http://permalink.gmane.org/gmane.comp.security.ids.snort.general hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28383 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Joel Esler 2008-11-29T13:10:52 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28382 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Arun Patil 2008-11-28T21:21:42 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28381 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Mike Potamousis 2008-11-27T17:16:03 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28380 Can you try paste a rule (say...the rule on line 921) so we can check the PCRE...my guess is that it may use one of the new PCRE options available in Snort 2.8.3, and your version won't support them. The following are the ones that might cause issues: case 'P': pcre_data->options |= SNORT_PCRE_HTTP_BODY; break; case 'H': pcre_data->options |= SNORT_PCRE_HTTP_HEADER; break; case 'M': pcre_data->options |= SNORT_PCRE_HTTP_METHOD; break; case 'C': pcre_data->options |= SNORT_PCRE_HTTP_COOKIE; break; So, any PCRE that has a P, H, M or C at the end should only be supported in Snort 2.8.3... Matt On Thu, Nov 27, 2008 at 9:43 AM, James Lay <jlay< at >slave-tothe-box.net> wrote: ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world Matt Olney 2008-11-27T16:31:11 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28379 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users James Lay 2008-11-27T14:43:09 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28378 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Joel Esler 2008-11-27T14:38:35 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28377 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users James Lay 2008-11-27T14:27:37 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28376 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Asghar Paracha 2008-11-27T05:26:52 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28375 Call For Papers     The CanSecWest 2009 CFP is now open.     Deadline is December 8th, 2008. CanSecWest CALL FOR PAPERS     VANCOUVER, Canada -- The tenth annual CanSecWest applied     technical security conference - where the eminent figures     in the international security industry will get together     share best practices and technology - will be held in     downtown Vancouver at the the Sheraton Wall Centre on     March 18-20, 2009. The most significant new discoveries     about computer network hack attacks and defenses,     commercial security solutions, and pragmatic real world     security experience will be presented in a series of     informative tutorials.     The CanSecWest meeting provides international researchers     a relaxed, comfortable environment to learn from     informative tutorials on key developments in security     technology, and collaborate and socialize with their peers     in one of the world's most scenic cities - a short drive     awa Dragos Ruiu 2008-11-25T05:12:12 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28374 Hey Guys, i have implementet flow-portscan to snort 2.8. After the Restart the following error occures (304) Unable to create an IPSet from any Greetings Sascha Hintz 2008-11-24T08:49:48 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28373 Hi funky, "schema" is a reserved word in MySQL. To show the contents of the table try: mysql> select * from `schema`; note backticks not single quote, or mysql> select * from <database_name>.schema; Todd funky wrote: ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Todd Wease 2008-11-23T16:10:28 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28372 Joel Esler escribió: It's 5.0.51a ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users funky 2008-11-23T15:32:16 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28371 Command line overrides the snort.conf file. And intentional. What version of mysql? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Joel Esler 2008-11-23T05:00:58 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28370 Hello guys, I got a couple of questions: -first: why can't I use mysql and -A parameter together? when I use -A fast then snort doesn't connect to mysql -second: is this normal? mysql> select * from schema; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'schema' at line 1 that table only has a couple of fields, an int and a datatime. I'm using OpenBSD 4.3 and Snort 2.8.0.1 from packages. Thanks in advance. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change funky 2008-11-23T03:48:06 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28369 Hi Geoff, I don't believe sids greater than 2147483647 have ever been supported. Just did a quick check with 2.6.1.5 and looked at CVS and the code that sets the sid uses atoi() and has never been changed. Do you have a need for larger sids? If so, I believe it would be an easy fix to up this to 4294967295. Todd Matt Olney wrote: ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Todd Wease 2008-11-16T02:12:41 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28368 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Jose Manuel Colon 2008-11-15T22:43:44 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28367 Er.... MAX_INT? Seems like there was a guy on irc a bit ago who had a very high sid that looped. We thought that max_int was the problem, but I'm not sure we checked source code. I'm waiting for a table, so I can't check ;) Sent from my iPhone On Nov 14, 2008, at 5:31 PM, "Geoff Whittington" <geoff.whittington< at >gmail.com > wrote: ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Matt Olney 2008-11-15T00:22:20 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28366 Hello, Can someone confirm the maximum value that can be defined for a rule sid ? I seem to be seeing unreliable behaviour when a rule is defined with a sid > 2147483646. This does not seem to affect 2.4.5, or 2.6.1.5. Cheers, - Geoff ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Geoff Whittington 2008-11-14T22:31:10 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28365 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users 李敏 2008-11-14T07:19:51 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28364 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Jefferson, Shawn 2008-11-13T18:15:23 http://permalink.gmane.org/gmane.comp.security.ids.snort.general/28363 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ Snort-users mailing list Snort-users< at >lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users JJ Cummings 2008-11-12T00:52:15 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.security.ids.snort.general