.9 vs 2.0 Hervé Debar (Oct 11)
- Re: Snort 1.9 vs 2.0 Martin Roesch (Oct 11)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 11)
- Re: Snort 1.9 vs 2.0 Jens Krabbenhoeft (Oct 14)
- Re: Snort 1.9 vs 2.0 Florin Andrei (Oct 11)
- Re: Snort 1.9 vs 2.0 Erek Adams (Oct 11)
- Re: Snort 1.9 vs 2.0 Andreas Hasenack (Oct 10)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 10)
- Can't connect to local MYSQL Adeel Asher (Oct 10)
- Re: Can't connect to local MYSQL twig les (Oct 10)
- Spade available via Snortenstein James Hoagland (Oct 10)
- action on packet Reinaldo Nurquez (Oct 10)
- <Possible follow-ups>
- RE: action on packet Knight, Ric (Oct 10)
- Snort tools for detecting, and alerting based on a DOS attack. George Walford (Oct 10)
- alerts with "[Xref => arachnids" tag bunched together in Snort alert file murcsu murcsu () mail com (Oct 10)
- Re: alerts with "[Xref => arachnids" tag bunched together in Snort alert file Lawrence Reed (Oct 10)
- Acid archive error. Marc Thomas (Oct 10)
- java and ActiveX signatures? Andreas Hasenack (Oct 10)
- barnyard configure problem Randy Bey (Oct 10)
- Re: barnyard configure problem Alwin Raymundo (Oct 11)
- Dropping packets - how to tell? Lefevre, Steven (Oct 11)
- Re: Dropping packets - how to tell? Alberto Gonzalez (Oct 11)
- Re: Dropping packets - how to tell? Erek Adams (Oct 11)
- Dropping packets - how to tell? Lefevre, Steven (Oct 11)
- Re: barnyard configure problem Andrew R. Baker (Oct 11)
- RE: barnyard configure problem Wayne T Work (Oct 11)
- Re: barnyard configure problem Alwin Raymundo (Oct 11)
- Snort Implementation Guide - Redhat 7.3 / MySQL / ACID Steve Scott (Oct 10)
- Snort supports... Daniel Kobayashi Imori (Oct 10)
- Re: Snort supports... hackerwacker (Oct 10)
- Problems starting snort dhobson (Oct 10)
- Re: Problems starting snort Erek Adams (Oct 10)
- <Possible follow-ups>
- Problems starting snort Pieter Blaauw (Oct 16)
- Duplicate classification, barnyard HUP Michael Scheidell (Oct 11)
- Stumped Nathan Whitehouse (Oct 11)
- <Possible follow-ups>
- RE: Stumped Slighter, Tim (Oct 11)
- RE: Stumped Nathan Whitehouse (Oct 11)
- RE: Stumped Gene Gomez (Oct 11)
- RE: Stumped Erek Adams (Oct 11)
- RE: Stumped Nathan Whitehouse (Oct 11)
- tcp port 0 rule Bob Van Cleef (Oct 11)
- mysql & snort Кругляков Николай Владиславович (Oct 11)
- RE: mysql & snort Wayne T Work (Oct 11)
- Sensor not logging data Andy Stein (Oct 11)
- Re: Sensor not logging data Erek Adams (Oct 11)
- Snort/Acid Toby Nelson (Oct 11)
- <Possible follow-ups>
- RE: Snort/Acid Cloppert, Michael (Oct 21)
- ARP logging? Cade Cairns (Oct 11)
- Re: ARP logging? matt (Oct 11)
- Re: ARP logging? Cade Cairns (Oct 11)
- Re: ARP logging? Cade Cairns (Oct 11)
- Re: ARP logging? Cade Cairns (Oct 11)
- Re: ARP logging? matt (Oct 11)
- Multiple Sensors to 1 DB Server The infoSphere (Oct 11)
- <Possible follow-ups>
- RE: Multiple Sensors to 1 DB Server Kevin Brown (Oct 11)
- Re: Multiple Sensors to 1 DB Server Dragos Ruiu (Oct 11)
- Re: Multiple Sensors to 1 DB Server Jason Haar (Oct 15)
- Re: Multiple Sensors to 1 DB Server Dragos Ruiu (Oct 11)
- Reading log packet data rkeller (Oct 11)
- Re: Reading log packet data Dragos Ruiu (Oct 11)
- portscans of the broadcast address? Bob Van Cleef (Oct 11)
- Re: portscans of the broadcast address? Alberto Gonzalez (Oct 11)
- Re: portscans of the broadcast address? Erek Adams (Oct 11)
- mysql_error: Access denied for user: 'snort@192.168.1.30' (Using password: YES) Sujit Pal (Oct 12)
- Re: mysql_error: Access denied for user: 'snort@192.168.1.30' (Using password: YES) Robby Desmond (Oct 12)
- <Possible follow-ups>
- RE: mysql_error: Access denied for user: 'snort@192.168.1.30' (Using password: YES) Sujit Pal (Oct 12)
- Spade 021012.1 available James Hoagland (Oct 12)
- Experimenting with TAG, question Rich Adamson (Oct 13)
- Re: Experimenting with TAG, question Martin Roesch (Oct 14)
- Using snort sensors. Sujit Pal (Oct 13)
- Re: Using snort sensors. Chris Baker (Oct 13)
- Re: Using snort sensors. Erek Adams (Oct 14)
- <Possible follow-ups>
- Re: Using snort sensors. Pedro Tedeschi (Oct 14)
- Running 2 Bridge sensors on 1 host Thijs Hodiamont (Oct 14)
- Re: Running 2 Bridge sensors on 1 host Erek Adams (Oct 14)
- Can't set logdir in 1.9.0 Serge Leschinsky (Oct 14)
- Re: Can't set logdir in 1.9.0 Chris Green (Oct 14)
- Re[2]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 16)
- Re[2]: Can't set logdir in 1.9.0 Erek Adams (Oct 16)
- Re[3]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 17)
- Re: Can't set logdir in 1.9.0 Sten Kalenda home (Oct 18)
- Re[2]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 17)
- Re[2]: Can't set logdir in 1.9.0 Serge Leschinsky (Oct 16)
- Re: Can't set logdir in 1.9.0 Chris Green (Oct 14)
- Snort 1.9 as a Win2k Service bunger (Oct 14)
- <Possible follow-ups>
- RE: Snort 1.9 as a Win2k Service Uhte, Russ (Oct 14)
- New version of ACID John Maestrale (Oct 14)
- Re: New version of ACID Anton A. Chuvakin (Oct 14)
- Re: New version of ACID Roman Danyliw (Oct 14)
- <Possible follow-ups>
- RE: New version of ACID John Maestrale (Oct 14)
- RE: New version of ACID Bob Dehnhardt (Oct 14)
- Re: New version of ACID Bradley, Paul (Oct 14)
- RE: New version of ACID John Maestrale (Oct 14)
- regex Fabio Panigatti (Oct 14)
- Jpgraph Toby Nelson (Oct 14)
- snort license Admin-Stress (Oct 14)
- Re: snort license Chris Green (Oct 14)
- snort license Admin-Stress (Oct 14)
- " Problem obtaining SENSOR ID", unable to start snort/access postgres Eli Stair (Oct 14)
- Message not available
- Re: " Problem obtaining SENSOR ID", unable to start snort/access postgres Eli Stair (Oct 14)
- Message not available
- Message not available
- Re: " Problem obtaining SENSOR ID", unable to start snort/access postgres Eli Stair (Oct 14)
- Re: Ignore Host Alberto Gonzalez (Oct 15)
- deleted.rules Sean Wheeler (Oct 14)
- <Possible follow-ups>
- Re: 1.9.0 and PostgreSQL weirdness Roman Danyliw (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 14)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 15)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Alberto Gonzalez (Oct 15)
- Re: Snort-1.9.0 not generating required alerts Erek Adams (Oct 15)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 16)
- Re: Snort-1.9.0 not generating required alerts Alberto Gonzalez (Oct 15)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 16)
- Re: Snort-1.9.0 not generating required alerts archana rao (Oct 15)
- Re: Running Snort 1.9.0 from shell script Michael Boman (Oct 14)
- RE: Running Snort 1.9.0 from shell script Wayne T Work (Oct 14)
- <Possible follow-ups>
- Re: Running Snort 1.9.0 from shell script Eric Joe (Oct 14)
- Re: Running Snort 1.9.0 from shell script Erek Adams (Oct 14)
- RE: Running Snort 1.9.0 from shell script Randy Bey (Oct 15)
- Re: MSSQL? Steve Suehring (Oct 14)
- Re: stream4 issues: possible EVASIVE RST detection Chris Reining (Oct 14)
- RE: stream4 issues: possible EVASIVE RST detection Daniel Miessler (Oct 15)
- <Possible follow-ups>
- RE: stream4 issues: possible EVASIVE RST detection Miller, Eoin (Oct 15)
- RE: stream4 issues: possible EVASIVE RST detection Daniel Miessler (Oct 15)
- stream4 issues: possible EVASIVE RST detection Ben Keepper (Oct 17)
- Re: Snortsnarf 020516.1 and Snort 1.9.0 errors James Hoagland (Oct 15)
- <Possible follow-ups>
- Re: Snortsnarf 020516.1 and Snort 1.9.0 errors Eric Joe (Oct 15)
- Re: Snortsnarf 020516.1 and Snort 1.9.0 errors Erek Adams (Oct 15)
- Re: please help ID payload info Matt Kettler (Oct 15)
- Re: please help ID payload info Robby Desmond (Oct 17)
- Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- AW: Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- AW: Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- Help with content-list usage - Unable to open list file: Sven_da_duder Sean Wheeler (Oct 17)
- <Possible follow-ups>
- RE: please help ID payload info Randy Bey (Oct 15)
- RE: please help ID payload info twig les (Oct 15)
- RE: please help ID payload info matthew . keay (Oct 17)
- RE: please help ID payload info matthew . keay (Oct 17)
- <Possible follow-ups>
- RE: Changing the filename format for alerts Matt Yackley (Oct 15)
- RE: Changing the filename format for alerts Erek Adams (Oct 15)
- RE: Changing the filename format for alerts Matt Yackley (Oct 15)
- RE: Changing the filename format for alerts Erek Adams (Oct 15)
- RE: Changing the filename format for alerts Matt Yackley (Oct 15)
- <Possible follow-ups>
- Re: ACID Database ERROR:Database ERROR:Unknown column 'layer4_proto' in 'order clause' Roman Danyliw (Oct 15)
- ACID Database ERROR:Database ERROR:Unknown column 'layer4_proto' in 'order clause' David E. Gianndrea (Oct 17)
- Re: ACID Database ERROR:Database ERROR:Unknown column 'layer4_proto' in 'order clause' Roman Danyliw (Oct 17)
- Old posts hitting the list today? David E. Gianndrea (Oct 17)
- Re: ACID Database ERROR:Database ERROR:Unknown column 'layer4_proto' in 'order clause' Roman Danyliw (Oct 17)
- RE: Snort 1.9 as Service Help Michael Steele (Oct 15)
- <Possible follow-ups>
- RE: Snort 1.9 as Service Help Scott Phippen (Oct 29)
- RE: Snort 1.9 as Service Help Michael Steele (Oct 29)
- RE: Snort 1.9 as Service Help Scott Phippen (Oct 31)
- RE: Snort 1.9 as Service Help Michael Steele (Oct 31)
- Re: Snort 1.9 as Service Help Steve Suehring (Oct 31)
- RE: Snort 1.9 as Service Help Michael Steele (Oct 29)
- RE: Snort 1.9 as Service Help Michael Steele (Nov 01)
- Re: Portscan preprocessor and false positives Alberto Gonzalez (Oct 15)
- Re: Portscan preprocessor and false positives Erek Adams (Oct 15)
- snort 1.9 doesn't raise alert for httptunneling telnet... s.wun (Oct 16)
- Re: snort 1.9 doesn't raise alert for httptunneling telnet... Erek Adams (Oct 16)
- Re: Portscan preprocessor and false positives Ben Keepper (Oct 16)
- Re: Portscan preprocessor and false positives Bennett Todd (Oct 16)
- Re: Portscan preprocessor and false positives Bennett Todd (Oct 17)
- snort 1.9 doesn't raise alert for httptunneling telnet... s.wun (Oct 16)
- <Possible follow-ups>
- Snort + MySQL NOC (Oct 17)
- Snort + MySql David Alonso De La Vega Tapage (Dec 27)
- Re: Snort + MySql Incidents (Dec 27)
- RE: Snort + MySql Slighter, Tim (Dec 27)
- RE: Snort + MySql Incidents (Dec 27)
- RE: Snort + MySql Slighter, Tim (Dec 30)
- Re: New feature wanted in snort: packet print Chris Green (Oct 16)
- Re: dinamic IP setting Michael Boman (Oct 16)
- <Possible follow-ups>
- Re: dinamic IP setting gimmi gionnini (Oct 16)
- Re: dinamic IP setting gimmi gionnini (Oct 16)
- <Possible follow-ups>
- Re: Does any have this script? The infoSphere (Oct 16)
- Re: Does any have this script? Bryan H (Oct 16)
- Re: snort and network tap Michael Boman (Oct 16)
- Re: snort and network tap Bennett Todd (Oct 16)
- Re: snort and network tap Peter Erickson (Oct 16)
- Re: snort and network tap Scot Scot (Oct 16)
- Re: snort and network tap Jeff Nathan (Oct 17)
- Re: Snort 1.9.0 with MySQL Alberto Gonzalez (Oct 16)
- Re: Rule help with multiple port negation Alberto Gonzalez (Oct 16)
- Re: Snort 1.9 (Schema 106) and Schema 105 database Edin Dizdarevic (Oct 16)
- <Possible follow-ups>
- Re: Snort 1.9 (Schema 106) and Schema 105 database Roman Danyliw (Oct 16)
- Re: SnortSam 2.x recall Frank Knobbe (Oct 16)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Chris Green (Oct 16)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Andrea Barisani (Oct 17)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Max Valdez (Oct 17)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Andrea Barisani (Oct 17)
- <Possible follow-ups>
- Snort 1.9.0 taking 100% cpu after a (unknown) while Max Valdez (Oct 17)
- Snort 1.9.0 taking 100% cpu after a (unknown) while Max Valdez (Oct 17)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Martin Roesch (Oct 17)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Max Valdez (Oct 17)
- Re: Snort 1.9.0 taking 100% cpu after a (unknown) while Martin Roesch (Oct 17)
- Snort 1.9.0 taking 100% cpu after a (unknown) while Max Valdez (Oct 17)
- Re: order of matching rules Chris Green (Oct 16)
- Re: order of matching rules archana rao (Oct 17)
- Re: order of matching rules Chris Green (Oct 22)
- Re: order of matching rules archana rao (Oct 17)
- Re: order of matching rules Matt Kettler (Oct 16)
- <Possible follow-ups>
- Re: order of matching rules Christopher Kruegel (Oct 22)
- Re: order of matching rules Christopher Kruegel (Oct 22)
- Re: order of matching rules Chris Green (Oct 22)
- Re: errno: 145 in acid Roman Danyliw (Oct 17)
- Re: barnyard payload Andrew R. Baker (Oct 17)
- Re: barnyard payload Alwin Raymundo (Oct 17)
- Re: configuring snort. Michael Muenz (Oct 17)
- Re: install with postgresql Roman Danyliw (Oct 17)
- Re: digitally sign event data by sensor Bennett Todd (Oct 17)
- Re: digitally sign event data by sensor Oliver Bode (Oct 17)
- <Possible follow-ups>
- RE: digitally sign event data by sensor Ben Tetu-Pappas (Oct 17)
- Re: Problem with support snmp on RH-7.3 Michael Muenz (Oct 18)
- RE: Problem with support snmp on RH-7.3 _/CaT\_ (Oct 18)
- Re: Problem with support snmp on RH-7.3 Michael Muenz (Oct 18)
- Portscan2 & Portscan Ignorehosts Sean Wheeler (Oct 18)
- Re: Portscan2 & Portscan Ignorehosts James Hoagland (Oct 18)
- Re: Problem with support snmp on RH-7.3 Jens Krabbenhoeft (Oct 18)
- RE: Problem with support snmp on RH-7.3 _/CaT\_ (Oct 18)
- RE: Problem with support snmp on RH-7.3 _/CaT\_ (Oct 18)
- <Possible follow-ups>
- RE: Problem with support snmp on RH-7.3 Kevin Brown (Oct 18)
- RE: Problem with support SNMP on RH-7.3 Christopher Lyon (Oct 18)
- <Possible follow-ups>
- RE: Re: Detecting another sniffer McCammon, Keith (Oct 18)
- <Possible follow-ups>
- RE: port 1241 MSG Wirth, Jeff (Oct 18)
- RE: port 1241 MSG Khera, Manish (US - San Francisco) (Oct 18)
- RE: port 1241 MSG Joe Giles (Oct 18)
- Re: spp_portscan2 questions Bennett Todd (Oct 18)
- Re: spp_portscan2 questions Alberto Gonzalez (Oct 18)
- <Possible follow-ups>
- RE: spp_portscan2 questions Gillham, Chris (Oct 24)
- Re: how to run snort as a sniffer? Sten Kalenda home (Oct 18)
- <Possible follow-ups>
- RE: how to run snort as a sniffer? Wirth, Jeff (Oct 18)
- Re: Snort-1.9.0-win32.exe Roman Danyliw (Oct 18)
- Newbie "what does this mean" question Ian Hunter (Oct 18)
- Re: Newbie "what does this mean" question Alberto Gonzalez (Oct 18)
- Re: Newbie "what does this mean" question Ian Hunter (Oct 18)
- Newbie "what does this mean" question Ian Hunter (Oct 18)
- <Possible follow-ups>
- RE: Snort-1.9.0-win32.exe Tom Morgan (Oct 18)
- RE: Snort-1.9.0-win32.exe Tom Morgan (Oct 21)
- RE: Snort-1.9.0-win32.exe Slighter, Tim (Oct 21)
- Re: Snort-2.0 dowload Matt Kettler (Oct 18)
- Re: setting up snort for the first time Mike Sweeney (Oct 19)
- RE: Mysql 101 (ACID config) Wayne T Work (Oct 20)
- <Possible follow-ups>
- RE: Mysql 101 (ACID config) Maarten Hartsuijker (Oct 20)
- Re: Mysql 101 (ACID config) Roman Danyliw (Oct 20)
- <Possible follow-ups>
- RE: How do I stop all alerts generated by 'ssp_stream4'? (snort 1.9.0 ) Kreimendahl, Chad J (Oct 21)
- <Possible follow-ups>
- RE: Schema on Mysql R (Oct 22)
- RE: Schema on Mysql Ibarra, Michael (Oct 23)
- RE: May be slightly off topic but... Gene Gomez (Oct 21)
- Snort 2.0 Murat Bicer (Oct 22)
- Re: snort 1.9 memory usage increase Chris Green (Oct 21)
- <Possible follow-ups>
- Mysql and payload Julien Bordet (Oct 22)
- Re: Mysql and payload Roman Danyliw (Oct 22)
- Re: Snort 1.9.0 on redhat 8.0 Alex Pinheiro Machado Rodrigues (Oct 21)
- Re: Re: Snort 1.9.0 on redhat 8.0 shrek-m () gmx de (Oct 21)
- Re: Re: Snort 1.9.0 on redhat 8.0 Steven J. Scott (Oct 21)
- Re: Re: Snort 1.9.0 on redhat 8.0 shrek-m () gmx de (Oct 21)
- <Possible follow-ups>
- Re: Snort 1.9.0 on redhat 8.0 Richard Ellerbrock (Oct 22)
- Re: Snort 1.9 problem Alberto Gonzalez (Oct 21)
- Re: Snort 1.9 problem Bennett Todd (Oct 22)
- Re: False positives Alberto Gonzalez (Oct 21)
- Re: False positives Gary Verhulp (Oct 22)
- Re: False positives Chris Green (Oct 22)
- Re: False positives Gary Verhulp (Oct 22)
- Re: False positives Gary Verhulp (Oct 22)
- Re: RE: Snort 2.0 Alberto Gonzalez (Oct 21)
- RE: RE: Snort 2.0 Wayne T Work (Oct 21)
- Re: How do I stop all alerts generated by 'ssp_stream4'? (snort 1.9.0 ) Alberto Gonzalez (Oct 21)
- Re: Doubt about snort.org Alberto Gonzalez (Oct 22)
- <Possible follow-ups>
- RE: Veryifing snort R (Oct 22)
- Re: Off topic a little - usage by port? Chris Reining (Oct 22)
- Re: Off topic a little - usage by port? Gene Yoo (Oct 22)
- Re: Off topic a little - usage by port? Alberto Gonzalez (Oct 24)
- <Possible follow-ups>
- RE: Off topic a little - usage by port? Miller, Eoin (Oct 22)
- RE: Off topic a little - usage by port? McCammon, Keith (Oct 22)
- RE: Off topic a little - usage by port? Knight, Ric (Oct 22)
- Re: Off topic a little - usage by port? Skip Carter (Oct 22)
- Re: Hardware for a 2 MBit Network Traffik Alberto Gonzalez (Oct 22)
- 'SMB Name Wildcard' Murat Bicer (Oct 22)
- Re: Hogwash on Snort box Alberto Gonzalez (Oct 22)
- Re: Snort and Kazaa 2.0 Sam Evans (Oct 22)
- Re: Snort and Kazaa 2.0 Frank Knobbe (Oct 22)
- Re: Snort and Kazaa 2.0 Sam Evans (Oct 22)
- Re: Snort and Kazaa 2.0 Frank Knobbe (Oct 22)
- Re: Snort 1.9.0 on solaris Chris Green (Oct 22)
- Re: Snort 1.9.0 on solaris Szymon Miotk (Oct 30)
- Re: Snort doesn't appear to be looking at everything on our network Chris Green (Oct 22)
- RE: Snort doesn't appear to be looking at everything on our network Wayne T Work (Oct 22)
- Re: snort compile error Alberto Gonzalez (Oct 22)
- <Possible follow-ups>
- Re: snort compile error richard . fuser (Oct 22)
- Re: ACID with Apache2 Max Valdez (Oct 23)
- RE: Redhat 8.0 Wayne T Work (Oct 23)
- RE: Redhat 8.0 David Yip (Oct 24)
- RE: Redhat 8.0 Michael Steele (Oct 24)
- <Possible follow-ups>
- RE: Redhat 8.0 Tom Morgan (Oct 23)
- RE: Redhat 8.0 Wayne T Work (Oct 23)
- RE: Redhat 8.0 Security Admin (Oct 23)
- Re: pass rules Alberto Gonzalez (Oct 23)
- Re: pass rules Jens Krabbenhoeft (Oct 23)
- <Possible follow-ups>
- RE: pass rules Hughes, Andy (Oct 23)
- Using generalised rules to activate bulk rules Sean Wheeler (Oct 23)
- Multiple Problem with support plugin snmp in snort1.9.0 roger_h (Oct 23)
- <Possible follow-ups>
- RE: wireless capabilities Ibarra, Michael (Oct 23)
- Mysql 101b Edward W. Ray (Oct 23)
- RE: Mysql 101b Edward W. Ray (Oct 23)
- ACID/SNORT Newbie Mike Koponick (Nov 01)
- <Possible follow-ups>
- Grouping Portscans Derrick Lichti (Oct 28)
- Re: alert file Alberto Gonzalez (Oct 23)
- Re: alert file Zachary Uram (Oct 23)
- Re: alert file Alberto Gonzalez (Oct 23)
- Re: alert file Zachary Uram (Oct 24)
- Re: alert file Zachary Uram (Oct 23)
- Snort logging to mysql Edward W. Ray (Oct 23)
- Re: running snort James Ainslie (Oct 24)
- RE: Problems running Snort 1.9 for windows Michael Steele (Oct 24)
- Re: exclude home_net from external_net Alberto Gonzalez (Oct 24)
- Re: exclude home_net from external_net Gary Flynn (Oct 24)
- <Possible follow-ups>
- RE: PROBLEMAS Kreimendahl, Chad J (Oct 24)
- <Possible follow-ups>
- RE: UDP packet supposedly DROPped, but seen by snort anyway Jan Ploski (Oct 24)
- Re: dual inteface? Bennett Todd (Oct 24)
- Re: dual inteface? Phil Wood (Oct 24)
- Is this a valid rule? Lefevre, Steven (Oct 24)
- Re: Is this a valid rule? Alberto Gonzalez (Oct 24)
- Re: Portscan 2 question Robby Desmond (Oct 24)
- Re: Portscan 2 question Joe Giles (Oct 24)
- Re: Portscan 2 question Joe Giles (Oct 24)
- Re: Portscan 2 question Gary Verhulp (Oct 24)
- Message not available
- Re: Portscan 2 question Joe Giles (Oct 24)
- RE: Portscan 2 question Joe Giles (Oct 24)
- RE: Snort 1.9.0 on Windows and MSSQL Steve Pearson (Oct 24)
- Re: Snort 1.9.0 on Windows and MSSQL Jarret Gibson (Oct 25)
- <Possible follow-ups>
- Re: Is this a valid rule? Phil Wood (Oct 25)
- Re: Is this a valid rule? Phil Wood (Oct 25)
- RE: Re: Is this a valid rule? Hicks, John (Oct 25)
- Re: Re: Snort-users digest, Vol 1 #2412 - 1 msg Phil Wood (Oct 24)
- <Possible follow-ups>
- RE: Re: Snort-users digest, Vol 1 #2413 - 1 msg darnell . poulin (Oct 24)
- RE: Re: Snort-users digest, Vol 1 #2413 - 1 msg Matt Kettler (Oct 24)
- Re: dual interface? Bennett Todd (Oct 25)
- Re: Re: Snort-users digest, Vol 1 #2427 - 1 msg Chuck Mize (Oct 24)
- <Possible follow-ups>
- thanks S. Kaushik (Dec 17)
- Re: SnortCenter Config Trouble Larc (Oct 24)
- RE: snort-users infinite loop mail! Michael Steele (Oct 24)
- RE: snort-users infinite loop mail! Zachary Uram (Oct 24)
- Re: Snort DB query question. Michael Boman (Oct 24)
- <Possible follow-ups>
- RE: Snort DB query question. larosa, vjay (Oct 24)
- RE: Snort DB query question. Kreimendahl, Chad J (Oct 24)
- Re: Snort DB query question. WTWork (Oct 24)
- <Possible follow-ups>
- Re: web iis attack doswald (Oct 25)
- RE: web iis attack Alwin Raymundo (Oct 25)
- RE: web iis attack Gray . Brendan (Oct 25)
- RE: web iis attack Hicks, John (Oct 25)
- Re: logging with priority Andrew R. Baker (Oct 25)
- Re: Snortsam Frank Knobbe (Oct 25)
- <Possible follow-ups>
- RE: One other question Slighter, Tim (Oct 25)
- Re: BIOCVERSION: inappropriate ioctl for device.... Phil Wood (Oct 25)
- RE: getting snort via CVS? Wayne T Work (Oct 25)
- (no subject) Sean Wheeler (Oct 25)
- <Possible follow-ups>
- RE: getting snort via CVS? Miller, Eoin (Oct 25)
- RE: getting snort via CVS? Miller, Eoin (Oct 25)
- Re: Snort console errors - MSSQL Chris Reid (Oct 25)
- Re: Redhat 8.0 ACID and SNORT David Lambert (Oct 28)
- Re: 1.9.0 users manual download question ? Jarret Gibson (Oct 25)
- Re: defunct link on www.snort.org Alberto Gonzalez (Oct 25)
- Re: yet more defunct links on www.snort.org Alberto Gonzalez (Oct 25)
- Re: Legal Form Advice Michael Boman (Oct 25)
- <Possible follow-ups>
- RE: What 1.9.x versions work with MSSQL? Michael Steele (Oct 26)
- Re: What 1.9.x versions work with MSSQL? Jarret Gibson (Oct 26)
- Re: 300,000 alerts in Database from spp_asn1 Ian Macdonald (Oct 28)
- <Possible follow-ups>
- RE: 300,000 alerts in Database from spp_asn1 Randy Bey (Oct 28)
- Re: snort and oralce (snort 1.90) Jarret Gibson (Oct 25)
- <Possible follow-ups>
- RE: snort and oralce (snort 1.90) Kreimendahl, Chad J (Oct 28)
- Re: Snort on an 802.1q link Jason (Oct 25)
- <Possible follow-ups>
- RE: Snort on an 802.1q link Christopher Lyon (Oct 25)
- Re: I cannot compile libnet successfully in order to compile snort, please help me Jeff Nathan (Oct 26)
- Re: Spade version 021026.1 released! James Hoagland (Oct 26)
- RE: Stealth snort with no separate sensor hardware Wayne T Work (Oct 27)
- Re: Stealth snort with no separate sensor hardware Alberto Gonzalez (Oct 27)
- Re: Stealth snort with no separate sensor hardware quentyn (Oct 28)
- <Possible follow-ups>
- RE: Stealth snort with no separate sensor hardware Justin Jessup (Oct 27)
- RE: Stealth snort with no separate sensor hardware Jan Ploski (Oct 27)
- Re: Action Recommendations Steve Suehring (Oct 27)
- <Possible follow-ups>
- Re: Action Recommendations Justin Jessup (Oct 27)
- Re: Action Recommendations twig les (Oct 28)
- Re: Action Recommendations Glenn Forbes Fleming Larratt (Oct 31)
- Tell the ISP- it will create change Gregory W. Ratcliff (Nov 03)
- Re: Action Recommendations twig les (Oct 28)
- Re: Action Recommendations Margles Singleton (Nov 11)
- Re: alert log size Darek Milewski (Oct 28)
- Re: Snort sensor & Windows XP Erek Adams (Oct 28)
- <Possible follow-ups>
- Re: Snort sensor & Windows XP Peter . VE (Oct 28)
- Re: Stealth mode Erek Adams (Oct 28)
- Re: Stealth mode quentyn (Oct 28)
- <Possible follow-ups>
- RE: question regarding snort, acid, mysql, and redh at 7.3 Justin Jessup (Oct 28)
- snorters in d.c Alberto Gonzalez (Oct 28)
- Re: BPF Filters howto Ashley Thomas (Oct 28)
- <Possible follow-ups>
- RE: BPF Filters howto Hutchinson, Andrew (Oct 28)
- RE: BPF Filters howto Ben Keepper (Oct 28)
- RE: BPF Filters howto Hutchinson, Andrew (Oct 28)
- RE: BPF Filters howto Little Mitty (Oct 28)
- Re: BPF Filters howto Little Mitty (Oct 28)
- Re: newb question appreciate help - snort.conf is readonly twig les (Oct 28)
- Re: Question about Alerts Matt Kettler (Oct 28)
- <Possible follow-ups>
- RE: Question about Alerts Miller, Eoin (Oct 28)
- RE: Question about Alerts Joe Giles (Oct 28)
- <Possible follow-ups>
- RE: bad traffic tcp port 0 traffic Miller, Eoin (Oct 28)
- RE: bad traffic tcp port 0 traffic John York (Oct 28)
- Re: Snort stopping - too much traffic? Erek Adams (Oct 28)
- how to log everything to log file? s.wun (Oct 28)
- Re: how to log everything to log file? Erek Adams (Oct 28)
- how to log everything to log file? s.wun (Oct 28)
- <Possible follow-ups>
- RE: Snort stopping - too much traffic? Scott Williams (Oct 29)
- RE: Snort stopping - too much traffic? Wayne T Work (Oct 29)
- Re: Receiving data from sensors to a central database with Mysql Matt T. Galvin (Oct 29)
- Re: Receiving data from sensors to a central database with Mysql Roberto Suarez Soto (Oct 31)
- <Possible follow-ups>
- Re: FW: Receiving data from sensors to a central database with Mysql hwigoda (Oct 29)
- SNort 1.9.0 with MySQL logging James Fowler (Oct 29)
- Re: FW: Receiving data from sensors to a central database with Mysql Jon Freedlander (Oct 29)
- Re: FW: Receiving data from sensors to a central database with Mysql hwigoda (Oct 29)
- Re: FW: Receiving data from sensors to a central database with Mysql Michael Boman (Oct 30)
- httptunnel catched by snort s.wun (Oct 30)
- Re: FW: Receiving data from sensors to a central database with Mysql Michael Boman (Oct 30)
- Re: FW: Receiving data from sensors to a central database with Mysql hwigoda (Oct 30)
- Re: FW: Receiving data from sensors to a central database with Mysql Jacob Redding (Oct 30)
- Re: FW: Receiving data from sensors to a central database with Mysql hwigoda (Oct 30)
- Re: Design questions... Jarret Gibson (Oct 29)
- RE: Design questions... Wayne T Work (Oct 29)
- <Possible follow-ups>
- RE: Design questions... Randy Bey (Oct 29)
- Re: RE: Design questions... larc (Oct 29)
- Design questions... Jeremy Finke (Oct 29)
- RE: RE: Design questions... Jeremy Finke (Oct 29)
- RE: Design questions... Jakub Molek (Oct 30)
- <Possible follow-ups>
- FW: Receiving data from sensors to a central databa se with Mysql Freeman, Wayne (Oct 29)
- <Possible follow-ups>
- RE: unsuscribe : how to ? McCammon, Keith (Oct 29)
- RE: SnortCenter _/CaT\_ (Oct 29)
- <Possible follow-ups>
- Fwd: ACID/sensor question Tika (Oct 29)
- Re: ICQ Rule Jarret Gibson (Oct 29)
- <Possible follow-ups>
- RE: ICQ Rule Derrick Lichti (Oct 29)
- Re: ICQ Rule Jarret Gibson (Oct 29)
- RE: SNort 1.9.0 with MySQL logging James Fowler (Oct 29)
- Re: Snort rules order. Andrew R. Baker (Oct 29)
- <Possible follow-ups>
- RE: Snort rules order. larosa, vjay (Oct 29)
- Re: Snort rules order. Andrew R. Baker (Oct 29)
- Re: [Snort-devel] dsize broken in snort 2 (and possibly 1.9.x) Chris Green (Oct 29)
- Re: [Snort-devel] dsize broken in snort 2 (and possibly 1.9.x) Chris Green (Oct 29)
- <Possible follow-ups>
- RE: [Snort-devel] dsize broken in snort 2 (and possibly 1.9.x) Kreimendahl, Chad J (Oct 29)
- Re: stream4 and min_ttl option Andrew R. Baker (Oct 29)
- Re: uricontent vs. content Andreas Östling (Oct 31)
- <Possible follow-ups>
- FW: uricontent vs. content larosa, vjay (Oct 30)
- Re: FW: uricontent vs. content Chris Green (Oct 30)
- RE: FW: uricontent vs. content larosa, vjay (Oct 30)
- RE: uricontent vs. content larosa, vjay (Oct 31)
- RE: uricontent vs. content larosa, vjay (Oct 31)
- Re: uricontent vs. content Chris Green (Oct 31)
- Re: snort as IDS pix (Oct 30)
- PID file Nick Kraal (Oct 30)
- Message not available
- Re: PID file Nick Kraal (Oct 30)
- Re: PID file Andrew R. Baker (Oct 30)
- Re: PID file Nick Kraal (Oct 30)
- Message not available
- <Possible follow-ups>
- RE: snort as IDS Christopher Lyon (Oct 30)
- Re: Promiscuous mode Derek Glidden (Oct 30)
- Re: Promiscuous mode quentyn (Oct 30)
- Re: Promiscuous mode Eli Stair (Oct 31)
- RE: Promiscuous mode Gene Gomez (Oct 31)
- Re: Promiscuous mode Eli Stair (Oct 31)
- Re: Port 2301 Matt Kettler (Oct 30)
- <Possible follow-ups>
- RE: Time stamp Jeff Eager (Email) (Oct 31)
- RE: Time stamp Zolla Zimmerman (Nov 01)
- Re: e100 promisc mode twig les (Oct 31)
- Re: e100 promisc mode Ben Feinstein (Oct 31)
- <Possible follow-ups>
- Re: e100 promisc mode Peter Param (Oct 31)
- Re: e100 promisc mode twig les (Oct 31)
- RE: e100 promisc mode Peter Param (Nov 03)
- Re: no logging to disk Andrew R. Baker (Oct 31)
- Re: no logging to disk Geoff Galitz (Nov 01)
- Re: no logging to disk Andrew R. Baker (Nov 01)
- Re: no logging to disk Geoff Galitz (Nov 01)
- Re: Promiscuous mode - fix quentyn (Nov 04)
- Re: exec script Matt Kettler (Nov 01)
- <Possible follow-ups>
- RE: Snort/Log report software Ibarra, Michael (Nov 01)
- RE: Snort/Log report software Matt Yackley (Nov 01)
- RE: Snort/Log report software Michael Steele (Nov 03)
- RE: Snort/Log report software Michael Steele (Nov 03)
- Re: RE: Snort/Log report software tazmaniak tazmaniak (Nov 05)
- Re: Snort/Mysql/ACID/MS PWS help Erek Adams (Nov 02)
- RE: Snort/Mysql/ACID/MS PWS help Michael Steele (Nov 04)
- <Possible follow-ups>
- RE: Snort/Mysql/ACID/MS PWS help Security Admin (Nov 03)
- Re: Question about MSSQL Erek Adams (Nov 02)
- <Possible follow-ups>
- RE: Question about MSSQL Robbins, Mark (Nov 04)
- RE: Question about MSSQL Michael Steele (Nov 04)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? Michael Steele (Nov 04)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? twig les (Nov 04)
- RE: Forbid snort to delete alerts from a MySQL database for security reasons? Michael Steele (Nov 04)
- RE: Forbid snort to delete alerts from a mysql database for security reasons? twig les (Nov 04)
- <Possible follow-ups>
- Re: Forbid snort to delete alerts from a mysql database for security reasons? Roman Danyliw (Nov 03)
- Re: Clean up/Reset Logs shrek-m () gmx de (Nov 03)
- RE: Clean up/Reset Logs Michael Steele (Nov 03)
- Re: Mysql cleanup script? quentyn (Nov 04)
- Re: Mysql cleanup script? gerhard (Nov 04)
- Re: Mysql cleanup script? Ian Macdonald (Nov 05)
- <Possible follow-ups>
- RE: Mysql cleanup script? Bruce Platt (Nov 04)
- RE: Mysql cleanup script? Derrick Lichti (Nov 04)
- RE: Mysql cleanup script? Mike Walter (Nov 04)
- RE: Mysql cleanup script? Mike Walter (Nov 04)
- Re: Logging to Remote Syslog and ACID Console twig les (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Wayne T Work (Nov 04)
- <Possible follow-ups>
- RE: Logging to Remote Syslog and ACID Console Parker, Ian (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Frank Knobbe (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Michael Steele (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Parker, Ian (Nov 04)
- RE: Logging to Remote Syslog and ACID Console Michael Steele (Nov 04)
- Re: Heavy ICMP Traffic Nicholas Bachmann (Nov 04)
- <Possible follow-ups>
- RE: Heavy ICMP Traffic Hicks, John (Nov 04)
- RE: Heavy ICMP Traffic Brian M. Diehl (Nov 04)
- RE: Heavy ICMP Traffic Brian M. Diehl (Nov 04)
- Re: Problems starting Snort 1.9.0 on RH 8.0 Eli Stair (Nov 04)
- <Possible follow-ups>
- RE: Problems starting Snort 1.9.0 on RH 8.0 Scott, Joshua (Nov 04)
- RE: Problems starting Snort 1.9.0 on RH 8.0 Sawall, Christopher L (Nov 05)
- RE: Win2k and Packet.dll Michael Steele (Nov 04)
- Two Ethernet Interfaces? Mike Koponick (Nov 04)
- <Possible follow-ups>
- RE: Win2k and Packet.dll Miller, Eoin (Nov 04)
- RE: Win2k and Packet.dll Thomas T. Evans, III (Nov 05)
- RE: Win2k and Packet.dll Michael Steele (Nov 05)
- RE: Win2k and Packet.dll Thomas T. Evans, III (Nov 05)
- Re: no modem Matt Kettler (Nov 04)
- <Possible follow-ups>
- RE: no modem Michael Steele (Nov 04)
- <Possible follow-ups>
- RE: Two Ethernet Interfaces? Scott, Joshua (Nov 04)
- RE: Two Ethernet Interfaces? Mike Koponick (Nov 04)
- Re: Two Ethernet Interfaces? Justin Jessup (Nov 04)
- RE: Two Ethernet Interfaces? Security Admin (Nov 05)
- RE: Two Ethernet Interfaces? Security Admin (Nov 06)
- RE: Snort Faulting in ntdll.dll Michael Steele (Nov 04)
- Re: Block host Jens Krabbenhoeft (Nov 05)
- Re: Snort 1.9.0 - Postgresql Eli Stair (Nov 05)
- Re: Snort 1.9.0 - Postgresql Albert E. Whale (Nov 05)
- Re: portscan2 ignore hosts Jacob Redding (Nov 05)
- Re: new install rules question - solaris Chris Green (Nov 05)
- Re: new install rules question - solaris Dan Gahlinger (Nov 05)
- Re: new install rules question - solaris Andrew R. Baker (Nov 05)
- Re: new install rules question - solaris Chris Green (Nov 05)
- Re: new install rules question - solaris Dan Gahlinger (Nov 05)
- Re: new install rules question - solaris Dan Gahlinger (Nov 05)
- Re: new install rules question - solaris Erek Adams (Nov 05)
- Re: new install rules question - solaris Dan Gahlinger (Nov 06)
- Re: new install rules question - solaris Erek Adams (Nov 06)
- Re: new install rules question - solaris Dan Gahlinger (Nov 05)
- <Possible follow-ups>
- RE: new install rules question - solaris larosa, vjay (Nov 06)
- RE: new install rules question - solaris Dan Gahlinger (Nov 06)
- Re: Small Footprint system for sensors james (Nov 05)
- <Possible follow-ups>
- RE: Small Footprint system for sensors Scott, Joshua (Nov 05)
- RE: Small Footprint system for sensors Hicks, John (Nov 06)
- Re: WebDAV Erek Adams (Nov 06)
- Re: WebDAV Jason Haar (Nov 06)
- <Possible follow-ups>
- Re: WebDAV Jason Haar (Nov 06)
- WebDAV Yaakov Yehudi (Nov 10)
- Re: How to define EXTERNAL_NET=internet except intranet? Jens Krabbenhoeft (Nov 06)
- <Possible follow-ups>
- RE: RE: Small Footprint system for Tom Sevy (Nov 06)
- <Possible follow-ups>
- Graph Alert Data Atul Shrivastava (Nov 07)
- Graph Alert Data Mogren, Jack L. (Dec 13)
- Graph Alert Data jlmanatee1 (Dec 17)
- Graph Alert Data jlmanatee1 (Dec 17)
- Graph Alert Data Eduard San Anselmo Mateu (Dec 18)
- Re: SNORT XML Parser Brian (Nov 07)
- Re: How to configure HOME_NET for less than a Class C James Ainslie (Nov 06)
- Re: How to configure HOME_NET for less than a Class C Phil Wood (Nov 06)
- <Possible follow-ups>
- RE: How to configure HOME_NET for less than a Class C Knight, Ric (Nov 06)
- <Possible follow-ups>
- RE: Stealth sensor on SPAN port w/o tap Security Admin (Nov 06)
- Stealth sensor on SPAN port w/o tap Robert MacKinnon (Nov 10)
- Re: Stealth sensor on SPAN port w/o tap Erek Adams (Nov 11)
- Re: Stealth sensor on SPAN port w/o tap Bennett Todd (Nov 13)
- Re: Stealth sensor on SPAN port w/o tap Erek Adams (Nov 11)
- Re: SID 1287 Jens Krabbenhoeft (Nov 06)
- Re[2]: SID 1287 Filbert (Nov 06)
- Re[2]: SID 1287 Erek Adams (Nov 06)
- Re: SID 1287 Brian (Nov 07)
- Re[2]: SID 1287 Filbert (Nov 06)
- <Possible follow-ups>
- RE: Followup to HOME_NET and EXTERNAL_NET Don (Nov 06)
- Re: Snort database schema Rafeeq Ur Rehman (Nov 06)
- Re: Snort database schema Erek Adams (Nov 06)
- RE: ignore hosts Don (Nov 06)
- Re: ignore hosts Erek Adams (Nov 06)
- Re: Snort dies Erek Adams (Nov 06)
- Re: Snort dies Steven J. Scott (Nov 06)
- <Possible follow-ups>
- Re: Snort dies Peter Param (Nov 06)
- Re: Snort dies Erek Adams (Nov 07)
- Re: Snort Archive Steve Suehring (Nov 06)
- <Possible follow-ups>
- Re: Snort Archive Brett . Gillett (Nov 06)
- Re: getrusage.c Chris Green (Nov 06)
- Automatic E-Mail from ACID Mike Koponick (Nov 06)
- Re: Automatic E-Mail from ACID Erek Adams (Nov 06)
- RE: Automatic E-Mail from ACID Mike Koponick (Nov 06)
- Re: Automatic E-Mail from ACID Federico Lombardo (Nov 07)
- Automatic E-Mail from ACID Mike Koponick (Nov 06)
- Re: icmp large packets & ASN.1 Attack Robby Desmond (Nov 07)
- <Possible follow-ups>
- RE: icmp large packets & ASN.1 Attack Grime, Richard S (Nov 07)
- RE: rule for MSN Messaging Michael Steele (Nov 06)
- <Possible follow-ups>
- RE: rule for MSN Messaging Peter Param (Nov 06)
- Message not available
- Re: Network & Systems Cloaking Tool Tommy (Nov 08)
- Re: Network & Systems Cloaking Tool twig les (Nov 08)
- Re: Network & Systems Cloaking Tool Tommy (Nov 08)
- Re: Network & Systems Cloaking Tool Frank Knobbe (Nov 08)
- Re: Network & Systems Cloaking Tool Frank Knobbe (Nov 08)
- Message not available
- Re: Network & Systems Cloaking Tool Tommy (Nov 08)
- Re: Network & Systems Cloaking Tool Tommy (Nov 08)
- Re: about rpc Brian (Nov 07)
- Re: Snort MySQL Client traffic to MySQL database Erek Adams (Nov 07)
- Re: Snort acting as a firewall?? Alberto Gonzalez (Nov 06)
- Snort acting as a firewall ????????? Atul Shrivastava (Nov 08)
- Re: Snort acting as a firewall ????????? Alberto Gonzalez (Nov 08)
- Re: Snort acting as a firewall ????????? Frank Knobbe (Nov 08)
- Snort acting as a firewall ????????? Atul Shrivastava (Nov 08)
- <Possible follow-ups>
- Re: setting up my first snort box Peter Param (Nov 06)
- RE: setting up my first snort box Jim Herbert (Nov 08)
- Re: RE: setting up my first snort box Erek Adams (Nov 08)
- Re: RE: setting up my first snort box twig les (Nov 08)
- Re: Field in Snort log Erek Adams (Nov 08)
- The "book" on SNORT at Amazon Gregory W. Ratcliff (Nov 08)
- <Possible follow-ups>
- SV: Automatic E-Mail from ACID Diverse.Snort.Users (Nov 07)
- RE: Problem running Snort as Service on Win2K Michael Steele (Nov 07)
- <Possible follow-ups>
- RE: Problem running Snort as Service on Win2K Harme Mohamed (Nov 07)
- Re: SnortInline questions Alberto Gonzalez (Nov 07)
- Re: SnortInline questions Alberto Gonzalez (Nov 08)
- Re: SnortInline questions Alberto Gonzalez (Nov 07)
- Re: Problems about snort in enterprise environment Atul Shrivastava (Nov 07)
- Re: Problems about snort in enterprise environment Erek Adams (Nov 07)
- Re: Problems about snort in enterprise environment Brian (Nov 07)
- Re: Problems about snort in enterprise environment twig les (Nov 07)
- Re: Problems about snort in enterprise environment Brian (Nov 07)
- <Possible follow-ups>
- RE: Problems about snort in enterprise environment Fraser Hugh (Nov 07)
- Re: Update rules timeput 30 secs Jens Krabbenhoeft (Nov 07)
- <Possible follow-ups>
- RE: Copies of jpgraph-1.9.1.tar.gz available? Slighter, Tim (Nov 07)
- Re: log on OpenBSD3.2/Snort 1.9 Erek Adams (Nov 07)
- Portscan2 and ACID snorter (Nov 08)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Jens Krabbenhoeft (Nov 08)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- More than one sensor can be managed ..?????? Atul Shrivastava (Nov 09)
- Re: Rule update with snortcenter Larc (Nov 09)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- Re: Rule update with snortcenter Michael (Nov 11)
- Rule update with snortcenter snorter (Nov 08)
- RE: Snort Stops Sending Alerts to MySQL Michael Steele (Nov 08)
- <Possible follow-ups>
- RE: Snort Stops Sending Alerts to MySQL Parker, Ian (Nov 08)
- RE: Snort Stops Sending Alerts to MySQL Michael Steele (Nov 08)
- <Possible follow-ups>
- RE: Portscan2 and target limit Steve Halligan (Nov 08)
- Setting up sensor on another machine Edward W. Ray (Nov 09)
- Re: Setting up sensor on another machine twig les (Nov 11)
- Re: Database do not grow up.. twig les (Nov 11)
- <Possible follow-ups>
- Re: Re: Rule update with snortcente larc (Nov 11)
- Re: FW: Setting up sensor on another machine Eli Stair (Nov 11)
- Re: Getting Snort to run from RC3.D Erek Adams (Nov 11)
- create_oracle.sql gongya (Nov 10)
- Re: Where is the $RULE_PATH been assigned value? Jens Krabbenhoeft (Nov 11)
- SNORT Reporting Tool ........ ??????? Atul Shrivastava (Nov 11)
- Re: SNORT Reporting Tool ........ ??????? Erek Adams (Nov 11)
- Re: Portscan traffic in ACID Erek Adams (Nov 11)
- <Possible follow-ups>
- Re: snort 1.9 on AIX 4.3.2 larc (Nov 11)
- Re: snort 1.9 on AIX 4.3.2 Snort HK (Nov 12)
- Re: Snort 1.8.6 -vs- Snort 1.9.0 Memmory Usage Erek Adams (Nov 11)
- Re: Snort 1.8.6 -vs- Snort 1.9.0 Memmory Usage Chris Green (Nov 11)
- <Possible follow-ups>
- RE: Snort 1.8.6 -vs- Snort 1.9.0 Memmory Usage Scott, Joshua (Nov 11)
- <Possible follow-ups>
- RedHat 8.0 snmp trap install problems McEvoy, Stephen (Nov 11)
- Memory Issue? Frank Reid (Nov 12)
- Re: Memory Issue? Chris Green (Nov 12)
- Re: Memory Issue? Phil Wood (Nov 12)
- Re: Memory Issue? Chris Green (Nov 12)
- Re: Snort Remote Sensor twig les (Nov 12)
- Re: [Snort-sigs] snort rules update notification Chris Green (Nov 12)
- Re: Snort 1.9 on XP pro Rich Adamson (Nov 12)
- RE: Snort 1.9 on XP pro Michael Steele (Nov 12)
- Re: unable to run snort daemon twig les (Nov 12)
- Swatch/Snort.log Mike Koponick (Dec 29)
- Re: Why is snort "lightweight"? twig les (Nov 12)
- Re: Why is snort "lightweight"? Bennett Todd (Nov 13)
- Re: Why is snort "lightweight"? Brian (Nov 12)
- <Possible follow-ups>
- RE: Why is snort "lightweight"? Scott, Joshua (Nov 14)
- <Possible follow-ups>
- RE: New version 1.9.0 Kreimendahl, Chad J (Nov 12)
- Re: HP 3000 and decode issues Andrew R. Baker (Nov 12)
- Re: HP 3000 and decode issues Jeff Kell (Nov 12)
- Re: snort and dshield etc. reports Erek Adams (Nov 12)
- Re: How to disable the alert for "spp_portscan2" Jochen Erwied (Nov 12)
- Content Inspection not working Atul Shrivastava (Nov 13)
- RE: MAIL FROM A NOVICE -- PLEASE FORGIVE Apurv Singh (Nov 13)
- <Possible follow-ups>
- RE: MAIL FROM A NOVICE -- PLEASE FORGIVE Matt Yackley (Nov 13)
- Re: Display percentage spp_portscan2 traffic with ACID Phil Wood (Nov 13)
- <Possible follow-ups>
- RE: Rgpusers Hawrylkiw, Dan G (Nov 13)
- <Possible follow-ups>
- RE: SNMP request UDP flood Knight, Ric (Nov 13)
- RE: SNMP request UDP flood twig les (Nov 13)
- Re: SFStats Variant of Windows Snort Compile Chris Reid (Nov 13)
- RE: SFStats Variant of Windows Snort Compile Michael Steele (Nov 13)
- Re: Latest libpcap & tcpdump sources from tcpdump.o rg contain a trojan. hackerwacker (Nov 13)
- RE: Hi all :-) Gene Gomez (Nov 13)
- <Possible follow-ups>
- RE: Hi all :-) O'Flynn, Derek (Nov 13)
- RE: Klez Incoming Gene Gomez (Nov 13)
- Re: Klez Incoming Shane Williams (Nov 13)
- Re: Klez Incoming Jacob Redding (Nov 13)
- Re: Klez Incoming Shane Williams (Nov 14)
- Re: Klez Incoming Jacob Redding (Nov 13)
- <Possible follow-ups>
- RE: Klez Incoming Jim O'Donald (Nov 13)
- RE: Klez Incoming Sean T. Ballard (Nov 14)
- RE: Klez Incoming Kreimendahl, Chad J (Nov 14)
- Re: "OTHER" protocol packets Michael Anderson (Nov 13)
- <Possible follow-ups>
- RE: "OTHER" protocol packets McCammon, Keith (Nov 13)
- Re: Fw: Latest libpcap & tcpdump sources from tcpdump.org contain a trojan Edin Dizdarevic (Nov 14)
- <Possible follow-ups>
- RE: Do not want to take the right Sensor...?? O'Flynn, Derek (Nov 13)
- Re: Backup questions Edin Dizdarevic (Nov 14)
- Re: *NEWBIE* Excluding Proxy Traffic from Snort? Erek Adams (Nov 14)
- <Possible follow-ups>
- RE: *NEWBIE* Excluding Proxy Traffic from Snort? McCammon, Keith (Nov 14)
- Re: portscan destination port 137 twig les (Nov 14)
- <Possible follow-ups>
- Re: portscan destination port 137 Eric Joe (Nov 14)
- Re: portscan destination port 137 twig les (Nov 14)
- RE: portscan destination port 137 Security Admin (Nov 14)
- Re: portscan destination port 137 Axel Pettinger (Nov 14)
- RE: portscan destination port 137 Security Admin (Nov 14)
- <Possible follow-ups>
- RE: Email Alerts through MYSQL not with syslog ..? Randy Walinga (Nov 14)
- problem in login SnortCenter sam (Nov 26)
- Re: problem in login SnortCenter Marcel Hauser (Nov 27)
- problem in login SnortCenter sam (Nov 26)
- <Possible follow-ups>
- Re: Replay 0.1 Andreas Östling (Nov 14)
- Re: Snort Check and Rules 'Best Practice' Erek Adams (Nov 14)
- Re: database plugin failing to start Jens Krabbenhoeft (Nov 14)
- Re: database plugin failing to start Jens Krabbenhoeft (Nov 14)
- Re: Mysql difficulties.. Jens Krabbenhoeft (Nov 14)
- <Possible follow-ups>
- RE: Mysql difficulties.. Sawall, Christopher L (Nov 14)
- <Possible follow-ups>
- RE: ACID not recording attacks Hicks, John (Nov 15)
- Re: Checking out Snort 2.0 and building it Alberto Gonzalez (Nov 14)
- Re: Checking out Snort 2.0 and building it Jens Krabbenhoeft (Nov 14)
- Re: web-misc robots.txt will not go away Alberto Gonzalez (Nov 14)
- Re: web-misc robots.txt will not go away Jens Krabbenhoeft (Nov 14)
- Re: web-misc robots.txt will not go away Matt Kettler (Nov 14)
- Re: Snort alerts Thierry (Nov 15)
- RE: Snort alerts Mark Weaver (Nov 15)
- Re: Snort alerts Alfredo Pizarro (Nov 15)
- <Possible follow-ups>
- RE: Snort alerts Tom Morgan (Nov 15)
- Re: Obfuscation of binary logs Alberto Gonzalez (Nov 15)
- Re: Obfuscation of binary logs Phil Wood (Nov 15)
- Re: portscan Alberto Gonzalez (Nov 15)
- <Possible follow-ups>
- RE: Help! computer crashes when running Snort (Win2k Pro) L. Christopher Luther (Nov 15)
- Re: RE: Help! computer crashes when running Snort (Win2k Pro) Moshe Aelion (Nov 15)
- Re: arachNIDS, CVE, bugtraq Jens Krabbenhoeft (Nov 15)
- <Possible follow-ups>
- RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 15)
- Re: RE: arachNIDS, CVE, bugtraq Brian (Nov 16)
- RE: RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 18)
- Re: RE: arachNIDS, CVE, bugtraq Andrew R. Baker (Nov 19)
- RE: RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 20)
- Re: Escaping "content" characters Gary Flynn (Nov 15)
- Re: Escaping "content" characters Brian (Nov 16)
- Re: error configure --with-snmp Phil Wood (Nov 15)
- Re: error configure --with-snmp Michael J. McCasland (Nov 15)
- News of tcpdump and libcap hacks Gregory W. Ratcliff (Nov 15)
- Re: error configure --with-snmp Andrew R. Baker (Nov 17)
- Re: error configure --with-snmp Michael J. McCasland (Nov 17)
- <Possible follow-ups>
- Re: error configure --with-snmp Justin Jessup (Nov 16)
- Re: error configure --with-snmp Justin Jessup (Nov 17)
- <Possible follow-ups>
- RE: Making sense of "snort -W" output Knight, Ric (Nov 18)
- Re: ACID_main.php Timesout w/Snort 1.9.0 joe (Nov 17)
- Re: ACID_main.php Timesout w/Snort 1.9.0 Albert E. Whale (Nov 18)
- Re: ACID_main.php Timesout w/Snort 1.9.0 Anton A. Chuvakin (Nov 18)
- Re: ACID_main.php Timesout w/Snort 1.9.0 Albert E. Whale (Nov 18)
- Re: ACID_main.php Timesout w/Snort 1.9.0 Albert E. Whale (Nov 18)
- <Possible follow-ups>
- Re: ACID_main.php Timesout w/Snort 1.9.0 Dhruv Chandra (Nov 20)
- Re: Logging excessive ICMP from HOME_NET Erek Adams (Nov 18)
- Re: Defining External_net Alberto Gonzalez (Nov 18)
- Re: Defining External_net Ashley Thomas (Nov 18)
- Re: Defining External_net Jens Krabbenhoeft (Nov 18)
- Re: Right syntax ?? $DNS_SERVER ?? Andrew R. Baker (Nov 19)
- Re: Snort logging to remote MySQL host Joseph Gresham (Nov 18)
- <Possible follow-ups>
- RE: Trouble with SnortCenter Agent Steven B. Akers (Nov 20)
- RE: Trouble with SnortCenter Agent Steven B. Akers (Nov 20)
- RE: Trouble with SnortCenter Agent Snort Mailing List (Nov 20)
- Re: Snortsam Cisco ACL configuration steps Gary Flynn (Nov 18)
- Re: Snortsam Cisco ACL configuration steps Frank Knobbe (Nov 18)
- Re: Snortsam Cisco ACL configuration steps Brian (Nov 19)
- Re: conversation preprocessor and byte-count-based alerts Chris Green (Nov 18)
- Message not available
- Re: Traffic hangs when specifiying adapter Ben (Nov 19)
- Re: Problems with graphs in ACID joe (Nov 19)
- Re: Problems with graphs in ACID Steven J. Scott (Nov 20)
- <Possible follow-ups>
- RE: Problems with graphs in ACID Joel Morgan (Nov 19)
- <Possible follow-ups>
- RE: Strange ICMP packets from windows machines larosa, vjay (Nov 19)
- Re: Snort 1.8.7 & new rules Michael Boman (Nov 19)
- <Possible follow-ups>
- RE: Snort 1.8.7 & new rules Cassani Alexio (Nov 19)
- Re: Problemes with Acid Timestamp Bob DeBolt (Nov 19)
- Re: Problemes with Acid Timestamp Alfredo Pizarro (Nov 19)
- <Possible follow-ups>
- RE: one ip want to snmp access Knight, Ric (Nov 19)
- Re: Snort 1.90 and Barnyard 0.1.0-rc3 (Build 11) with Acid 0.9.6b22 I nitial Install Help. Andrew R. Baker (Nov 19)
- RE: Snort 1.90 and Barnyard 0.1.0-rc3 (Build 11) wi th Acid 0.9.6b22 I nitial Install Help. Robby Desmond (Nov 20)
- <Possible follow-ups>
- Undefined function: newaciddbconnection() in SnortCenter package Helder Rocha (Nov 19)
- Re: What are folks doing for alerting hackerwacker (Nov 19)
- Re: What are folks doing for alerting Distribution Lists (Nov 19)
- <Possible follow-ups>
- RE: What are folks doing for alerting Slighter, Tim (Nov 19)
- RE: What are folks doing for alerting Ibarra, Michael (Nov 19)
- Re: What are folks doing for alerting hackerwacker (Nov 19)
- RE: What are folks doing for alerting Ibarra, Michael (Nov 19)
- RE: RE: What are folks doing for alerting Slighter, Tim (Nov 19)
- Re: What are folks doing for alerting Michael J. McCasland (Nov 20)
- Re: RE: What are folks doing for alerting BCL IP Network Operations (Nov 20)
- Re: Log both to MySQL and a log file twig les (Nov 19)
- Re: Problem about snort 1.9 Alberto Gonzalez (Nov 20)
- <Possible follow-ups>
- Problem about snort 1.9 Di Fazio Guido (Nov 20)
- RE: No incoming data Mark Weaver (Nov 20)
- Re: No incoming data Erek Adams (Nov 22)
- <Possible follow-ups>
- RE: No incoming data Philippe Dhont (Sea-ro) (Nov 21)
- Re: No incoming data Steve Loughran (Nov 21)
- Re: No incoming data twig les (Nov 21)
- Re: No incoming data Steve Loughran (Nov 21)
- RE: No incoming data Philippe Dhont (Sea-ro) (Nov 21)
- Re: Access Permissions on New Logfiles (1.8.7/128) Andrew R. Baker (Nov 20)
- Re: Access Permissions on New Logfiles (1.8.7/128) Chris Green (Nov 20)
- Re: Mysql DB problems Jens Krabbenhoeft (Nov 21)
- Re: Too many questions Matt Kettler (Nov 20)
- Re: Too many questions Robby Desmond (Nov 20)
- RE: Interface in promiscuous mode Mark Weaver (Nov 20)
- Re: Interface in promiscuous mode Robby Desmond (Nov 20)
- <Possible follow-ups>
- Fw: Interface in promiscuous mode Andrea Iacopini (Nov 20)
- Re: Interface in promiscuous mode Di Fazio Guido (Nov 22)
- Re: Snort & portscans in a proxied environment Jacob Redding (Nov 20)
- problems with make file and mysql Christopher Cook (Nov 20)
- <Possible follow-ups>
- RE: Snort & portscans in a proxied environment Hicks, John (Nov 20)
- RE: Snort & portscans in a proxied environment Cloppert, Michael (Nov 20)
- Re: Sniffing on eth0 and reseting on eth1 Demetri Mouratis (Nov 20)
- Re: Sniffing on eth0 and reseting on eth1 Chris Green (Nov 21)
- Re: Sniffing on eth0 and reseting on eth1 ¤ (Nov 21)
- Re: Sniffing on eth0 and reseting on eth1 Dave Thornburgh (Nov 25)
- Re: snort center Keith Burt (Nov 20)
- <Possible follow-ups>
- Re: snort center larc (Nov 21)
- Re: snort center Marcel Hauser (Nov 21)
- RE: Confirmation For Alerts In ACID Needed Joel Colvin (Nov 20)
- <Possible follow-ups>
- RE: Confirmation For Alerts In ACID Needed Ibarra, Michael (Nov 20)
- Re: Confirmation For Alerts In ACID Needed Joseph Gresham (Nov 21)
- RE: Confirmation For Alerts In ACID Needed Fraser Hugh (Nov 21)
- Re: MSSQL2K vs MySQL?? pix (Nov 21)
- <Possible follow-ups>
- Re: MSSQL2K vs MySQL?? Dhruv Chandra (Nov 20)
- RE: MSSQL2K vs MySQL?? Robbins, Mark (Nov 21)
- Re: XML Log parsers Jacob Redding (Nov 21)
- Re: XML Log parsers Sleepy (Nov 21)
- Re: XML Log parsers pix (Nov 21)
- Re: XML Log parsers Sleepy (Nov 21)
- Re: XML Log parsers Michael Davis (Nov 21)
- Re: XML Log parsers Sleepy (Nov 21)
- <Possible follow-ups>
- Re: XML Log parsers Sleepy (Nov 21)
- RE: XML Log parsers L. Christopher Luther (Nov 21)
- Re: XML Log parsers Sleepy (Nov 22)
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) twig les (Nov 21)
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) Jens Krabbenhoeft (Nov 21)
- <Possible follow-ups>
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) Roman Danyliw (Nov 21)
- Re: snort not logging to the database twig les (Nov 21)
- <Possible follow-ups>
- RE: snort not logging to the database Philippe Dhont (Sea-ro) (Nov 21)
- Re: snort not logging to the database twig les (Nov 21)
- Snort not logging to the database Edu Sananselmo (Nov 22)
- <Possible follow-ups>
- RE: MDAC signature Slighter, Tim (Nov 21)
- Re: core dump Matt Kettler (Nov 21)
- Re: tcpdump filter question James Hoagland (Nov 21)
- <Possible follow-ups>
- RE: tcpdump filter question Bradley, Paul (Nov 21)
- <Possible follow-ups>
- RE: Help! Just upgraded to Snort1.9-1 Slighter, Tim (Nov 21)
- RE: Help! Just upgraded to Snort1.9-1 Sheahan, Paul (PCLN-NW) (Nov 21)
- RE: Help! Just upgraded to Snort1.9-1 Slighter, Tim (Nov 21)
- Re: DIAL UP Brian (Nov 21)
- Re: DIAL UP Matt Kettler (Nov 21)
- Re: OpenSSH question Skip Carter (Nov 22)
- Re: OpenSSH question twig les (Nov 22)
- Re: OpenSSH question Frank Knobbe (Nov 22)
- Re: OpenSSH question Michael Boman (Nov 22)
- Re: OpenSSH question Gene (Nov 22)
- <Possible follow-ups>
- Re: Still ACID Helmut Schneider (Nov 22)
- RE: Still ACID Pacheco, Michael F. (Nov 22)
- Re: Still ACID Helmut Schneider (Nov 22)
- Re: Snort 2.0 release date Jens Krabbenhoeft (Nov 22)
- Re: Snort 2.0 release date Yaakov Yehudi (Nov 25)
- Re: Snort 2.0 release date Chris Green (Nov 25)
- Re: SNMP Traps Andrew R. Baker (Nov 29)
- Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 22)
- Re: Detecting telnet connections with TERM=xxx set Sven Huster (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Brian (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Alberto Gonzalez (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Sven Huster (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Andreas Östling (Nov 22)
- Re: Supper Firewall setup with IPFILTER and SNORT jabbott (Nov 25)
- Re: Supper Firewall setup with IPFILTER and SNORT Jim Sandoz (Nov 25)
- Re: Supper Firewall setup with IPFILTER and SNORT Phil Dibowitz (Nov 25)
- Re: Supper Firewall setup with IPFILTER and SNORT Phil Dibowitz (Nov 25)
- Re: Supper Firewall setup with IPFILTER and SNORT Jim Sandoz (Nov 25)
- Re: proxy ? Matt Kettler (Nov 22)
- <Possible follow-ups>
- Re: Snort /SERVICE parameter (Win32) Ueli Kistler (Nov 24)
- Re: Oinkmaster issue Andreas Östling (Nov 23)
- Re: Oinkmaster issue Jacob Redding (Nov 25)
- <Possible follow-ups>
- FW: Oinkmaster issue Lance Lloyd (Nov 23)
- Re: stealth nic command ? Rafeeq Ur Rehman (Nov 24)
- Re: stealth nic command ? Alberto Gonzalez (Nov 24)
- Re: stealth nic command ? alireza (Nov 24)
- Re: stealth nic command ? Alberto Gonzalez (Nov 24)
- Re: SnortCenter can't push to sensor twig les (Nov 24)
- <Possible follow-ups>
- Fw: Installation on Slackware 8.1 tiago. (Nov 24)
- re: Installation on Slackware 8.1 Justin Jessup (Nov 25)
- re: Installation on Slackware 8.1 Justin Jessup (Nov 25)
- <Possible follow-ups>
- RE: SnortCenter can't push to senso Schroeder, Eric (Nov 25)
- Re: SnortCenter can't push to senso Guy Marcenac (Nov 26)
- Re: Using syslogd more efficiently Erek Adams (Nov 25)
- Re: Using syslogd more efficiently Alberto Gonzalez (Nov 25)
- Re: Using syslogd more efficiently Demetri Mouratis (Nov 25)
- Re: Nothing logged in Daemon mode Alberto Gonzalez (Nov 25)
- Re: Better regex expression ($ of "end of string") Brian (Nov 25)
- <Possible follow-ups>
- RE: MySQL Configuration for Snort L. Christopher Luther (Nov 25)
- RE: MySQL Configuration for Snort Schroeder, Eric (Nov 25)
- RE: MySQL Configuration for Snort Hicks, John (Nov 25)
- Re: Help with SMTP Rule Brian (Nov 25)
- Re: Help with SMTP Rule Ricardo Londoño (Nov 25)
- RE: Help with SMTP Rule Don (Nov 25)
- <Possible follow-ups>
- RE: Help with SMTP Rule Hicks, John (Nov 25)
- Re: rules set Erek Adams (Nov 25)
- Re: Alerting and Reporting tools Scott Nursten (Nov 26)
- SHUN Mike Koponick (Nov 26)
- Re: SHUN Alberto Gonzalez (Nov 26)
- Re: SHUN Matt Kettler (Nov 26)
- Re: SHUN Frank Knobbe (Nov 26)
- Re: SHUN Matt Kettler (Nov 26)
- Re: SHUN Frank Knobbe (Nov 26)
- RE: SHUN Mike Koponick (Nov 26)
- RE: SHUN ams67 (Dec 02)
- RE: SHUN Frank Knobbe (Dec 02)
- RE: SHUN ams67 (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 02)
- Re: SHUN Frank Knobbe (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 03)
- RE: SHUN ams67 (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 03)
- RE: SHUN Frank Knobbe (Dec 03)
- RE: SHUN ams67 (Dec 03)
- RE: SHUN Frank Knobbe (Dec 03)
- SHUN Mike Koponick (Nov 26)
- <Possible follow-ups>
- RE: Alerting and Reporting tools Scott, Joshua (Nov 26)
- Re: Network Failure and DB Output plugin Erek Adams (Nov 25)
- <Possible follow-ups>
- RE: MySQL on Another Server (#2) Hicks, John (Nov 27)
- RE: MySQL on Another Server (#2) L. Christopher Luther (Nov 27)
- RE: RE: MySQL on Another Server (#2) Michael Steele (Nov 27)
- RE: RE: MySQL on Another Server (#2) L. Christopher Luther (Nov 27)
- Re: Snort doesn't detect W32/Opaserv.worm attack Scott Nursten (Nov 26)
- Re: Rules archive empty? Scott Nursten (Nov 26)
- Re: Rules archive empty? Matt Kettler (Nov 26)
- Re: Rules archive empty? Brian (Nov 26)
- Re: why no alert for netbus backdoor ? Jens Krabbenhoeft (Nov 26)
- Re: Constructing Rules Matt Kettler (Nov 26)
- Re: Constructing Rules Brian (Nov 26)
- negated port ranges (was Re: Constructing Rules) Bennett Todd (Nov 26)
- Re: libpcap on Linux, FOR LINUX USERS ONLY Lionel CONS (Nov 29)
- <Possible follow-ups>
- RE: ACID Login Failed configured on Red Hat 8.0 Slighter, Tim (Nov 26)
- RE: ACID Login Failed configured on Red Hat 8.0 Scott, Joshua (Nov 27)
- Re: Pass Rule Frank Knobbe (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Frank Knobbe (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Matt Kettler (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Pass Rule Erek Adams (Nov 26)
- Re: Pass Rule Joseph Nuara (Nov 26)
- Re: Newbie Q on making it work Matt Kettler (Nov 26)
- Re: Newbie Q on making it work twig les (Nov 26)
- <Possible follow-ups>
- RE: Newbie Q on making it work Slighter, Tim (Nov 27)
- Re: Newbie Q on making it work Faber Fedor (Nov 27)
- RE: Newbie Q on making it work Tom Sevy (Nov 27)
- Re: Snortcenter Problem Marcel Hauser (Nov 27)
- <Possible follow-ups>
- Re: Snortcenter Problem larc (Nov 27)
- RE: snort 1.9.0 memleaking ? Bill Karwisch (Nov 27)
- Re: snort 1.9.0 memleaking ? Erek Adams (Nov 27)
- Re: snort 1.9.0 memleaking ? pilsl (Nov 27)
- Re: snort 1.9.0 memleaking ? Erek Adams (Nov 27)
- Re: snort 1.9.0 memleaking ? twig les (Nov 27)
- RE: snort 1.9.0 memleaking ? Paul D. Shaffer (Nov 27)
- Re: snort 1.9.0 memleaking ? Jason (Nov 28)
- Re: snort 1.9.0 memleaking ? pilsl (Nov 27)
- Re: swatch error Todd Holloway (Nov 27)
- <Possible follow-ups>
- RE: swatch error Petriz, Pablo (Nov 28)
- Re: false alarm? do I have preprocessor right? Matt Kettler (Nov 27)
- <Possible follow-ups>
- RE: Easy move to Linux platform Hicks, John (Nov 27)
- RE: Easy move to Linux platform Scott, Joshua (Nov 27)
- Re: Database Plugin - Alert vs. Log Erek Adams (Nov 27)
- <Possible follow-ups>
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
- RE: Database Plugin - Alert vs. Log Frank Knobbe (Nov 27)
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Dec 02)
- RE: Database Plugin - Alert vs. Log Frank Knobbe (Dec 02)
- <Possible follow-ups>
- Re: snort logs start/stop not to syslog aaron g (Nov 27)
- Warning with Snortrules-current sam (Nov 29)
- Re: Warning with Snortrules-current Jens Krabbenhoeft (Nov 30)
- Warning with Snortrules-current sam (Nov 29)
- <Possible follow-ups>
- Re: Cisco Sensor to Snort Front End aaron g (Nov 27)
- Re: Cisco Sensor to Snort Front End twig les (Nov 27)
- Re: How to use flexresp function in snort 2.0 Giuseppe Marullo (Nov 28)
- How to use flexresp function in snort x.y Giuseppe Marullo (Dec 01)
- <Possible follow-ups>
- How to use flexresp function in snort 2.0 王 鸿鹏 (Nov 29)
- Re: How to use flexresp function in snort 2.0 王 鸿鹏 (Nov 29)
- <Possible follow-ups>
- RE: OT: Happy Turkey Day! Donofrio, Lewis (Nov 28)
- Re: Hogwash anyone? Alberto Gonzalez (Nov 28)
- Re: Hogwash anyone? Michael Boman (Nov 28)
- <Possible follow-ups>
- RE: Hogwash anyone? Rochford, Paul (Nov 29)
- Re: Testing techniques twig les (Nov 28)
- Re: Testing techniques Rafeeq Ur Rehman (Nov 28)
- <Possible follow-ups>
- RE: Testing techniques Fraser Hugh (Nov 28)
- Re: SQL scripts for snort DBs Jens Krabbenhoeft (Nov 28)
- Re: snort 1.9 settings of spp_portscan2 Jens Krabbenhoeft (Nov 29)
- Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Andrew R. Baker (Nov 29)
- ACID SQL error Faber Fedor (Nov 29)
- <Possible follow-ups>
- RE: alert_full won't create subdirectories for ip addresses when mysql logging is enabled L. Christopher Luther (Dec 02)
- Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Andrew R. Baker (Dec 02)
- FW: Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Frank Knobbe (Dec 04)
- Re: Snort creating corrupt binary data logs? Phil Wood (Nov 29)
- <Possible follow-ups>
- RE: Snort creating corrupt binary data logs? Cloppert, Michael (Dec 03)
- Re: snort bug? terminates itslef exhausted all 0 blocks of 1 treeroots; exiting Erek Adams (Nov 29)
- Re: snort bug? terminates itslef exhausted all 0 blocks of 1 treeroots; exiting James Hoagland (Nov 29)
- Re: snort bug? terminates itslef exhausted all 0 blocks of 1 treeroots; exiting James Hoagland (Nov 29)
- <Possible follow-ups>
- snort bug? terminates itslef exhausted all 0 blocks of 1 treeroots; exiting Hanasaki JiJi (Nov 30)
- <Possible follow-ups>
- RE: Please help me understand this alert output Hicks, John (Nov 29)
- Re: Please help me understand this alert output Hanasaki JiJi (Nov 29)
- <Possible follow-ups>
- Re: Gigabit IDS report aaron g (Nov 30)
- Re: Gigabit IDS report twig les (Nov 30)
- Re: Gigabit IDS report Frank Knobbe (Nov 30)
- Re: Gigabit IDS report twig les (Nov 30)
- RE: Gigabit IDS report Bob Walder (Dec 01)
- Re: Gigabit IDS report [RANT WARNING] Michael Boman (Dec 01)
- RE: Gigabit IDS report Paul D. Shaffer (Dec 01)
- RE: Gigabit IDS report Frank Knobbe (Dec 01)
- RE: Gigabit IDS report aaron g (Dec 01)
- Re: All alerts have src/dest as 0.0.0.0 Erek Adams (Nov 30)
- Re: All alerts have src/dest as 0.0.0.0 twig les (Nov 30)
- <Possible follow-ups>
- Re: "preprocessor portscan2-ignorehosts" ignored Helmut Schneider (Dec 02)
- Re: "preprocessor portscan2-ignorehosts" ignored Jens Krabbenhoeft (Dec 03)
- Re: Rules for version1.8.6 Erek Adams (Dec 02)
- Re: Rules for version1.8.6 Frank Knobbe (Dec 02)
- Re: Rules for version1.8.6 Chris Green (Dec 02)
- Re: Rules for version1.8.6 Frank Knobbe (Dec 02)
- <Possible follow-ups>
- Re: Rules for version1.8.6 Matt Kettler (Dec 02)
- <Possible follow-ups>
- RE: massive scans Miller, Eoin (Dec 02)
- Re: portscan2-ignorehosts & portscan-ignorehosts Alberto Gonzalez (Dec 02)
- Re: portscan2-ignorehosts & portscan-ignorehosts Distribution Lists (Dec 02)
- Re: portscan2-ignorehosts & portscan-ignorehosts Robby Desmond (Dec 02)
- Re: Request for help in changing packet capture filenames under Snort 1.9 Frank Knobbe (Dec 02)
- MSN Chat Rule Help Ricardo Londoño (Dec 02)
- Re: Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Andrew R. Baker (Dec 02)
- <Possible follow-ups>
- RE: Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Hicks, John (Dec 04)
- Re: MSN Chat Rule Help Brian (Dec 02)
- Re: MSN Chat Rule Help Ricardo Londoño (Dec 02)
- Re: GET /.hash= Jeff Kell (Dec 03)
- Re: GET /.hash= Jens Krabbenhoeft (Dec 03)
- Re: error in creation of mysql table Jens Krabbenhoeft (Dec 03)
- Re: error in creation of mysql table twig les (Dec 03)
- <Possible follow-ups>
- RE: error in creation of mysql table Sawall, Christopher L (Dec 03)
- Re: Output Plugin - log_ascii Frank Knobbe (Dec 03)
- <Possible follow-ups>
- RE: Output Plugin - log_ascii Hicks, John (Dec 03)
- <Possible follow-ups>
- Re: snort 1.9 freebsd port with Spade? aaron g (Dec 03)
- Re: snort 1.9 freebsd port with Spade? twig les (Dec 03)
- Re: content rule Matt Kettler (Dec 03)
- <Possible follow-ups>
- Question about FlexResp Sandra Estrada Moreno (Dec 05)
- Re: Another Snort Reporting Question Jacques (Dec 04)
- <Possible follow-ups>
- RE: Another Snort Reporting Question Slighter, Tim (Dec 04)
- Re: I find it odd that this product would not be supported for SMP win2k machines Matt Kettler (Dec 04)
- RE: I find it odd that this product would not be supported for SMP win2k machines Paul D. Shaffer (Dec 04)
- <Possible follow-ups>
- RE: I find it odd that this product would not be supported for SMP win2k machines Eric Joe (Dec 04)
- RE: I find it odd that this product would not be supported for SMP win2k machines twig les (Dec 04)
- RE: I find it odd that this product would not be supported for SMP win2k machines Jacob Redding (Dec 09)
- RE: I find it odd that this product would not be supported for SMP win2k machines twig les (Dec 04)
- Re: Snort for Broadcast Detection counts only Phil Wood (Dec 04)
- Re: snort NT install question Andrew R. Baker (Dec 04)
- <Possible follow-ups>
- RE: snort NT install question Michael Steele (Dec 04)
- RE: snort NT install question Tobias Rice (Dec 04)
- Re: Access Denied when logging to MySQL database twig les (Dec 04)
- Re: Access Denied when logging to MySQL database Steve Suehring (Dec 04)
- Re: Access Denied when logging to MySQL database Robby Desmond (Dec 04)
- Re: Access Denied when logging to MySQL database Steve Suehring (Dec 04)
- Re: Access Denied when logging to MySQL database shrek-m () gmx de (Dec 04)
- Re: Access Denied when logging to MySQL database Steve Suehring (Dec 04)
- <Possible follow-ups>
- Re: mysql problem Jeremy Loukinas (Dec 04)
- Re: mysql problem Steve Suehring (Dec 04)
- RE: mysql problem L. Christopher Luther (Dec 04)
- Re: Snort for Pocket PC Bennett Todd (Dec 04)
- RE: Snort for Pocket PC Don (Dec 04)
- <Possible follow-ups>
- RE: Snort and Solaris 8? Kreimendahl, Chad J (Dec 04)
- Re: Problem with SnortCenter Cesar Andres Navarrete R. (Dec 04)
- <Possible follow-ups>
- RE: Problem with SnortCenter ElbTec GmbH (Dec 04)
- Re: Re: Problem with SnortCenter larc (Dec 05)
- Re: ACID Problems download (Jim Prewett) (Dec 04)
- <Possible follow-ups>
- Re: ACID Problems Cory Helmrich (Dec 06)
- RE: I find it odd that this product would not be supported for SMP win2k machines Paul D. Shaffer (Dec 04)
- <Possible follow-ups>
- RE: I find it odd that this product would not be supported for SMP win2k machines aaron g (Dec 05)
- <Possible follow-ups>
- Norman Internet Protection - Malware Warning! yokoyama (Dec 09)
- Re: to block intruders Alberto Gonzalez (Dec 05)
- Block Conncection Atul Shrivastava (Dec 07)
- How to use the Various Outplugins present in the SnortCenter Atul Shrivastava (Dec 07)
- Re: How to use the Various Outplugins present in the SnortCenter Alberto Gonzalez (Dec 07)
- Re: Block Conncection Alberto Gonzalez (Dec 07)
- How to use the Various Outplugins present in the SnortCenter Atul Shrivastava (Dec 07)
- Re: Alert OR syslog? Alberto Gonzalez (Dec 05)
- <Possible follow-ups>
- RE: Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- RE: Alert OR syslog? Don (Dec 05)
- RE: Alert OR syslog? Don (Dec 05)
- RE: Alert OR syslog? Don (Dec 05)
- RE: Alert OR syslog? Steve Halligan (Dec 05)
- RE: Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- Re: Alert OR syslog? Alberto Gonzalez (Dec 05)
- RE: Alert OR syslog? Weiss, Jeffrey H. (Dec 05)
- RE: Alert OR syslog? L. Christopher Luther (Dec 06)
- Re: RE: Alert OR syslog? Erek Adams (Dec 06)
- Re: Snort rule triggered an alert, but why? Chris Green (Dec 05)
- <Possible follow-ups>
- RE: Snort rule triggered an alert, but why? C . Prickaerts (Dec 05)
- Re: Snort rule triggered an alert, but why? Chris Green (Dec 05)
- RE: Snort rule triggered an alert, but why? C . Prickaerts (Dec 06)
- RE: Snort rule triggered an alert, but why? C . Prickaerts (Dec 08)
- Re: Content list 2 Matt Kettler (Dec 05)
- <Possible follow-ups>
- Re: Content list 2 larc (Dec 09)
- Re: [Snort-sigs] Snort Alert [1:1411:0] ) (etc) alerts Jens Krabbenhoeft (Dec 09)
- <Possible follow-ups>
- RE: Understanding how to setup snort... Hicks, John (Dec 11)
- Re: Snortcenter: cant connect localhost:2525 Guy Marcenac (Dec 05)
- RE: Home_net & external_net Don (Dec 05)
- Re: Home_net & external_net Erek Adams (Dec 05)
- <Possible follow-ups>
- RE: Home_net & external_net Jeremy Finke (Dec 06)
- RE: Home_net & external_net Erek Adams (Dec 06)
- RE: Home_net & external_net Don (Dec 06)
- RE: Home_net & external_net Erek Adams (Dec 06)
- RE: Home_net & external_net Erek Adams (Dec 06)
- RE: Home_net & external_net Jeremy Finke (Dec 06)
- RE: Home_net & external_net Erek Adams (Dec 06)
- Re: Home_net & external_net Jens Krabbenhoeft (Dec 09)
- RE: Home_net & external_net Jeremy Finke (Dec 06)
- RE: Home_net & external_net Don (Dec 06)
- <Possible follow-ups>
- RE: Problem with Snort 1.9.0 and PostgreSQL Semerjian, Ohanes (Dec 08)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL Demetri Mouratis (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL Erek Adams (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL Demetri Mouratis (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL Semerjian, Ohanes (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- Re: Problem with Snort 1.9.0 and PostgreSQL Peter Erickson (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL Roman Danyliw (Dec 11)
- RE: Problem with Snort 1.9.0 and PostgreSQL m0use (Dec 09)
- RE: Problem with Snort 1.9.0 and PostgreSQL Johan Sunnerstig (Dec 12)
- Re: pcap_loop Erek Adams (Dec 06)
- Re: snort + logsurfer Erik Fichtner (Dec 06)
- <Possible follow-ups>
- Re: SnortCenter sensor "cloning" larc (Dec 06)
- SnortCenter sensor "cloning" scp (Dec 09)
- Re: Remote Syslogging. Demetri Mouratis (Dec 06)
- Re: Remote Syslogging. Erek Adams (Dec 06)
- Re: snort log time error Ralf Hildebrandt (Dec 06)
- Re: snort log time error Chris Baker (Dec 06)
- Re: snort log time error Ralf Hildebrandt (Dec 06)
- Re: snort log time error Wilson A. Galafassi Jr. (Dec 06)
- Re: snort log time error Ralf Hildebrandt (Dec 06)
- Re: snort log time error Chris Baker (Dec 06)
- Re: ml troble Matt Kettler (Dec 06)
- Re: ml troble Benny Pedersen (Dec 06)
- Re: Problems with make (flexresp). James-lists (Dec 08)
- Re: Problems with make (flexresp). John D. Caine (Dec 09)
- Re: am i scanning other ip's? Adrian Peters (Dec 09)
- Re: am i scanning other ip's? James Hoagland (Dec 09)
- Re: am i scanning other ip's? Matt Kettler (Dec 09)
- Re: Re[2]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- <Possible follow-ups>
- Re: Re[4]: snort 1.9 + OpenBSD 3.2-stable twig les (Dec 09)
- Re[6]: snort 1.9 + OpenBSD 3.2-stable Darren (Dec 09)
- Re: Updating rules... Adrian Peters (Dec 09)
- Re: Updating rules... Edin Dizdarevic (Dec 10)
- Re: Updating rules... Edin Dizdarevic (Dec 10)
- Re: Help me friends Adrian Peters (Dec 09)
- <Possible follow-ups>
- RE: Help me friends Semerjian, Ohanes (Dec 09)
- RE: Help me friends Rich Stryker (Dec 18)
- Re: Snort 1.9 alert log problem Bennett Todd (Dec 09)
- Re: EXTERNAL_NET != HOME_NET ? Adrian Peters (Dec 09)
- Re: EXTERNAL_NET != HOME_NET ? Erek Adams (Dec 09)
- <Possible follow-ups>
- Re: Problem with Snort/PostgreSQL Eduard San Anselmo Mateu (Dec 09)
- Re: RE: Snort IDScenter 1.09 beta 2.2 released! (OT) Ueli Kistler (Dec 09)
- Logging Issue John D. Caine (Dec 10)
- Re: Logging Issue John D. Caine (Dec 10)
- Re: mysql rotation script for alert storms Steve Suehring (Dec 10)
- Re: Setting up Snort Ueli Kistler (Dec 10)
- Re: Snort 1.9.0 Support for MySQL DB Erick Mechler (Dec 10)
- Re: Snort 1.9.0 Support for MySQL DB twig les (Dec 10)
- Re: Snort 1.9.0 Support for MySQL DB Chris Reid (Dec 10)
- Re: Snort 1.9.0 Support for MySQL DB Frank Knobbe (Dec 10)
- Re: Snort 1.9.0 Support for MySQL DB Steve Suehring (Dec 17)
- <Possible follow-ups>
- RE: Snort 1.9.0 Support for MySQL DB L. Christopher Luther (Dec 10)
- RE: Snort 1.9.0 Support for MySQL DB L. Christopher Luther (Dec 10)
- Re: MySQL-Rights for Snort Erick Mechler (Dec 10)
- Re: How can I configue the outplugin for SMB Alerts Alberto Gonzalez (Dec 10)
- Re: How can I view the packet payload if the packet is SMTP Frank Knobbe (Dec 11)
- Re: How can I view the packet payload if the packet is SMTP Erek Adams (Dec 12)
- Re: mark packets for further processing via iptables/tc ? Matt Kettler (Dec 19)
- <Possible follow-ups>
- RE: ACID Portscan Traffic (0%) Slighter, Tim (Dec 11)
- RE: ACID Portscan Traffic (0%) Hicks, John (Dec 11)
- RE: ACID Portscan Traffic (0%) Luo, Philip (Dec 11)
- RE: ACID Portscan Traffic (0%) Robby Desmond (Dec 17)
- RE: ACID Portscan Traffic (0%) Pacheco, Michael F. (Dec 11)
- RE: ACID Portscan Traffic (0%) Chris Eidem (Dec 11)
- RE: ACID Portscan Traffic (0%) Slighter, Tim (Dec 12)
- RE: ACID Portscan Traffic (0%) Morgan, Joel (Macon State College) (Dec 17)
- RES: ACID Portscan Traffic (0%) Coelho (Dec 17)
- RE: How can I view the packet payload if the packetis SMTP Frank Knobbe (Dec 11)
- <Possible follow-ups>
- RE: FTP command overflow attempt help Hicks, John (Dec 11)
- <Possible follow-ups>
- RE: W2K snort launch & halt Scott Olihovik (Dec 11)
- RE: W2K snort launch & halt Hicks, John (Dec 11)
- RE: W2K snort launch & halt Serge Jorgensen (Dec 11)
- RE: W2K snort launch & halt L. Christopher Luther (Dec 11)
- W2K snort launch & halt Serge D. Jorgensen (Dec 17)
- RE: W2K snort launch & halt Michael Steele (Dec 17)
- Re: CIS Scanner Matt Kettler (Dec 11)
- Re: rh8.0 and snort??? Alessandro Fiorenzi (Dec 12)
- <Possible follow-ups>
- Re: Problems with display, new inst Eli Stair (Dec 12)
- snortcenter problem josh (Dec 17)
- RE: snortcenter problem josh (Dec 17)
- snortcenter problem josh (Dec 17)
- Re: Possible Memory Overlap/Bug? Help! Chris Green (Dec 12)
- Re: Possible Memory Overlap/Bug? Help! Lawrence Reed (Dec 12)
- <Possible follow-ups>
- RE: Re: Possible Memory Overlap/Bug? Help! Kevin P (Dec 12)
- Re: Possible Memory Overlap/Bug? Help! Chris Green (Dec 12)
- <Possible follow-ups>
- RE: Acid_Main.php browser using IIS version 5.0 Hicks, John (Dec 13)
- Re: DB ERROR twig les (Dec 12)
- Re: DB ERROR Jens Krabbenhoeft (Dec 12)
- <Possible follow-ups>
- RE: DB ERROR Luo, Philip (Dec 13)
- Re: DB ERROR Steve Suehring (Dec 13)
- Re: DB ERROR twig les (Dec 13)
- Re: DB ERROR Steve Suehring (Dec 13)
- RE: DB ERROR Luo, Philip (Dec 16)
- RE: DB ERROR Luo, Philip (Dec 19)
- Re: DB ERROR Steve Suehring (Dec 19)
- RE: DB ERROR Luo, Philip (Dec 19)
- Re: DB ERROR 'Steve Suehring' (Dec 19)
- RE: Snort 1.8.7 as a Win2K Service (bump) Salman Siddiqui (Dec 13)
- <Possible follow-ups>
- RE: Snort 1.8.7 as a Win2K Service (bump) L. Christopher Luther (Dec 13)
- <Possible follow-ups>
- RE: Logging without alerting L. Christopher Luther (Dec 13)
- RE: Logging without alerting JBFRYE (Dec 13)
- Re: SID 376 Erek Adams (Dec 12)
- Re: New Trend: Intrusion Prevention Alberto Gonzalez (Dec 13)
- Re: New Trend: Intrusion Prevention Martin Roesch (Dec 13)
- RE: New Trend: Intrusion Prevention Ofir Arkin (Dec 14)
- Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
- Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
- Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
- Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
- RE: New Trend: Intrusion Prevention Ofir Arkin (Dec 14)
- <Possible follow-ups>
- RE: New Trend: Intrusion Prevention Steve Halligan (Dec 13)
- RE: New Trend: Intrusion Prevention Nathan Whitehouse (Dec 13)
- RE: New Trend: Intrusion Prevention Ibarra, Michael (Dec 13)
- RE: New Trend: Intrusion Prevention twig les (Dec 13)
- Re: New Trend: Intrusion Prevention Erick Mechler (Dec 13)
- RE: New Trend: Intrusion Prevention twig les (Dec 13)
- RE: New Trend: Intrusion Prevention SecurityAdmin (Dec 13)
- RE: New Trend: Intrusion Prevention Bob Dehnhardt (Dec 13)
- Re: New Trend: Intrusion Prevention Alberto Gonzalez (Dec 13)
- RE: New Trend: Intrusion Prevention Chris Eidem (Dec 13)
- RE: New Trend: Intrusion Prevention Sheahan, Paul (PCLN-NW) (Dec 16)
- Re: New Trend: Intrusion Prevention Robby Desmond (Dec 17)
- Re: stopping snort Erick Mechler (Dec 13)
- Re: stopping snort Bennett Todd (Dec 13)
- Re: stopping snort Alberto Gonzalez (Dec 13)
- YASG :-) - yet another setup guide for snort (switched, Debian, MySQL, etc) Anton A. Chuvakin (Dec 13)
- <Possible follow-ups>
- ntpdx overflow attempt sig triggered by ntpdc query james (Dec 17)
- Re: SNMP TRAP??? Rich Adamson (Dec 15)
- Re: Snort 1.9 alert_fast output plugin problem Martin Roesch (Dec 15)
- Re: Exclude IP addresses for all rules James-lists (Dec 15)
- Re: Exclude IP addresses for all rules James-lists (Dec 15)
- Re: Exclude IP addresses for all rules Jens Krabbenhoeft (Dec 16)
- <Possible follow-ups>
- RE: unsubscribe me from this mailing list L. Christopher Luther (Dec 15)
- Re: Warning unkonwn output plugin : 'trap_snmp' ????? Erick Mechler (Dec 16)
- <Possible follow-ups>
- Re: Writing to DB (only!) Eduard San Anselmo Mateu (Dec 17)
- Re: Ignorehosts, once again Yonah Russ (Dec 17)
- <Possible follow-ups>
- RE: Ignorehosts, once again Brandis Jaroslav (Dec 17)
- Ignorehosts, once again Marc Quibell (Dec 17)
- RE: Newbie ams67 (Dec 16)
- RE: Newbie Don (Dec 16)
- Re: Update Erick Mechler (Dec 16)
- <Possible follow-ups>
- RE: Begginer .. Axness, Bob (Dec 16)
- Re: A rule for telnet commands Matt Kettler (Dec 16)
- <Possible follow-ups>
- RE: A rule for telnet commands Steve Halligan (Dec 17)
- A rule for telnet commands Neal Werner (Dec 17)
- Re: another question twig les (Dec 16)
- <Possible follow-ups>
- RE: Snort IDScenter 1.09 beta 2.3 released! L. Christopher Luther (Dec 17)
- Re: just curious Matt Kettler (Dec 17)
- Re: mysql db create for win32 version Scot Scot (Dec 17)
- <Possible follow-ups>
- RE: mysql db create for win32 version L. Christopher Luther (Dec 17)
- Re: Error Line => Unknown rule type Matt Kettler (Dec 17)
- <Possible follow-ups>
- Re: snort appliance aaron g (Dec 18)
- Re: snort-1.9.0.tar.gz Erick Mechler (Dec 17)
- Re: snort-1.9.0.tar.gz Chris Keladis (Dec 18)
- Re: extracting urls from the alerts Shane Williams (Dec 17)
- Re: extracting urls from the alerts twig les (Dec 17)
- Re: extracting urls from the alerts J. Craig Woods (Dec 17)
- Re: extracting urls from the alerts Gene (Dec 17)
- Re: extracting urls from the alerts twig les (Dec 17)
- <Possible follow-ups>
- Analysis packets headers Marlene Guimarães Costa (Dec 17)
- Re: some signature that displat on ACID Erick Mechler (Dec 17)
- Re: some signature that displat on ACID twig les (Dec 17)
- <Possible follow-ups>
- RE: Snort and email. Petriz, Pablo (Dec 17)
- Re: RE: Snort and email. Jacques (Dec 23)
- Re: Script to move alerts from snort db to snort_archive db Erick Mechler (Dec 17)
- Re: Script to move alerts from snort db to snort_archive db Guy Marcenac (Dec 20)
- <Possible follow-ups>
- RE: Script to move alerts from snort db to snort_archive db Christopher Lyon (Dec 22)
- OT Re: how to read logs Geoff (Dec 18)
- Re: OT Re: how to read logs John McCain (Dec 18)
- <Possible follow-ups>
- Re: how to read logs Matt Kettler (Dec 18)
- Re: how to read logs mcmurry jim (Dec 19)
- Re: snort & iptables twig les (Dec 18)
- Re: snort & iptables Jacob Redding (Dec 19)
- Re: snort & iptables Michael Boman (Dec 19)
- Re: FAQ Suggestion: snort & iptables Matt Kettler (Dec 19)
- Re: FAQ Suggestion: snort & iptables Phil Wood (Dec 20)
- Re: snort & iptables Jacob Redding (Dec 19)
- <Possible follow-ups>
- RE: email out from acid Hicks, John (Dec 18)
- <Possible follow-ups>
- RE: seeing whol subnet Matt Yackley (Dec 18)
- RE: seeing whol subnet Semerjian, Ohanes (Dec 21)
- <Possible follow-ups>
- RE: Clueless in Toronto Rich Stryker (Dec 18)
- RE: Clueless in Toronto Rich Stryker (Dec 19)
- RE: Clueless in Toronto Rich Stryker (Dec 19)
- Re: Understanding IDS & TAPS twig les (Dec 18)
- <Possible follow-ups>
- RE: Understanding IDS & TAPS Carleton, Sam (SCI TW) (Dec 18)
- RE: Understanding IDS & TAPS Nigel Clarke (Dec 19)
- RE: Understanding IDS & TAPS Carleton, Sam (SCI TW) (Dec 18)
- Re: Understanding IDS & TAPS Matt Kettler (Dec 18)
- Re: Barnyard/acid reconfigure question Jens Krabbenhoeft (Dec 19)
- <Possible follow-ups>
- RE: Barnyard/acid reconfigure question Henning, David (Dec 19)
- Re: [prelude-user] prelude is not working on openbsd ?? Yoann Vandoorselaere (Dec 19)
- Re: One question Matt Kettler (Dec 19)
- Re: One question Shane Williams (Dec 19)
- Re: Ignorehosts still not working... Christopher Robert Cook (Dec 19)
- RE: Ignorehosts still not working... Don (Dec 19)
- <Possible follow-ups>
- RE: Ignorehosts still not working... Hicks, John (Dec 19)
- Re: Ignorehosts still not working... Marc Quibell (Dec 19)
- <Possible follow-ups>
- RE: ACID Graph Page Steve Halligan (Dec 19)
- <Possible follow-ups>
- RE: Redhat 8.0 and Snort...playing nice? Pacheco, Michael F. (Dec 19)
- RE: Redhat 8.0 and Snort...playing nice? Madziarczyk, Jonathan (Dec 19)
- Re: Redhat 8.0 and Snort...playing nice? ascannel (Dec 19)
- <Possible follow-ups>
- RE: To TAP or HUB? Henning, David (Dec 19)
- RE: To TAP or HUB? Frank Knobbe (Dec 19)
- RE: To TAP or HUB? Madziarczyk, Jonathan (Dec 19)
- RE: To TAP or HUB? Shane Hickey (Dec 19)
- RE: To TAP or HUB? Eric Joe (Dec 19)
- RE: To TAP or HUB? Shane Hickey (Dec 19)
- RE: To TAP or HUB? Matt Kettler (Dec 19)
- <Possible follow-ups>
- RE: Barnyard Options Help Needed! Chris Eidem (Dec 20)
- Re: RE: Exchange 2000 twig les (Dec 19)
- <Possible follow-ups>
- Re: RE: Exchange 2000 aaron g (Dec 19)
- <Possible follow-ups>
- Re: L3 Retriever Ping False Alarms netsec novice (Dec 20)
- Re: Proxy Scanner? John McCain (Dec 20)
- Re: Proxy Scanner? Nigel Houghton (Dec 20)
- <Possible follow-ups>
- RE: Proxy Scanner? Sylar, John (Dec 20)
- Re: Snort, Windows 2000 - running external program/script on alert. Matt Kettler (Dec 20)
- Re: Snort, Windows 2000 - running external program on alert. Ueli Kistler (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Don (Dec 20)
- <Possible follow-ups>
- RE: Snort, Windows 2000 - running external program on alert. Hicks, John (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Sylar, John (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Tom Sevy (Dec 20)
- <Possible follow-ups>
- RE: MS Terminal Server Requests Knight, Ric (Dec 20)
- RE: MS Terminal Server Requests Hicks, John (Dec 20)
- Re: PHP RPMs Alberto Gonzalez (Dec 20)
- Re: PHP RPMs Eli Stair (Dec 20)
- Re: PHP RPMs J. Craig Woods (Dec 20)
- <Possible follow-ups>
- RE: Any HOWTO for merging separate snort IDS's into central DB? Benjamin Hippler (Dec 21)
- Re: Any HOWTO for merging separate snort IDS's into central DB? Jason Haar (Dec 21)
- Re: Any HOWTO for merging separate snort IDS's into central DB? Andrea Barisani (Dec 21)
- RE: Any HOWTO for merging separate snort IDS's into central DB? Cloppert, Michael (Dec 24)
- Re: snortd error Erick Mechler (Dec 21)
- Re: snortd error Guy Marcenac (Dec 21)
- Re: snortd error Incidents (Dec 22)
- Re: snortd error Erick Mechler (Dec 22)
- Re: snortd error Guy Marcenac (Dec 21)
- <Possible follow-ups>
- RE: snortd error McBee, Rob (Dec 23)
- Re: snortd error Erick Mechler (Dec 23)
- Re: _PATH_VARRUN Olaf Schreck (Dec 21)
- Re: Snort GUI Saad Kadhi (Dec 23)
- Re: Snort GUI Nick Zitzmann (Dec 23)
- <Possible follow-ups>
- Snort GUI Luo, Philip (Dec 27)
- Re: Snort GUI J Irving (Dec 27)
- Re: Snort GUI Ueli Kistler (Dec 27)
- Re: Snort GUI Nick Zitzmann (Dec 27)
- <Possible follow-ups>
- RE: Will new rules require upgrade to snort 2.0 O'Flynn, Derek (Dec 23)
- <Possible follow-ups>
- RE: Httpodbc.dll Gray . Brendan (Dec 24)
- RE: Httpodbc.dll Hicks, John (Dec 24)
- <Possible follow-ups>
- RE: Upgrade smoothwall to 1.9 Donofrio, Lewis (Dec 26)
- Re: Web servers scanning clients!!! Matt Kettler (Dec 26)
- Re: Web servers scanning clients!!! Jason (Dec 26)
- Re: Web servers scanning clients!!! Matt Kettler (Dec 26)
- Re: Web servers scanning clients!!! Jason (Dec 26)
- Re: Web servers scanning clients!!! Matt Kettler (Dec 26)
- Re: Web servers scanning clients!!! Jason (Dec 26)
- Re: Web servers scanning clients!!! Alberto Gonzalez (Dec 26)
- Re: Web servers scanning clients!!! Alberto Gonzalez (Dec 26)
- Re: Alert log entry Matt Kettler (Dec 26)
- Re: libcap,libnet Matt Kettler (Dec 27)
- Re: HTTP_SERVERS variable length Andrew R. Baker (Dec 27)
- <Possible follow-ups>
- Re: HTTP_SERVERS variable length Matt Kettler (Dec 27)
- RE: HTTP_SERVERS variable length Steven Rudolph (Dec 27)
- Extracting URL's from alerts Mahdi Kefaiati (Dec 28)
- Re: snort, mysql and acid on redhat 7.3 ... htpassword issue Bruno Saverio Delbono (Dec 29)
- Re: Snort logging Bamm Visscher (Dec 30)
- <Possible follow-ups>
- RE: Snort logging Slighter, Tim (Dec 30)
- Re: UPNP scan Bamm Visscher (Dec 30)
- Message not available
- Re: React & Resp keyword working Atul Shrivastava (Dec 31)
- Re: React & Resp keyword working Alberto Gonzalez (Dec 31)
- Re: React & Resp keyword working Atul Shrivastava (Dec 31)
- Re: React & Resp keyword working Atul Shrivastava (Dec 31)
- Re: Snort-inline question Alberto Gonzalez (Dec 30)
- <Possible follow-ups>
- RE: Snort-inline question Amit Kumar Gupta (Dec 30)
- Re: Land Attack Phil Wood (Dec 31)
- Re: Land Attack Ashley Thomas (Dec 31)
- <Possible follow-ups>
- RE: Snort Inline Bob McDowell (Dec 31)
- RE: Snort and acidcenter Paul D. Shaffer (Dec 31)