[Snort-users] RE: Demarc Certified Open Signatures
This is a discussion on [Snort-users] RE: Demarc Certified Open Signatures within the Snort forums, part of the System Security and Security Related category; Your Snort rule description database appears to have been lifted from the snort website with only minor changes, at least ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-03-2005
|
|||
|
|||
[Snort-users] RE: Demarc Certified Open Signatures
Your Snort rule description database appears to have
been lifted from the snort website with only minor changes, at least for this example. http://www.snort.org/snort-db/sid.html?sid=1632 http://snort.demarc.com/signatures/C...on_Rules/1632/ Is it a stretch to call it "our" database? What is the % of original content there? (Meter by snort rule) > > Message: 2 > Date: Wed, 2 Mar 2005 15:04:04 -0800 (PST) > Subject: RE: [Snort-users] Demarc Certified Open > Signatures > From: "Demarc Security" <snort_ml@demarc.org> > To: <snort-users@lists.sourceforge.net> > <redacted> > > To Bamm's point on copyrights, The details about who > wrote/contributed to each > individual rule is available through our Snort rule > description database > interface at the community portal: > > http://snort.demarc.com/signatures/ > > As for the downloads, we originally had separate > contributer lines for each > individual rule to give everyone credit who worked > on the rules such as all > the people who have contributed rules on the > snort-sigs mailing list and all > the rules that originally came from whitehats, > however this made the file > bulky and hard to visually parse. We will however > have the script that > interfaces with the rules database and creates these > downloads reinsert the > general catchall line crediting marty, brian, "et > al" to make sure that there > is no misinterpretation of our intentions. > > Thanks for pointing that out! > > Ashlyn Reznik > Demarc Threat Research Team > Email: areznik@demarc.com > http://www.demarc.com/products/ > > > -------- Original Message -------- > Date: Wed, March 2, 2005 10:18 am > From: "Ron Jenkins" <rjenkins@dibr.net> > To: "Demarc Security" <snort_ml@demarc.org> > Subject: RE: [Snort-users] Demarc Certified Open > Signatures > > > Will oinkmaster work with the rules downloads? > > > > Thanks... > > > > -----Original Message----- > > From: snort-users-admin@lists.sourceforge.net > > [mailto:snort-users-admin@lists.sourceforge.net] > On Behalf Of Demarc > > Security > > Sent: Wednesday, March 02, 2005 12:09 PM > > To: snort-users@lists.sourceforge.net > > Subject: [Snort-users] Demarc Certified Open > Signatures > > > > > > > > > > Since our inception in 2001, Demarc has been > committed to promoting secure > > Internet use by providing free versions of our > products for users at home. > > We believe that because we use Open Source > technology such as Linux and > > Snort, > > that we should give back to the security community > as a whole. We have > > continued to fulfill this commitment, most > recently with the release of our > > Sentarus HomeAdmin Edition, which allows people to > deploy some of our latest > > security technology in their home lab environments > at no cost. > > > > In addition to our Sentarus and PureSecure > products, our customers have also > > benefited from the expertise of our Threat > Research Team which has, to date, > > been tasked with verifying rule stream updates and > educating customers on > > the > > detailed workings of Snort technology. In light of > some upcoming > > changes, > > we're now expanding our research team and formally > announcing our new > > "Certified Open Signatures" program. Our > Certified Open Signatures program, > > which will be universally available to the entire > community, is founded on > > these two principles: > > > > 1) Like the Snort program itself, the latest > rule signatures should > > always be available for free because > strong computer and network > > security are in everyone's best interests. > > > > 2) The best way for a company to serve a > community project is to > > remain true to the original goals of that > project and refrain from > > charging for vital components that have always > been > > community-driven and free. > > > > We make this announcement now, as we have recently > received notice from > > Sourcefire that, as of next week, early access to > all future Snort > > signatures > > they create will be based on a subscription model. > > > > The Sourcefire license changes as they were > presented to us are: > > > > - All rule updates will be a minimum of five > days older than those > > Sourcefire sells to their customers, and you > will be required to > > register to receive them or to wait for the next > major Snort release. > > > > - To receive the latest rules any sooner, you > will have to pay > > Sourcefire a rule subscription fee. > > > > We sincerely respect the efforts of the Sourcefire > Snort development group > > along with the numerous others who created the > base technology and rulesets > > that have made Snort a household name in the > security community. > > However, one > > of the greatest benefits of using Snort is the > community review process > > which > > will now be subject to an imposed arbitrary delay. > > > > At Demarc, our commitment to the security > community is simple: > > > > - Demarc will maintain > http://snort.demarc.com/ as a community > > portal > > for Snort signatures and Snort-based > technology. (This site is meant > > to augment and not replace snort.org or the > snort-sigs mailing list.) > > > > - Demarc will produce and revise rules, as > well as collaborate with > > active groups to bring together the best > rules from all community > > sources. User sites such as Bleeding Snort have > been at the forefront > > of new signature development and we view these > groups' contributions > > as invaluable. Our goal is to work with these > groups and to serve as > > the trusted source for certified, > > production level rulesets. > > > > - Demarc's Threat Research Team will continue > to provide the latest > > cutting-edge and Demarc Certified rules, > making them immediately > > available for public download and contribution. > > > > - Demarc will not charge for the download, > use, or modification of > > rules hosted on this site. > > > > Our community portal at http://snort.demarc.com/ > will continually evolve > > over > > the next several weeks to offer more features, > including direct user > > interaction. Our community portal will also become > the new home for the > > SPADE > > statistical packet anomaly detection project and > SnortSnarf, two > > projects > > originally managed by SiliconDefense and > subsequently transferred to Demarc. > > > > We welcome your support on these projects through > signature review and > > submissions, and, as with all community projects, > your feedback is always > > welcome to help make it better. > > > > Sincerely, > > > > > > Ashlyn Reznik > > Demarc Threat Research Team > > Email: areznik@demarc.com > > http://www.demarc.com/products/ > > > > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT > Products from real users. > > Discover which products truly live up to the hype. > Start reading now. > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or > unsubscribe: > > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > -------- End Original Message -------- > > > > > > --__--__-- > > Message: 3 > Subject: RE: [Snort-users] Snort isn't doing > anything.. > Date: Wed, 2 Mar 2005 17:11:45 -0600 > From: "Harper, Patrick" <Patrick.Harper@phns.com> > To: "Marc Hering" <mhering@reval.com>, > <snort-users@lists.sourceforge.net> > > Is it a true hub, some hubs are really switches=2E > The archives have a=0D= > =0Alot about this issue=2E What make and model? > =0D=0A=0D=0A-----Original = > Message-----=0D=0AFrom: Marc Hering > [mailto:mhering@reval=2Ecom] =0D=0ASent= > : Wednesday, March 02, 2005 4:09 PM=0D=0ATo: > snort-users@lists=2Esourceforg= > e=2Enet=0D=0ASubject: [Snort-users] Snort isn't > doing anything=2E=2E=0D=0A= > =0D=0AHey Everyone=2E=2E=2E=0D=0A=0D=0AI just setup > my first snort box runn= > ing on Fedora Core 3=2E I > installed=0D=0Aeverything, including ACID and st= > arted snort up=2E=2E=2EIt starts up just > fine=0D=0Aand a ps auxww |grep sno= > rt shows that the app is running=2E=2E=0D=0A > =0D=0A502 3740 0=2E7 14= > =2E5 41444 37196 ? Ss 16:56 > 0:01=0D=0A/usr/local/bin/snort -c /us= > r/local/snort/etc/snort=2Econf -i eth1 > -g=0D=0Asnortgroup -D -u snortuser= > =0D=0A=0D=0A =0D=0AHowever, If I run an nmap scan > (doesn't matter what opti= > ons) on any host=0D=0Aon my network (Snort can see > it, it's on a hub) it do= > esn't log anything=2E=0D=0ASo far it's only logged 1 > alert for a SQL scan= > =2E=2E I have tried updating=0D=0Athe rules to no > avail=2E=2E=2E=0D=0A =0D= > =0AMy snort=2Econf is the default out of the box > setup, the only things i= > =0D=0Ahave changed are as follows=0D=0A > =0D=0A***********************Chang= > ed items > in=0D=0Asnort=2Econf****************************** **=0D=0Avar > RULE= > _PATH /usr/local/snort/rules=0D=0A =0D=0A > =0D=0Aoutput database: log, mysql= > , > user=3Dthepropersnortuser=0D=0Apassword=3Dsnortuse rspassword > dbname=3Dthe= > snortdatabase host=3Dlocalhost=0D=0A (Names have > been changed to protect t= > he innocent :) )=0D=0A =0D=0A output alert_syslog: > LOG_LOCAL3=0D=0A output= > alert_fast: snort=2Elog=0D=0A output alert_full: > alert=2Efull=0D=0A*******= > *****************************************=0D=0A=0D =0A > =0D=0A =0D=0AFrom wha= > t I can understand=2E=2E=2E=2Ethis SHOULD work, is > there something I=0D=0Ah= > ave missed????=0D=0A > =0D=0AThanks=0D=0A=0D=0A=0D=0A=0D=0A------------------= > -----------------------=0D=0ADisclaimer: This > electronic message, includin= > g any attachments, is=0D=0Aconfidential and intended > solely for use of the = > intended recipient(s)=2E This=0D=0Amessage may > contain information that is = > privileged or otherwise protected=0D=0Afrom > disclosure by applicable law=2E= > Any unauthorized disclosure,=0D=0Adissemination, > use or reproduction is st= > rictly prohibited=2E If you have=0D=0Areceived this > message in error, pleas= > e delete it and notify the > sender=0D=0Aimmediately=2E=0D=0A > > > --__--__-- > > Message: 4 > To: Matt Kettler <mkettler@evi-inc.com> > Cc: snort-users@lists.sourceforge.net, > snort-users-admin@lists.sourceforge.net > Subject: Re: [Snort-users] uricontent questions > From: Brad W Rothwell <ROTHBW@inel.gov> > Date: Wed, 2 Mar 2005 16:29:22 -0700 > > This is a multipart message in MIME format. > --=_alternative 0080FA4187256FB8_= > Content-Type: text/plain; charset="US-ASCII" > > I changed it to a more generic form. > alert tcp any any <> any any (msg: "foo found"; > uricontent:"foo"; nocase;) > and it still does not trip an alert. Ideas? > > Brad Rothwell > INL/ICP Cyber Security > > > > > Matt Kettler <mkettler@evi-inc.com> > Sent by: snort-users-admin@lists.sourceforge.net > 03/02/2005 02:43 PM > > To > Brad W Rothwell <ROTHBW@inel.gov>, > snort-users@lists.sourceforge.net > cc > > Subject > Re: [Snort-users] uricontent questions > > > > > > > At 02:54 PM 3/2/2005, Brad W Rothwell wrote: > >All, I recently installed snort 2.3.0. My > understanding is that I can > >use uricontent to search for strings as they appear > in the browser > address > >location bar. For example, if the address location > is > ><http://foo.com/>http://foo.com the following rule > should alert. > > > >alert tcp any any <> $HTTP_SERVERS any (msg: "foo > found"; > >uricontent:"foo"; nocase;) > > > >I have http_inspect set to the following > >preprocessor http_inspect: global \ > > iis_unicode_map unicode.map 1252 > > > >preprocessor http_inspect_server: server default \ > > profile all ports { 80 8080 8180 } > oversize_dir_length 500 > flow_depth 0 > > > >The rule does not alert. Am I missing something. > > > what is HTTP_SERVERS set to? The above rule will > only alert if the server > for foo.com is actualy a part of that net range. > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT > Products from real users. > Discover which products truly live up to the hype. > Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or > unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > --=_alternative 0080FA4187256FB8_= > Content-Type: text/html; charset="US-ASCII" > > > <br><font size=2 face="sans-serif">I changed it to a > more generic form. > </font> > <br><font size=2><tt>alert tcp any any <> any > any (msg: "foo > found"; <br> > uricontent:"foo"; nocase;)</tt></font> > <br><font size=2><tt>and it still does not trip an > alert. Ideas?</tt></font> > <br> > <br><font size=2 face="sans-serif">Brad Rothwell<br> > INL/ICP Cyber Security<br> > </font> > <br> > <br> > <br> > <table width=100%> > <tr valign=top> > <td width=40%><font size=1 face="sans-serif"><b>Matt > Kettler <mkettler@evi-inc.com></b> > </font> > <br><font size=1 face="sans-serif">Sent by: > snort-users-admin@lists.sourceforge.net</font> > <p><font size=1 face="sans-serif">03/02/2005 02:43 > PM</font> > <td width=59%> > <table width=100%> > <tr valign=top> > <td> > <div align=right><font size=1 > face="sans-serif">To</font></div> > <td><font size=1 face="sans-serif">Brad W Rothwell > <ROTHBW@inel.gov>, > snort-users@lists.sourceforge.net</font> > <tr valign=top> > <td> > <div align=right><font size=1 > face="sans-serif">cc</font></div> > <td> > <tr valign=top> > <td> > <div align=right><font size=1 > face="sans-serif">Subject</font></div> > <td><font size=1 face="sans-serif">Re: [Snort-users] > uricontent questions</font></table> > <br> > <table> > <tr valign=top> > <td> > <td></table> > <br></table> > <br> > <br> > <br><font size=2><tt>At 02:54 PM 3/2/2005, Brad W > Rothwell wrote:<br> > >All, I recently installed snort 2.3.0. > My understanding > is that I can <br> > >use uricontent to search for strings as they > appear in the browser > address <br> > >location bar. For example, if the address > location is <br> > ><http://foo.com/>http://foo.com the > following rule should alert.<br> > ><br> > >alert tcp any any <> $HTTP_SERVERS any > (msg: "foo found"; > <br> > >uricontent:"foo"; nocase;)<br> > ><br> > >I have http_inspect set to the following<br> > >preprocessor http_inspect: global \<br> > > iis_unicode_map unicode.map > 1252<br> > ><br> > >preprocessor http_inspect_server: server default > \<br> > > profile all ports { 80 8080 8180 > } oversize_dir_length > 500 flow_depth 0<br> > ><br> > >The rule does not alert. Am I missing > something.<br> > <br> > <br> > what is HTTP_SERVERS set to? The above rule will > only alert if the server > <br> > for foo.com is actualy a part of that net range.<br> > <br> > <br> > <br> > <br> > <br> > -------------------------------------------------------<br> > SF email is sponsored by - The IT Product Guide<br> > Read honest & candid reviews on hundreds of IT > Products from real users.<br> > Discover which products truly live up to the hype. > Start reading now.<br> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click<br> > _______________________________________________<br > > Snort-users mailing list<br> > Snort-users@lists.sourceforge.net<br> > Go to this URL to change user options or > unsubscribe:<br> > https://lists.sourceforge.net/lists/listinfo/snort-users<br> > Snort-users list archive:<br> > http://www.geocrawler.com/redir-sf.php3?list=snort-users<br> > </tt></font> > <br> > --=_alternative 0080FA4187256FB8_=-- > > > --__--__-- > > Message: 5 > Date: Thu, 03 Mar 2005 00:30:32 +0100 > From: Laurent Haond <lhaond@bearstech.com> > To: snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] snort-inline and iptables > INPUT chain > > Big Thanks for your help Will ! > > Will Metcalf a écrit : > > >Nothing is showing up in your alert logs? Is it > just ssh or does this > >happen with all connections? Try the following.... > > > > > > > No alert, no dump. > It happen for all TCP connections ( tested http as > well) > It work for udp/icmp (dns queries / ping works ) > With advanced firewall rules, forwarded > tcp/udp/icmp/whatever > connections were OK. > but nothing works from lan to the snort box ... > (didn't try from > internet to the snort box) > > >iptables -F INPUT > >iptables -F OUPUT > >iptables -F FORWARD > >iptables -A INPUT -i lo -j ACCEPT > >iptables -A INPUT -j QUEUE > >iptables -A FORWARD -j QUEUE > >iptables -A OUPUT -j QUEUE > > > >in your snort.conf set checksum mode to none. > > > >config checksum_mode: none > > > >Regards, > > > >Will > > > > > > Adding "config checksum_mode: none" did the job, now > it works. (BTW with > or without the iptables -A INPUT -i lo -j ACCEPT > rule ) > I relauched my complete set of firewall rules/ > internet connections and > it's still working ;-) > ( I've some alert about lo / 127.0.01 but they will > be easy to avoid > bypassing the queue..) > > "Googling" on this config directive, i think i could > have found it by my > self (there is some threads on this list about > ssh/tcp issue and this > directive), > so i'm sorry if i've mafe you lose your time... > > Let me, please, ask you some more questions : > why are forwarded checksum ok, but some ssh replies > corrupted ? > Is this an issue from kernel / iptables / snort ? > (i'm using 2.4.27 kernel / iptables 1.2.11 ... going > to upgrade to 1.3.x > soon) > > Thanks > > Regards > > Laurent > > ps:sorry for my bad english... > > > --__--__-- > > Message: 6 > Reply-To: <spamtrap@winsnort.com> > From: "Michael Steele" <michaels@winsnort.com> > To: "'Snort Users Postings'" > <snort-users@lists.sourceforge.net> > Subject: RE: [Snort-users] Demarc Certified Open > Signatures > Date: Wed, 2 Mar 2005 16:05:07 -0800 > > Remember this one thing; If not for the dedication > of pre-Sourcefire > contributions from others, Snort would not be where > it is today, and this > goes for Sourcefire. > > This is only the beginning. Does it seem > inconceivable that in the future > Snort builds might be treated the same as the rules > are. If it's OK to do > this with the rules, then where does it stop... > > Kindest regards, > Michael... > > WINSNORT.com Management Team Member > -- > Pick up your FREE Windows or UNIX Snort installation > guides > mailto:support@winsnort.com > Website: http://www.winsnort.com > Snort: Open Source Network IDS - > http://www.snort.org > > > > -----Original Message----- > > From: snort-users-admin@lists.sourceforge.net > [mailto:snort-users- > > admin@lists.sourceforge.net] On Behalf Of Bob > Konigsberg > > Sent: Wednesday, March 02, 2005 2:31 PM > > To: 'Bamm Visscher'; 'Demarc Security' > > Cc: snort-users@lists.sourceforge.net > > Subject: RE: [Snort-users] Demarc Certified Open > Signatures > > > > I don't think that's the key point here. This has > already happened with > > Nessus and Snort - that is, people are making > money off of their open > > source > > work, and not giving credit OR cash back to the > developers. > > > > It's kind of sad where a few folks spoil it, but > both organizations are > > trying hard to stick to their roots - while > getting what's due them. > > > > Bob > > > > -----Original Message----- > > From: snort-users-admin@lists.sourceforge.net > > [mailto:snort-users-admin@lists.sourceforge.net] > On Behalf Of Bamm > > Visscher > > Sent: Wednesday, March 02, 2005 2:19 PM > > To: Demarc Security > > Cc: snort-users@lists.sourceforge.net > > Subject: Re: [Snort-users] Demarc Certified Open > Signatures > > > > Shouldn't a reputable company, who is supposedly > committed to the > > opensource > > community ensure that the copyright notices for > the rules files stay > > intact? > > > > Bammkkkk > > > > On Wed, 2 Mar 2005 10:09:11 -0800 (PST), Demarc > Security > > <snort_ml@demarc.org> wrote: > > > > > > > > > Since our inception in 2001, Demarc has been > committed to promoting > > > secure Internet use by providing free versions > of our products for users > > at home. > > > We believe that because we use Open Source > technology such as Linux > > > and Snort, that we should give back to the > security community as a > > > whole. We have continued to fulfill this > commitment, most recently > > > with the release of our Sentarus HomeAdmin > Edition, which allows > > > people to deploy some of our latest security > technology in their home > > lab > > environments at no cost. > > > > > > In addition to our Sentarus and PureSecure > products, our customers > > > have also benefited from the expertise of our > Threat Research Team > > > which has, to date, been tasked with verifying > rule stream updates and > > > educating customers on the detailed workings of > Snort technology. In > > > light of some upcoming changes, we're now > expanding our research team > > > and formally announcing our new "Certified Open > Signatures" program. > > > Our Certified Open Signatures program, which > will be universally > > > available to the entire community, is founded on > these two principles: > > > > > > 1) Like the Snort program itself, the > latest rule signatures should > > > always be available for free because > strong computer and network > > > security are in everyone's best > interests. > > > > > > 2) The best way for a company to serve a > community project is to > > > remain true to the original goals of > that project and refrain > > > from charging for vital components that > have always been > > > community-driven and free. > > > > > > We make this announcement now, as we have > recently received notice > > > from Sourcefire that, as of next week, early > access to all future > > > Snort signatures they create will be based on a > subscription model. > > > > > > The Sourcefire license changes as they were > presented to us are: > > > > > > - All rule updates will be a minimum of five > days older than those > > > Sourcefire sells to their customers, and > you will be required to > > > register to receive them or to wait for > the next major Snort > > > release. > > > > > > - To receive the latest rules any sooner, > you will have to pay > > > Sourcefire a rule subscription fee. > > > > > > We sincerely respect the efforts of the > Sourcefire Snort development > > > group along with the numerous others who created > the base technology > > > and rulesets that have made Snort a household > name in the security > > > community. However, one of the greatest > benefits of using Snort is > > > the community review process which will now be > subject to an imposed > > arbitrary delay. > > > > > > At Demarc, our commitment to the security > community is simple: > > > > > > - Demarc will maintain > http://snort.demarc.com/ as a community > > portal > > > for Snort signatures and Snort-based > technology. (This site is > > > meant to augment and not replace snort.org > or the snort-sigs > > > mailing list.) > > > > > > - Demarc will produce and revise rules, as > well as collaborate with > > > active groups to bring together the best > rules from all community > > > sources. User sites such as Bleeding > Snort have been at the > > > forefront of new signature development and > we view these groups' > > > contributions as invaluable. Our goal is > to work with these > > > groups and to serve as the trusted source > for certified, > > > production level rulesets. > > > > > > - Demarc's Threat Research Team will > continue to provide the latest > > > cutting-edge and Demarc Certified rules, > making them immediately > > > available for public download and > contribution. > > > > > > - Demarc will not charge for the download, > use, or modification of > > > rules hosted on this site. > > > > > > Our community portal at http://snort.demarc.com/ > will continually > > > evolve over the next several weeks to offer more > features, including > > > direct user interaction. Our community portal > will also become the new > > > home for the SPADE statistical packet anomaly > detection project and > > > SnortSnarf, two projects originally managed by > SiliconDefense and > > subsequently transferred to Demarc. > > > > > > We welcome your support on these projects > through signature review and > > > submissions, and, as with all community > projects, your feedback is > > > always welcome to help make it better. > > > > > > Sincerely, > > > > > > Ashlyn Reznik > > > Demarc Threat Research Team > > > Email: areznik@demarc.com > > > http://www.demarc.com/products/ > > > > > > > > > -- > > sguil - The Analyst Console for NSM > > http://sguil.sf.net > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT > Products from real users. > > Discover which products truly live up to the hype. > Start reading now. > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or > unsubscribe: > > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT > Products from real users. > > Discover which products truly live up to the hype. > Start reading now. > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or > unsubscribe: > > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > > > > > --__--__-- > > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/...fo/snort-users > > > End of Snort-users Digest > __________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
