Mailing List Archive For snort-sigs@snort.org Apr 2003 By Subject

• [Snort-sigs] Apologize
  • Jose Ramon Hernandez Macias (Mon Apr 07 2003 - 18:25:00 EDT)
• [Snort-sigs] cmd.exe and iisamples
  • Robert Reid (Wed Apr 23 2003 - 15:39:28 EDT)
  • Jerry.L.Rose(at)saj02.usace.army.mil (Wed Apr 23 2003 - 15:07:37 EDT)
  • L. Christopher Luther (Wed Apr 23 2003 - 15:02:26 EDT)
  • Esler, Joel Contractor (Wed Apr 23 2003 - 14:42:52 EDT)
  • Bryan Irvine (Wed Apr 23 2003 - 14:12:49 EDT)
• [Snort-sigs] creating new sigs [newbie]
  • Chris Hare, CISSP, CISA (Sat Apr 05 2003 - 12:40:15 EST)
  • Matt Kettler (Sat Apr 05 2003 - 12:07:14 EST)
  • Chris Hare, CISSP, CISA (Sat Apr 05 2003 - 08:33:16 EST)
• [Snort-sigs] David Kibilka/Networking/Willich/Datasystems ist außer Haus.
  • dkibilka(at)Datasystems.de (Sun Apr 13 2003 - 02:00:03 EDT)
  • dkibilka(at)Datasystems.de (Sat Apr 12 2003 - 02:00:03 EDT)
• [Snort-sigs] Demande d'aide
  • John Hally (Mon Apr 07 2003 - 14:19:06 EDT)
  • Saad Kadhi (Mon Apr 07 2003 - 11:40:39 EDT)
  • Esler, Joel Contractor (Mon Apr 07 2003 - 10:38:41 EDT)
  • Joe Stewart (Mon Apr 07 2003 - 10:22:26 EDT)
  • Dari Dorine (Sun Apr 06 2003 - 12:27:59 EDT)
• [Snort-sigs] False Positive on SMTP HELO Overflow
  • Jason Haar (Wed Apr 30 2003 - 17:05:07 EDT)
  • Matthew Callaway (Tue Apr 29 2003 - 15:20:05 EDT)
  • Erik Alexander Løkken (Tue Apr 29 2003 - 20:10:31 EDT)
  • Matt Kettler (Mon Apr 28 2003 - 16:54:16 EDT)
  • Ron Shuck (Mon Apr 28 2003 - 16:10:04 EDT)
• [Snort-sigs] ftp rules question - why only external to intern al?
  • Matt Kettler (Fri Apr 25 2003 - 17:53:25 EDT)
  • Jerry.L.Rose(at)saj02.usace.army.mil (Fri Apr 25 2003 - 13:15:06 EDT)
  • L. Christopher Luther (Fri Apr 25 2003 - 11:43:14 EDT)
• [Snort-sigs] ftp rules question - why only external to internal?
  • Terence Runge (Fri Apr 25 2003 - 13:08:36 EDT)
  • Brian (Fri Apr 25 2003 - 13:08:56 EDT)
  • Jerry.L.Rose(at)saj02.usace.army.mil (Fri Apr 25 2003 - 10:35:29 EDT)
• [Snort-sigs] Hotmail
  • ricardo(at)datawan.net (Thu Apr 03 2003 - 15:02:29 EST)
• [Snort-sigs] I'm very new to snort, please help
  • Ray Pierce (Fri Apr 11 2003 - 09:59:31 EDT)
• [Snort-sigs] Issue with rule sid 255
  • Geoff Craig (Fri Apr 25 2003 - 11:37:08 EDT)
  • Brian (Fri Apr 25 2003 - 11:45:36 EDT)
  • Geoff Craig (Fri Apr 25 2003 - 09:53:43 EDT)
  • Brian (Fri Apr 25 2003 - 09:43:53 EDT)
  • Geoff Craig (Tue Apr 22 2003 - 11:50:08 EDT)
• [Snort-sigs] jackhammer
  • Danny Shurett (Fri Apr 18 2003 - 23:03:22 EDT)
• [Snort-sigs] Jose Ramon Hernandez Macias/Sistemas/Megacentro/Alestra is out of the office.
  • Jose Ramon Hernandez Macias (Thu Apr 03 2003 - 17:06:25 EST)
  • James Ainslie (Thu Apr 03 2003 - 07:30:00 EST)
  • Jose Ramon Hernandez Macias (Wed Apr 02 2003 - 23:57:50 EST)
  • Alberto Gonzalez (Thu Apr 03 2003 - 01:48:22 EST)
  • Michael Scheidell (Wed Apr 02 2003 - 22:46:01 EST)
  • Jose Ramon Hernandez Macias (Wed Apr 02 2003 - 15:51:45 EST)
• [Snort-sigs] logging session using tagging
  • Erek Adams (Tue Apr 29 2003 - 09:43:37 EDT)
  • Christophe VG (Tue Apr 29 2003 - 09:46:10 EDT)
  • Christophe VG (Mon Apr 28 2003 - 10:23:38 EDT)
• [Snort-sigs] Lots of triggers from NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt
  • Johnathan Norman (Thu Apr 24 2003 - 01:01:26 EDT)
  • Brian (Wed Apr 23 2003 - 01:40:44 EDT)
  • Johnathan Norman (Tue Apr 22 2003 - 23:59:24 EDT)
  • Ian Macdonald (Tue Apr 22 2003 - 17:02:14 EDT)
• [Snort-sigs] Lovgate.F port 445 rule
  • Tom.Mclaughlin(at)kp.org (Mon Apr 28 2003 - 15:17:18 EDT)
• [Snort-sigs] Lovgate.F rule
  • Tom.Mclaughlin(at)kp.org (Mon Apr 28 2003 - 15:15:05 EDT)
• [Snort-sigs] Mark Fuller/US/ABNAMRO/NL is out of the office.
  • mark.fuller(at)abnamro.com (Thu Apr 17 2003 - 01:24:34 EDT)
  • mark.fuller(at)abnamro.com (Wed Apr 16 2003 - 23:31:34 EDT)
• [Snort-sigs] Mike Sands/ITS/Element K is out of the office.
  • Matt Kettler (Fri Apr 25 2003 - 12:13:37 EDT)
  • Michael Scheidell (Fri Apr 25 2003 - 09:40:40 EDT)
  • Esler, Joel Contractor (Fri Apr 25 2003 - 08:47:29 EDT)
  • Michael Scheidell (Fri Apr 25 2003 - 07:12:23 EDT)
  • Mike_Sands(at)elementk.com (Fri Apr 25 2003 - 05:07:27 EDT)
• [Snort-sigs] more on logs
  • Nigel Houghton (Mon Apr 28 2003 - 07:57:02 EDT)
  • L. Christopher Luther (Fri Apr 25 2003 - 11:39:04 EDT)
  • Hugo van der Kooij (Thu Apr 24 2003 - 19:26:06 EDT)
  • Bryan Irvine (Thu Apr 24 2003 - 18:52:21 EDT)
• [Snort-sigs] Netbios rules are case sensitive?
  • Jason Haar (Wed Apr 30 2003 - 18:08:17 EDT)
• [Snort-sigs] netric/eSDee dhcpd exploit rule.
  • Alberto Gonzalez (Thu Apr 10 2003 - 10:30:16 EDT)
• [Snort-sigs] New SMB_COM_TRANSACTION alerts look pretty "broken"
  • Brian (Fri Apr 11 2003 - 02:48:10 EDT)
  • Jason Haar (Sun Apr 06 2003 - 18:00:45 EDT)
• [Snort-sigs] newbie post
  • Matt Kettler (Mon Apr 14 2003 - 18:25:33 EDT)
  • Bryan Irvine (Fri Apr 11 2003 - 16:16:04 EDT)
  • Bryan Irvine (Mon Apr 07 2003 - 19:50:27 EDT)
• [Snort-sigs] newbie quistion
  • Matt Kettler (Wed Apr 16 2003 - 22:35:20 EDT)
  • David Davis (Wed Apr 16 2003 - 21:20:13 EDT)
• [Snort-sigs] newby quistin
  • Matt Kettler (Wed Apr 16 2003 - 12:54:39 EDT)
• [Snort-sigs] P2P Question
  • Dirk Mueller (Wed Apr 16 2003 - 15:19:52 EDT)
  • Trevor Daucsavage (Wed Apr 16 2003 - 14:19:28 EDT)
• [Snort-sigs] porn.rules
  • Bryan Irvine (Mon Apr 28 2003 - 20:33:05 EDT)
  • Bryan Irvine (Mon Apr 28 2003 - 18:29:25 EDT)
• [Snort-sigs] Possible rule for samba-2.2.XX exploit
  • Jacob Hurley (Fri Apr 11 2003 - 09:18:03 EDT)
  • Joerg Weber (Fri Apr 11 2003 - 06:21:22 EDT)
  • Brian (Fri Apr 11 2003 - 02:54:47 EDT)
  • Joerg Weber (Thu Apr 10 2003 - 05:31:35 EDT)
• [Snort-sigs] Problems with SID 1432
  • Sam Evans (Wed Apr 16 2003 - 11:45:39 EDT)
• [Snort-sigs] Problems with SID 498: ATTACK RESPONSES id check returned root
  • Russell Fulton (Fri Apr 11 2003 - 17:27:58 EDT)
  • Sam Evans (Fri Apr 11 2003 - 15:27:42 EDT)
  • Chris Green (Fri Apr 11 2003 - 14:42:50 EDT)
  • Kenneth G. Arnold (Fri Apr 11 2003 - 13:18:42 EDT)
  • Sam Evans (Fri Apr 11 2003 - 12:45:19 EDT)
  • Jacob Hurley (Fri Apr 11 2003 - 12:39:17 EDT)
  • Sam Evans (Fri Apr 11 2003 - 12:18:23 EDT)
  • Esler, Joel Contractor (Fri Apr 11 2003 - 11:22:07 EDT)
  • Kenneth G. Arnold (Fri Apr 11 2003 - 10:42:28 EDT)
  • Sam Evans (Fri Apr 11 2003 - 10:14:43 EDT)
• [Snort-sigs] Proposed sig to spot internal Klez infections
  • Kenneth G. Arnold (Thu Apr 03 2003 - 16:06:31 EST)
• [Snort-sigs] Question about sid: 1002
  • Jacob Hurley (Fri Apr 04 2003 - 19:40:53 EST)
  • Daniel J. Roelker (Fri Apr 04 2003 - 09:29:53 EST)
  • Michael Boman (Fri Apr 04 2003 - 09:15:32 EST)
  • Jacob Hurley (Thu Apr 03 2003 - 21:10:21 EST)
  • Paul Schmehl (Thu Apr 03 2003 - 17:26:42 EST)
  • Brian (Thu Apr 03 2003 - 16:19:49 EST)
  • Paul Schmehl (Thu Apr 03 2003 - 15:54:39 EST)
  • Daniel J. Roelker (Thu Apr 03 2003 - 14:05:52 EST)
  • daniel.clemens (Thu Apr 03 2003 - 08:16:12 EST)
  • Paul Schmehl (Thu Apr 03 2003 - 12:29:05 EST)
  • Brian (Thu Apr 03 2003 - 10:05:32 EST)
  • Paul Schmehl (Wed Apr 02 2003 - 18:13:26 EST)
• [Snort-sigs] Questions 101
  • Matt Kettler (Thu Apr 03 2003 - 16:42:18 EST)
  • Matt Kettler (Thu Apr 03 2003 - 16:44:19 EST)
  • Esler, Joel Contractor (Thu Apr 03 2003 - 15:56:32 EST)
  • Chris Green (Thu Apr 03 2003 - 16:04:49 EST)
  • Esler, Joel Contractor (Thu Apr 03 2003 - 15:20:13 EST)
• [Snort-sigs] Questions 101 & Dire Straits
  • JP Vossen (Fri Apr 04 2003 - 19:00:01 EST)
• [Snort-sigs] Quicktime Overflow Exploit Sig
  • SoloNet Newsfeed Processor (Wed Apr 02 2003 - 15:44:09 EST)
• [Snort-sigs] RADIUS attributes detection
  • desconocido(at)who.net (Fri Apr 04 2003 - 16:41:51 EST)
• [Snort-sigs] references for sid:220 (BACKDOOR HideSource backdoor attempt)
  • Carl Gibbons (Mon Apr 07 2003 - 13:02:23 EDT)
• [Snort-sigs] Rootkit signatures
  • Jukka Juslin (Fri Apr 04 2003 - 09:20:16 EST)
• [Snort-sigs] rule documentation
  • Brian (Fri Apr 11 2003 - 02:51:49 EDT)
  • Chris Green (Wed Apr 09 2003 - 09:10:07 EDT)
  • Johnathan Norman (Wed Apr 09 2003 - 07:06:25 EDT)
• [Snort-sigs] Rule for Sebek2 Traffic
  • Andrew Hintz \(Drew\) (Thu Apr 10 2003 - 20:35:10 EDT)
• [Snort-sigs] Sendmail Signature
  • Matt Kettler (Fri Apr 04 2003 - 16:28:43 EST)
  • Muhammad Faisal Rauf Danka (Fri Apr 04 2003 - 16:16:10 EST)
  • Bennett Todd (Fri Apr 04 2003 - 08:41:30 EST)
  • linux snort (Fri Apr 04 2003 - 03:41:54 EST)
  • linux snort (Thu Apr 03 2003 - 01:58:35 EST)
• [Snort-sigs] SID 1042 and WebDAV
  • Russell Fulton (Tue Apr 15 2003 - 19:04:38 EDT)
  • Jason Haar (Tue Apr 15 2003 - 18:44:31 EDT)
  • Scott, Joshua (Tue Apr 15 2003 - 18:04:27 EDT)
  • Scott, Joshua (Tue Apr 15 2003 - 15:14:48 EDT)
• [Snort-sigs] SID 1358
  • Anton Chuvakin (Thu Apr 17 2003 - 18:16:45 EDT)
• [Snort-sigs] SID 1359
  • Anton Chuvakin (Thu Apr 17 2003 - 18:17:22 EDT)
• [Snort-sigs] SID 1360
  • Anton Chuvakin (Thu Apr 17 2003 - 18:17:45 EDT)
• [Snort-sigs] SID 1361
  • Anton Chuvakin (Thu Apr 17 2003 - 18:18:07 EDT)
• [Snort-sigs] SID 1362
  • Anton Chuvakin (Thu Apr 17 2003 - 18:18:32 EDT)
• [Snort-sigs] SID 275: Eats CPU
  • Erek Adams (Wed Apr 02 2003 - 07:52:38 EST)
  • Lars Jørgensen IT (Wed Apr 02 2003 - 06:55:23 EST)
• [Snort-sigs] Sig for gpuser@home.com
  • John Hally (Mon Apr 07 2003 - 09:32:42 EDT)
  • JP Vossen (Sat Apr 05 2003 - 19:47:21 EST)
• [Snort-sigs] Sigs for /sumthin and Rst.b backdoor
  • Joe Stewart (Mon Apr 07 2003 - 18:01:12 EDT)
• [Snort-sigs] SMTP From Comment Overflow rule problems
  • Bob Dehnhardt (Fri Apr 11 2003 - 12:48:21 EDT)
  • Ron Shuck (Fri Apr 11 2003 - 08:56:02 EDT)
  • Jacob Hurley (Fri Apr 11 2003 - 02:53:09 EDT)
  • Ron Shuck (Mon Apr 07 2003 - 15:45:50 EDT)
• [Snort-sigs] snort 1.9.x signatures and snort 1.8.x signatures
  • William_Metcalf(at)kcmo.org (Wed Apr 09 2003 - 00:11:44 EDT)
• [Snort-sigs] Snort logs
  • Robson Paniago Vasconcelos (Wed Apr 23 2003 - 13:17:57 EDT)
  • Hugo van der Kooij (Wed Apr 23 2003 - 01:35:51 EDT)
  • Bryan Irvine (Tue Apr 22 2003 - 19:34:50 EDT)
• [Snort-sigs] Snort newbie having trouble with using rule for detecting WebDAV exploit
  • Matt Yackley (Thu Apr 10 2003 - 15:28:53 EDT)
  • Jason Richardson (Wed Apr 09 2003 - 00:41:28 EDT)
• [Snort-sigs] Snort sig for the Security bit?
  • Casper van Eersel (Tue Apr 01 2003 - 08:37:56 EST)
  • David T Hollis (Tue Apr 01 2003 - 08:19:54 EST)
• [Snort-sigs] Snort Signaturte option, byte_test and byte_jump
  • HQ-Amorelle Ong (Mon Apr 21 2003 - 02:50:06 EDT)
• [Snort-sigs] snort-rules CURRENT update @ Mon Apr 7 13:41:13 2003
  • bmc(at)snort.org (Mon Apr 07 2003 - 13:52:31 EDT)
• [Snort-sigs] snort-rules CURRENT update @ Thu Apr 3 15:18:07 2003
  • bmc(at)snort.org (Thu Apr 03 2003 - 15:28:43 EST)
• [Snort-sigs] snort-rules CURRENT update @ Tue Apr 1 06:25:07 2003
  • bmc(at)snort.org (Tue Apr 01 2003 - 06:35:16 EST)
• [Snort-sigs] snort-rules CURRENT update @ Wed Apr 16 20:16:11 2003
  • bmc(at)snort.org (Wed Apr 16 2003 - 20:16:11 EDT)
• [Snort-sigs] snort-rules CURRENT update @ Wed Apr 16 21:16:04 2003
  • bmc(at)snort.org (Wed Apr 16 2003 - 21:16:04 EDT)
• [Snort-sigs] snort-rules CURRENT update @ Wed Apr 2 17:20:39 2003
  • bmc(at)snort.org (Wed Apr 02 2003 - 17:31:05 EST)
• [Snort-sigs] snort-rules STABLE update @ Mon Apr 7 13:41:13 2003
  • Jacob Hurley (Tue Apr 08 2003 - 03:55:50 EDT)
  • bmc(at)snort.org (Mon Apr 07 2003 - 13:52:31 EDT)
• [Snort-sigs] snort-rules STABLE update @ Wed Apr 16 21:16:04 2003
  • bmc(at)snort.org (Wed Apr 16 2003 - 21:16:05 EDT)
• [Snort-sigs] snort-rules STABLE update @ Wed Apr 2 17:20:39 2003
  • bmc(at)snort.org (Wed Apr 02 2003 - 17:31:05 EST)
• [Snort-sigs] snortrules-current bug patches
  • Snort user (Fri Apr 04 2003 - 02:33:42 EST)
• [Snort-sigs] snortrules-stable bug patches
  • Matt Kettler (Fri Apr 04 2003 - 16:46:58 EST)
  • Michael Scheidell (Fri Apr 04 2003 - 13:49:13 EST)
  • Snort user (Fri Apr 04 2003 - 02:33:59 EST)
• [Snort-sigs] Strange ICMP Log
  • Ron Shuck (Tue Apr 22 2003 - 10:26:58 EDT)
• [Snort-sigs] Strange question
  • Matt Kettler (Wed Apr 23 2003 - 13:41:52 EDT)
  • Bennett Todd (Wed Apr 23 2003 - 13:17:14 EDT)
  • Bryan Irvine (Wed Apr 23 2003 - 12:01:04 EDT)
• [Snort-sigs] Suspected False Positives - SID 2102
  • Jeff Oliveto (Thu Apr 03 2003 - 16:40:47 EST)
• [Snort-sigs] tftp rules classtypes confusing
  • Chris Green (Thu Apr 10 2003 - 09:27:08 EDT)
  • Miller, Eoin (Wed Apr 09 2003 - 14:30:13 EDT)
• [Snort-sigs] Troj.KillAV Sig
  • Glen Joseph (Tue Apr 15 2003 - 11:46:13 EDT)
• [Snort-sigs] what does this command do?
  • Matt Kettler (Mon Apr 28 2003 - 14:11:12 EDT)
  • Schmehl, Paul L (Mon Apr 28 2003 - 12:59:02 EDT)
  • stormshadow (Sun Apr 27 2003 - 20:20:44 EDT)
• [Snort-sigs] WhiteHat Web Server Fingerprinter Signatures
  • Ryan.Barnett(at)atf.gov (Fri Apr 11 2003 - 09:49:19 EDT)
• newbie post
  • Mark Cooper (Sat Apr 12 2003 - 04:41:25 EDT)

  This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:09:16 EDT