|
Mailing List Archive For snort-sigs@snort.org Jun 2003 By Subject- [Snort-sigs] "MS-SQL ping attempt" is illegal or not?
- [Snort-sigs] A question about Snort
- [Snort-sigs] anyone have more detail other than window size of 55808 to craft a snort rule for this
- [Snort-sigs] Bit Torrent signature
- [Snort-sigs] categorizing snort signatures
- [Snort-sigs] Correction to signature 1227
- [Snort-sigs] Deleted Rules
- [Snort-sigs] Depth and multi content rule help.
- [Snort-sigs] doc of rules
- [Snort-sigs] Document for Rule 268 DOS Jolt attack
- [Snort-sigs] Documentation (#1325)
- [Snort-sigs] Documentation (#502)
- [Snort-sigs] Documentation (rule #500)
- [Snort-sigs] documentation (sid 522)
- [Snort-sigs] documentation for rule 492
- [Snort-sigs] Documentation SID 291
- [Snort-sigs] Documentation: SID 268
- [Snort-sigs] Documentation: SID 274
- [Snort-sigs] Documentation: SID 286
- [Snort-sigs] Documentation: SID 287
- [Snort-sigs] Documentation: SID 288
- [Snort-sigs] Documentation: SID 289
- [Snort-sigs] Documentation: SID 290
- [Snort-sigs] Documentation: SID 293
- [Snort-sigs] Documentation: SID 355
- [Snort-sigs] Documentation: SID 629
- [Snort-sigs] Duplicate sids in deleted.rules
- [Snort-sigs] Edonkey - port 4662
- [Snort-sigs] false +ves for IMAP login overflow (SID 1993)
- [Snort-sigs] False +ves with sid 1882 with possible fix
- [Snort-sigs] False Positive for SID 1322: bad frag bits
- [Snort-sigs] false positives for MISC BGP invalid length
- [Snort-sigs] help about snort_inline
- [Snort-sigs] IANA reserved IP address rules?
- [Snort-sigs] logical operators and snort rules
- [Snort-sigs] Missing attachment
- [Snort-sigs] Mistake in SID 379
- [Snort-sigs] More documents in waiting
- [Snort-sigs] Nemesis 1.4 beta3 released
- [Snort-sigs] New rule: SCAN 55808 Trojan scan
- [Snort-sigs] new user group
- [Snort-sigs] nocase
- [Snort-sigs] Oinkmaster questions
- [Snort-sigs] P2P Signature for Edonkey/Emule
- [Snort-sigs] PID
- [Snort-sigs] PortScan
- [Snort-sigs] Problems with SID 2161
- [Snort-sigs] Proposed change to icmp-info.rules
- [Snort-sigs] Question about rule semantic
- [Snort-sigs] Question on SID 285
- [Snort-sigs] question regarding web-iis rule NOT triggering..
- [Snort-sigs] Questions and Sig 1313 documentation
- [Snort-sigs] remove me from your list
- [Snort-sigs] Rule #501 (lssre)
- [Snort-sigs] Rule documentation
- [Snort-sigs] Rule Documentation - Rules of engagement
- [Snort-sigs] Rule Documentation - teardrop correction
- [Snort-sigs] rule documentation for
- [Snort-sigs] rule documentation for ATTACK-RESPONSES successful gobbles ssh exploit (uname)
- [Snort-sigs] rule documentation for DNS named iquery attempt
- [Snort-sigs] rule documentation for FTP ADMw0rm ftp login attempt
- [Snort-sigs] rule documentation for FTP iss scan
- [Snort-sigs] rule documentation for FTP saint scan
- [Snort-sigs] rule documentation for FTP SATAN scan
- [Snort-sigs] rule documentation for FTP SITE NEWER attempt
- [Snort-sigs] rule documentation for MISC Invalid PCAnywhere Login
- [Snort-sigs] rule documentation for MISC xdmcp query
- [Snort-sigs] rule documentation for MISC xfs overflow attempt
- [Snort-sigs] rule documentation for NETBIOS SMB C$ access
- [Snort-sigs] rule documentation for PORN free XXX
- [Snort-sigs] rule documentation for TELNET SGI telnetd format bug
- [Snort-sigs] rule documentation for WEB-CGI mrtg.cgi directory traversal attempt
- [Snort-sigs] rule documentation for WEB-CGI Oracle reports CGI access
- [Snort-sigs] rule documentation for WEB-CGI php.cgi access
- [Snort-sigs] rule documentation for WEB-CLIENT Javascript URL host spoofing attempt
- [Snort-sigs] rule documentation for WEB-MISC apache ?M=D directory list attempt
- [Snort-sigs] rule documentation for WEB-MISC carbo.dll access
- [Snort-sigs] rule documentation for WEB-MISC CISCO VoIP DOS ATTEMPT
- [Snort-sigs] rule documentation for WEB-MISC Oracle XSQLConfig.xml access
- [Snort-sigs] Rule Proposal "Kazaa Supernode Event"
- [Snort-sigs] Sensor
- [Snort-sigs] SID 1042 false positives: WEB-IIS view source via translate header"
- [Snort-sigs] SID 1043 documentation
- [Snort-sigs] SID 1050 documentation
- [Snort-sigs] SID 1071 documentation
- [Snort-sigs] SID 1103 documentation
- [Snort-sigs] SID 111
- [Snort-sigs] SID 1129 documentation
- [Snort-sigs] SID 114
- [Snort-sigs] SID 1156 change recommendation
- [Snort-sigs] SID 1227
- [Snort-sigs] SID 1497 documentation
- [Snort-sigs] SID 1544 documentation
- [Snort-sigs] SID 1546 documentation
- [Snort-sigs] SID 1667 documentation
- [Snort-sigs] SID 1808 documentation
- [Snort-sigs] SID 1808 documentation revised
- [Snort-sigs] SID 1809 documentation
- [Snort-sigs] SID 1828 change needed
- [Snort-sigs] SID 1828 documentation
- [Snort-sigs] SID 184 False Posiitives : "WEB-CLIENT Javascript URL host spoofing attemp "
- [Snort-sigs] SID 1852 documentation
- [Snort-sigs] SID 1857 documentation
- [Snort-sigs] SID 1882 False Posiitives : "ATTACK-RESPONSES i d check returned userid "
- [Snort-sigs] SID 1882 False Posiitives : "ATTACK-RESPONSES id check returned userid "
- [Snort-sigs] SID 2161
- [Snort-sigs] SID 284
- [Snort-sigs] SID 285
- [Snort-sigs] SID 291
- [Snort-sigs] SID 295
- [Snort-sigs] SID 295-299
- [Snort-sigs] SID 368 (my contribution #3)
- [Snort-sigs] SID 369 (my contribution #4)
- [Snort-sigs] SID 370 (my contribution #5)
- [Snort-sigs] SID 371 (my contribution #6)
- [Snort-sigs] SID 372 (my contribution #7)
- [Snort-sigs] SID 373 (my contribution #8)
- [Snort-sigs] SID 374, 9 of 20
- [Snort-sigs] SID 375, 10 of 20
- [Snort-sigs] SID 376, 11 of 20
- [Snort-sigs] SID 377, 12 of 20
- [Snort-sigs] SID 378, 13 of 20
- [Snort-sigs] SID 379, 14 of 20
- [Snort-sigs] SID 380, 15 of 20
- [Snort-sigs] SID 381, 16 of 20
- [Snort-sigs] SID 382, 17 of 20
- [Snort-sigs] SID 384, 18 of 20
- [Snort-sigs] SID 385, 19 of 20
- [Snort-sigs] Sid 456 and 385 documentation change
- [Snort-sigs] SID 456, 20 of 20
- [Snort-sigs] SID 465
- [Snort-sigs] SID 466
- [Snort-sigs] SID 467
- [Snort-sigs] SID 476
- [Snort-sigs] SID 481
- [Snort-sigs] SID 482
- [Snort-sigs] SID 483
- [Snort-sigs] SID 484
- [Snort-sigs] SID 715
- [Snort-sigs] SID 716
- [Snort-sigs] SID 717
- [Snort-sigs] SID 718
- [Snort-sigs] SID 719
- [Snort-sigs] SID 720
- [Snort-sigs] SID 793
- [Snort-sigs] SID: 366 (my contribution #2)
- [Snort-sigs] Sig 1313 documentation and questions
- [Snort-sigs] Signature Definition #1023, 15 of 20
- [Snort-sigs] Signature Definition #1201, 16 of 20
- [Snort-sigs] Signature Definition #1227 , 16 of 20
- [Snort-sigs] Signature Definition #1760 , 19 of 20
- [Snort-sigs] Signature Definition #1945 , 20 of 20
- [Snort-sigs] Signature Definition #354, 1 of 20
- [Snort-sigs] Signature Definition #358, 2 of 20
- [Snort-sigs] Signature Definition #359, 3 of 20
- [Snort-sigs] Signature Definition #458, 4 of 20
- [Snort-sigs] Signature Definition #460, 5 of 20
- [Snort-sigs] Signature Definition #460, 5 of 20 and Signature Definition # 458
- [Snort-sigs] Signature Definition #462, 6 of 20
- [Snort-sigs] Signature Definition #489, 7 of 20
- [Snort-sigs] Signature Definition #507, 8 of 20
- [Snort-sigs] Signature Definition #549, 10 of 20
- [Snort-sigs] Signature Definition #553, 11 of 20
- [Snort-sigs] Signature Definition #556, 9 of 20
- [Snort-sigs] Signature Definition #717, 12 of 20
- [Snort-sigs] Signature Definition #718, 14 of 20
- [Snort-sigs] Signature Definition #719, 13 of 20
- [Snort-sigs] Signaure Hiccup
- [Snort-sigs] sigs documentation
- [Snort-sigs] sigs for MSM via proxies
- [Snort-sigs] SMB Login Failure
- [Snort-sigs] SMTP rcpt to sed command attempt
- [Snort-sigs] SNORT
- [Snort-sigs] snort rule documentation (#492)
- [Snort-sigs] snort rule documentation (#522)
- [Snort-sigs] Snort Rules Contributions
- [Snort-sigs] snort rules.
- [Snort-sigs] snort-rules CURRENT update @ Fri Jun 13 14:26:56 2003
- [Snort-sigs] snort-rules CURRENT update @ Mon Jun 9 09:28:21 2003
- [Snort-sigs] snort-rules CURRENT update @ Sat Jun 14 00:17:06 2003
- [Snort-sigs] snort-rules CURRENT update @ Sun Jun 1 21:15:27 2003
- [Snort-sigs] snort-rules CURRENT update @ Sun Jun 15 01:16:51 2003
- [Snort-sigs] snort-rules CURRENT update @ Sun Jun 8 03:34:04 2003
- [Snort-sigs] snort-rules CURRENT update @ Thu Jun 5 11:15:37 2003
- [Snort-sigs] snort-rules STABLE update @ Fri Jun 13 14:26:56 2003
- [Snort-sigs] snort-rules STABLE update @ Mon Jun 9 09:28:21 2003
- [Snort-sigs] snort-rules STABLE update @ Sat Jun 14 00:17:06 2003
- [Snort-sigs] snort-rules STABLE update @ Sun Jun 1 21:15:27 2003
- [Snort-sigs] snort-rules STABLE update @ Sun Jun 15 01:16:51 2003
- [Snort-sigs] snort-rules STABLE update @ Sun Jun 8 03:34:04 2003
- [Snort-sigs] snort-rules STABLE update @ Thu Jun 5 11:15:37 2003
- [Snort-sigs] Sobig.E variant
- [Snort-sigs] some new signatures to consider
- [Snort-sigs] Submit new detection engine?
- [Snort-sigs] Successful anonymous ftp login rules...
- [Snort-sigs] T-shirt!
- [Snort-sigs] tcp window size 55808 SYN packets
- [Snort-sigs] Traceroute test
- [Snort-sigs] Using snort to stop SMTP dictionary attacks
- [Snort-sigs] Using snort to stop SMTP dictionary attacks]
- [Snort-sigs] W32.Bugbear.B@mm Signature
- [Snort-sigs] W32.Mumu.B.Worm Patterns (BETA)
- [Snort-sigs] W32/MoFei.worm
- [Snort-sigs] Web service rules
- [Snort-sigs] Window size
- [Snort-sigs] WinMX connections and packet capture
- [Snort-sigs] WinXP remote desktop rules--newbie help
- [Snort-sigs] worm_sobig.c?
- [Snort-sigs] write rule documentation, get a t-shirt
- [Snort-sigs] Wrm.exe, Backdoor.Wollf.16 (AVP)
- [Snort-users] Oinkmaster questions
- [Snort-users] SMB login Failure
- anyone have more detail other than window size of 55808 to c raft a snort rule for this
- anyone have more detail other than window size of 55808 to craft a snort rule for this
- Depth and multi content rule help.
- nocase
- Question on SID 285
- RES: [Snort-sigs] W32.Bugbear.B@mm Signature
- Signature Definition #1227 , 17 of 20
- Signature Definition #1432 , 18 of 20
- Your application
|
