Snort mailing list archives
RE: Snort-users digest, Vol 1 #4337 - 10 msgs
From: Chet Patel <cpatel () betrusted com>
Date: Thu, 24 Jun 2004 09:35:15 -0400
Un-subscribe Best Regards, ********************************************************************** Chet Patel U.S. Operations - Core Infrastructure -----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Thursday, June 24, 2004 9:22 AM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #4337 - 10 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. RE: Network Behaviour Anomoly Detection (Michael Cunningham) 2. BPF-Filter (Maetzky, Steffen (Extern)) 3. Re: BPF-Filter (Thomas Bechtold) 4. Re: BPF-Filter (Edin Dizdarevic) 5. RE: RE: Network Behaviour Anomoly Detection (Jerry Shenk) 6. Re: RE: Network Behaviour Anomoly Detection (security () jonbaer net) 7. IDS Policy Manager 1.4 Released (Jeff Dell) 8. RE: Barnyard not inserting into acid_* (VanBrecht, Jason) 9. Re: Alert file question (Jason Fischer) 10. Re: Barnyard not inserting into acid_* (sekure) --__--__-- Message: 1 Date: Wed, 23 Jun 2004 23:31:26 -0400 From: Michael Cunningham <crayola () optonline net> To: 'Jon Baer' <security () jonbaer net>, focus-ids () securityfocus com, snort-users () lists sourceforge net Subject: [Snort-users] RE: Network Behaviour Anomoly Detection
SPADE would be one example...
Ntop could be used for this...
Spade + Snort is good for looking for anomolous port scans that have been
randomized.. etc.
Unfortunatly its not what I am looking for.. ntop can help track
connections/ports but not provide the AI necessary to spot anmolies in
network behaviour over time.
I am really looking for something like Arbor Networks Peakflow X or
Q1 Labs Qradar products. Both of which are pretty pricey in these tight
budget times.
They are designed to look at network connections between systems, what ports
are used, how much traffic moves between systems, when all this occurs,
etc.. Essentially they build up a profile of normal activity on your
network over time.. and then if a something weird starts happening like a
database starts talking to a system it never spoke to before, or a desktop
starts making connections to hundreds of production systems.. it alerts you
that something might be wrong. It's sorta like Sourcefires RNA product but
much more focused on the anomaly AI part of looking at the information and
much less focused on using network intelligence to correlate with ids
events.
Anyone interested in starting up an opensource project to build something
like this?
I think it is the perfect complement to a signature based IDS system. It can
detect traffic that looks normal to an IDS system but may actually be
malicious..
Example: a developer runs sql queries against your main production database
at 3am to steal all the credit cards from it and resell on the Internet.
An IDS system wouldn't normally say anything about this since it isnt a
defined signature event. But a Network Behaviour Anomaly detection system
would alert indicating that it is not normal for that developer workstation
to be making a connection to a production Oracle server from their desktop
at 3am and retrieveing such a large amount of data.
Thanks,
Mike
--__--__--
Message: 2
From: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>
To: "'Snort-User (snort-users () lists sourceforge net)'"
<snort-users () lists sourceforge net>
Date: Thu, 24 Jun 2004 10:22:18 +0200
Subject: [Snort-users] BPF-Filter
Hi,
I have read that it is possible to ignore traffic by using bpf-filter.
I have tried to call the manual (man bpf) under RedHat 9 but there is no
entry.
Means that, that I have no bpf-support?
Which software/ lib is neccesary to get bpf-support?
Where do I get it and how to install (special configure-options?)
Thanks in advance,
Steffen
--__--__--
Message: 3
From: Thomas Bechtold <Thomas () jpberlin de>
Reply-To: Thomas () jpberlin de
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] BPF-Filter
Date: Thu, 24 Jun 2004 10:38:35 +0200
On Thursday 24 June 2004 10:22, Maetzky, Steffen Extern wrote:
Hi, I have read that it is possible to ignore traffic by using bpf-filter. I have tried to call the manual (man bpf) under RedHat 9 but there is no entry.
You can find a manual with "man tcpdump".
Means that, that I have no bpf-support? Which software/ lib is neccesary to get bpf-support? Where do I get it and how to install (special configure-options?)
You need the libpcap to have bpf-support. So you can use bpf-filters with snort, etherreal, tcdump, ngrep,.... Cheers Thomas --__--__-- Message: 4 Date: Thu, 24 Jun 2004 10:44:34 +0200 From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de> To: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de> Cc: "'Snort-User (snort-users () lists sourceforge net)'" <snort-users () lists sourceforge net> Subject: Re: [Snort-users] BPF-Filter Maetzky, Steffen (Extern) wrote:
Hi, I have read that it is possible to ignore traffic by using bpf-filter. I have tried to call the manual (man bpf) under RedHat 9 but there is no entry. Means that, that I have no bpf-support? Which software/ lib is neccesary to get bpf-support? Where do I get it and how to install (special configure-options?) Thanks in advance, Steffen
We had this several times now, Google's your friend. Anyway, the manual page of tcpdump will show you on Linux, how to deal with BPF. The BPF manual page is afaik available only on *BSD. You may want also want to take a look here: http://home.insight.rr.com/procana/ http://www.tcpdump.org/tcpdump_man.html Regards, Edin -- Edin Dizdarevic --__--__-- Message: 5 From: "Jerry Shenk" <jshenk () decommunications com> To: "'Michael Cunningham'" <crayola () optonline net>, <focus-ids () securityfocus com>, <snort-users () lists sourceforge net> Subject: RE: [Snort-users] RE: Network Behaviour Anomoly Detection Date: Thu, 24 Jun 2004 06:36:49 -0400 Have you looked at SHADOW (http://www.nswc.navy.mil/ISSEC/CID/)? That web site isn't really very good at explaining what it is but it basically is an anomaly detection IDS. It also works very well as a complement to Snort on the same box. It collects headers of all traffic going in and out so that you have the ability to look at a signature hit (i.e.. Snort) in context. You can answer questions like, "Was the traffic being initiated from the inside?", "How long has this been going on?", "What related traffic might there be?", etc. SHADOW also does some of what you're talking about. There is an end-of-day summary that chews through the entire days data and calculates the number of packets, bytes transfers, breakdown of tcp, udp, icmp, etc. It also breaks the traffic down into which ports are busiest, which internal or external IP is busiest. Most of that breakdown is both by Kbytes and by connections. All the SHADOW data is stored in gzipped tcpdump files so if you want to process it with some other software, that's a piece of cake. SHADOW has seen a couple upgrades over the past few years and I think it's a VERY good complement to any signature based IDS. I have a couple of them in and I'm sure that most of the IT staff doesn't go looking at the summaries every day but I have a little script that grabs some key indicators out of it. The big payoff comes when something happens that they want to track down. I can go to SHADOW and find the detail they were looking for. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Cunningham Sent: Wednesday, June 23, 2004 11:31 PM To: 'Jon Baer'; focus-ids () securityfocus com; snort-users () lists sourceforge net Subject: [Snort-users] RE: Network Behaviour Anomoly Detection
SPADE would be one example...
Ntop could be used for this...
Spade + Snort is good for looking for anomolous port scans that have been randomized.. etc. Unfortunatly its not what I am looking for.. ntop can help track connections/ports but not provide the AI necessary to spot anmolies in network behaviour over time. I am really looking for something like Arbor Networks Peakflow X or Q1 Labs Qradar products. Both of which are pretty pricey in these tight budget times. They are designed to look at network connections between systems, what ports are used, how much traffic moves between systems, when all this occurs, etc.. Essentially they build up a profile of normal activity on your network over time.. and then if a something weird starts happening like a database starts talking to a system it never spoke to before, or a desktop starts making connections to hundreds of production systems.. it alerts you that something might be wrong. It's sorta like Sourcefires RNA product but much more focused on the anomaly AI part of looking at the information and much less focused on using network intelligence to correlate with ids events. Anyone interested in starting up an opensource project to build something like this? I think it is the perfect complement to a signature based IDS system. It can detect traffic that looks normal to an IDS system but may actually be malicious.. Example: a developer runs sql queries against your main production database at 3am to steal all the credit cards from it and resell on the Internet. An IDS system wouldn't normally say anything about this since it isnt a defined signature event. But a Network Behaviour Anomaly detection system would alert indicating that it is not normal for that developer workstation to be making a connection to a production Oracle server from their desktop at 3am and retrieveing such a large amount of data. Thanks, Mike ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --__--__-- Message: 6 Date: Thu, 24 Jun 2004 07:08:02 -0400 From: security () jonbaer net To: snort-users () lists sourceforge net Subject: Re: [Snort-users] RE: Network Behaviour Anomoly Detection I like this idea and was pretty much what I used Snort for in the beginning (detecting bad login attempts on production servers - something which should never happen) ... however ... what I think you describe and what pertains more to it is just building a better "security policy" around you network, you could probably build a GUI around Snort telling it about the policy ... that is what you really are keeping alerts for, anomalies against any given policy. Im not knocking you idea but it sounds more like an opportunity to apply the base of Snort to a tool which colaborates w/ people, procedures, and policy. - Jon On Wed, Jun 23, 2004 at 11:31:26PM -0400, Michael Cunningham wrote:
Anyone interested in starting up an opensource project to build something like this? I think it is the perfect complement to a signature based IDS system. It
can
detect traffic that looks normal to an IDS system but may actually be malicious.. Example: a developer runs sql queries against your main production
database
at 3am to steal all the credit cards from it and resell on the Internet. An IDS system wouldn't normally say anything about this since it isnt a defined signature event. But a Network Behaviour Anomaly detection system would alert
-- pgp key: http://www.jonbaer.net/jonbaer.asc fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47 --__--__-- Message: 7 From: "Jeff Dell" <jdell () activeworx com> To: <snort-users () lists sourceforge net>, <snort-announce () lists sourceforge net> Date: Thu, 24 Jun 2004 08:30:23 -0400 Subject: [Snort-users] IDS Policy Manager 1.4 Released I am pleased to announce the final release of IDS Policy Manager 1.4 for Windows 2000/XP. IDS Policy Manager was designed to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the text configuration and rule files and allow you to modify them with an easy to use graphical interface. With the added ability to merge new rule sets, manage preprocessors, control output modules and scp rules to sensors, this tool makes managing snort easy for most security professionals. This new release of IDS Policy Manager has added some nice features and fixed a few bugs. Some of the new features include: o. Support for Snort 2.1 Preprocessors o. Test Policy before upload o. Quick access to ACID from within the app o. Rewritten documentation o. Add rules to multiple policies at once You can download this free software at: http://www.activeworx.org Regards, Jeff Dell Activeworx, Inc. --__--__-- Message: 8 Subject: RE: [Snort-users] Barnyard not inserting into acid_* Date: Thu, 24 Jun 2004 08:39:33 -0400 From: "VanBrecht, Jason" <Jason.VanBrecht () ost dot gov> To: <tech () wildcash com>, "sekure" <sekure () gmail com> Cc: <snort-users () lists sourceforge net> Barnyard does not populate the acid_* tables, acid does that itself, when you load the page, it pulls data from the snort db tables, and dumps them into the acid tables. Atleast that's how mine is setup. Jason van Brecht Security Analyst Department of Transportation -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rudi Starcevic Sent: Wednesday, June 23, 2004 8:28 PM To: sekure Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Barnyard not inserting into acid_* Hi, Thanks for you reply. I've looked into it further but still no joy. Sorry to bother - I'm sure I have either a simple miss config I keep=20 missing or perhaps something underneath not happy on FreeBSD.
You only need log_acid_db, since alert_acid_db will only duplicate the=20 entries... But that's not the root of your issue. =20
The only ouput filter I have in barnyard.conf is:
output alert_acid_db: mysql, sensor_id 1, database snort, server=20
localhost, user root, password xxxx, detail full
After running:
/usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf
-o /var/log/snort/snort.log.1087948218
Barnyard connects to mysql OK.
There are no error in my mysql or php log files.
Here is some line from wildpass.log ( mysql log )
10 Query INSERT INTO udphdr (sid, cid, udp_sport, udp_dport)
VALUES('1', '9735', '1376', '1434')
10 Query SELECT sig_id FROM signature WHERE sig_name=3D'MS-SQL =
Worm
propagation attempt OUTBOUND' AND sig_rev=3D0 AND sig_sid=3D2004
10 Query INSERT INTO event(sid, cid, signature, timestamp)
VALUES('1', '9736', '2', '2004-06-23 17: 52:55')
10 Query INSERT INTO iphdr(sid, cid, ip_src, ip_dst, ip_proto)
VALUES('1', '9736', '2898447641', '1122407842', '17')
So I'm sure I can connect OK and no error messages but still no insert=20
in acid_*.
The acid console connects OK but no stats on screen.
Hmm ... might have to go try on another machine as I'm a bit stumped.
Thanks
Regards
Rudi.
Do you have the snort database and tables created in the database? Can you connect to the database with mysql client with the root user and manipulate the tables? Enable error logging on the mysql server and see what barnyard is trying to do. On Wed, 23 Jun 2004 12:20:00 +1000, Rudi Starcevic <tech () wildcash com>=20 wrote: =20Hi, I've got Snort, Mysql, Acid and Barnyard installed and running OK on=20 FreeBSD with one small hitch. So far I'm unable to get Barnyard to=20 insert into any of the 4 acid_* tables. I can't see where I'm going wrong and have been trying on and off for=20 a couple days so I though I'd ask. After running the commands: /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.alert.1087948218 /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.log.1087948218 The binary log files are processed without error but no data is=20 inserted into the acid tables, only the standard snort tables. I have this in my snort.conf: output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 and this in my barnyard.conf: output alert_acid_db: mysql, sensor_id 1, database snort, server=20 localhost, user root, password xxxxx, detail full output log_acid_db:=20 mysql, sensor_id 1, database snort, server localhost, user root,=20 password xxxxx, detail full Can you see where I may be going wrong and how I may fix it ?? Many thanks Kind regards Rudi. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend=20 Black Hat Briefings & Training, Las Vegas July 24-29 - digital self=20 defense, top technical experts, no vendor pitches, unmatched=20 networking opportunities. Visit www.blackhat.com=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:=20 https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:=20 http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users =20------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend=20 Black Hat Briefings & Training, Las Vegas July 24-29 - digital self=20 defense, top technical experts, no vendor pitches, unmatched networking
opportunities. Visit www.blackhat.com=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:=20 https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:=20 http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users =20
------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 -=20 digital self defense, top technical experts, no vendor pitches,=20 unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users --__--__-- Message: 9 Date: Thu, 24 Jun 2004 07:48:52 -0500 From: "Jason Fischer" <JFischer () kaytee com> To: <sekure () gmail com> Cc: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Alert file question Thanks, that did the trick! Jason
sekure <sekure () gmail com> 06/23/04 09:20AM >>>
I bet you have a script that rotates logs and snort just happens to be logging to that directory. Once the orignal file is zipped and a new one created, the inode or file handle, or however snort identifies the log file is changed. In short, you need to HUP snort to get it to look for the new file again. Or better yet, take that snort log file out of your log management script. On Wed, 23 Jun 2004 09:13:47 -0500, Jason Fischer <jfischer () kaytee com> = wrote:
=20 I'm using snort 2.1 on a Suse 9.1 system. Everything works great, =
except for a problem with the alert file. I'm using '-A fast' as my alert = option.
=20 Every morning at 4:15 am the alert file archives itself into a .gz file. =
The new alert file that gets created never goes about 20 bytes. This = empty file will then get archived into another .gz file and the process = starts again.
=20 My question is: Why does this new alert file remain empty? =20 Also, if I could set it up so the alert file doesn't archive itself =
every morning, that would great as well. I didn't see anything in = snort.conf that would allow for this.
=20 Thanks! =20 Jason =20 Confidentiality Notice: This e-mail contains information that is privileged and confidential and subject to legal restrictions and penalties regarding its unauthorized disclosure or other use. You are prohibited from copying, distributing or otherwise using this information if you are not the intended recipient. If you have received this e-mail in error, please notify us immediately by return e-mail and delete this e-mail and all attachments from your system. Thank you! =20 Kaytee Products, Inc. 521 Clay Street Chilton, WI 53014 (920)849-2321 =20 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com=20 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net=20 Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users=20 Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users=20
Confidentiality Notice: This e-mail contains information that is
privileged and confidential and subject to legal restrictions
and penalties regarding its unauthorized disclosure or other use.
You are prohibited from copying, distributing or otherwise using
this information if you are not the intended recipient.
If you have received this e-mail in error, please notify us
immediately by return e-mail and delete this e-mail and all
attachments from your system. Thank you!
Kaytee Products, Inc.
521 Clay Street
Chilton, WI 53014
(920)849-2321
--__--__--
Message: 10
Date: Thu, 24 Jun 2004 09:21:21 -0400
From: sekure <sekure () gmail com>
To: tech () wildcash com
Subject: Re: [Snort-users] Barnyard not inserting into acid_*
Cc: "VanBrecht, Jason" <jason.vanbrecht () ost dot gov>,
snort-users () lists sourceforge net
Yep, at this point it looks like your events are being imported into
the snort portion of the database, but acid is not processing them.
Take a look at your ACID config. I can't help you there, I use
OpenAanval. You might want to check it out. http://www.aanval.com
On Thu, 24 Jun 2004 08:39:33 -0400, VanBrecht, Jason
<jason.vanbrecht () ost dot gov> wrote:
Barnyard does not populate the acid_* tables, acid does that itself, when you load the page, it pulls data from the snort db tables, and dumps them into the acid tables. Atleast that's how mine is setup. Jason van Brecht Security Analyst Department of Transportation -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Rudi Starcevic Sent: Wednesday, June 23, 2004 8:28 PM To: sekure Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Barnyard not inserting into acid_* Hi, Thanks for you reply. I've looked into it further but still no joy. Sorry to bother - I'm sure I have either a simple miss config I keep missing or perhaps something underneath not happy on FreeBSD.You only need log_acid_db, since alert_acid_db will only duplicate the entries... But that's not the root of your issue.The only ouput filter I have in barnyard.conf is: output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root, password xxxx, detail full After running: /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.log.1087948218 Barnyard connects to mysql OK. There are no error in my mysql or php log files. Here is some line from wildpass.log ( mysql log ) 10 Query INSERT INTO udphdr (sid, cid, udp_sport, udp_dport) VALUES('1', '9735', '1376', '1434') 10 Query SELECT sig_id FROM signature WHERE sig_name='MS-SQL Worm propagation attempt OUTBOUND' AND sig_rev=0 AND sig_sid=2004 10 Query INSERT INTO event(sid, cid, signature, timestamp) VALUES('1', '9736', '2', '2004-06-23 17: 52:55') 10 Query INSERT INTO iphdr(sid, cid, ip_src, ip_dst, ip_proto) VALUES('1', '9736', '2898447641', '1122407842', '17') So I'm sure I can connect OK and no error messages but still no insert in acid_*. The acid console connects OK but no stats on screen. Hmm ... might have to go try on another machine as I'm a bit stumped. Thanks Regards Rudi.Do you have the snort database and tables created in the database? Can you connect to the database with mysql client with the root user and manipulate the tables? Enable error logging on the mysql server and see what barnyard is trying to do. On Wed, 23 Jun 2004 12:20:00 +1000, Rudi Starcevic <tech () wildcash com> wrote:Hi, I've got Snort, Mysql, Acid and Barnyard installed and running OK on FreeBSD with one small hitch. So far I'm unable to get Barnyard to insert into any of the 4 acid_* tables. I can't see where I'm going wrong and have been trying on and off for a couple days so I though I'd ask. After running the commands: /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.alert.1087948218 /usr/local/barnyard/bin/barnyard -c /usr/local/snort/etc/barnyard.conf -o /var/log/snort/snort.log.1087948218 The binary log files are processed without error but no data is inserted into the acid tables, only the standard snort tables. I have this in my snort.conf: output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 and this in my barnyard.conf: output alert_acid_db: mysql, sensor_id 1, database snort, server localhost, user root, password xxxxx, detail full output log_acid_db: mysql, sensor_id 1, database snort, server localhost, user root, password xxxxx, detail full Can you see where I may be going wrong and how I may fix it ?? Many thanks Kind regards Rudi. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networkingopportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--__--__-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest This e-mail, and any attachments hereto, is intended only for use by the named addressee(s) and may contain legally privileged and/or confidential information. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this transmission in error, please notify me immediately and permanently delete the original and all copies and printouts of this e-mail.
Current thread:
- RE: Snort-users digest, Vol 1 #4337 - 10 msgs Chet Patel (Jun 24)