gmane.comp.security.ids.snort.general

Re: Snort and real-time alerting

JJC — 2012-05-24T19:40:17

I understand what you are saying, and in theory it can certainly
provide some insight into attacks against what it is that "you" are
"trying" to "protect".. that said.. why are you even allowing mysql
from the outside in your example, seems like a bad practice in the
first place, this is the kind of thing that generic firewalls and
logging thereof are for, no?  That type of thing notwithstanding, if
you can turn on more rules and look at traffic that may be "real"
attack traffic against things that "you" "don't" have, and still be
able to manage your alert volume, then more power to ya, I say if it
works for you then stick with it.. certainly not my methodology though
and I don't see how it's scalable in an environment with significant
traffic volume and a potentially large attack surface.

JJC

On Thu, May 24, 2012 at 10:09 AM, waldo kitty <wkitty42< at >windstream.net> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

waldo kitty — 2012-05-24T16:09:20

agreed...


that's a bad thing? if "you" attempt to see if "i" have mysql accessible from 
the outside by trying to throw an attack at it, "i" want you blocked... 
period... even if "i" never use mysql ever... the same statement applies if 
"you" throw wordpress hacks at my network and "i'm" not running any dynamic 
pages at all... or VOIP SIP scans... or SOLARIS telnet buffer overruns... etc...

"you" tried something dirty... that's all the proof needed in my book... 
watching only for traffic that might affect the stuff you do run is allowing a 
whole mash of other unnecessary traffic into your network that is attempting to 
attack stuff you don't run... why allow any bad traffic at all? would you like 
someone to test your house/apartment front door all the time every day to see if 
it is unlocked or would you do something about it? ;)



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Testing snort

Joel Esler — 2012-05-24T12:33:08

Snort can read pcap files directly.

snort -c /etc/snort/conf -r <file.pcap>


Joel

On May 24, 2012, at 6:04 AM, Sandip Bankewar wrote:



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Testing snort

Paul Halliday — 2012-05-24T12:33:37

Sounds complicated :)

Couldn't he just feed the pcap directly to snort:

snort -r <file.pcap> ?

On Thu, May 24, 2012 at 9:19 AM, Nick Moore <nmoore< at >sourcefire.com> wrote:

Re: Testing snort

Nick Moore — 2012-05-24T12:19:56

Sandip,

I have only used it in Linux and Mac OSX. I have to confess that I haven't
used Windows as my primary workstation for over six years and am not
familiar with current tools for it. The website mentions Cygwin, which if I
remember correctly creates a Linux-like environment for Windows. So you're
pretty much back to square one.

If there are other users on the list who are more knowledgable regarding
Windows and available tcpreplay-like utilities, please chime in.

Regarding installation instructions, installing from source is pretty much
the same as any package:

   - tar -zxvf tcpreplay-3.x.x.tar.gz
   - cd tcpreplay-3.x.x
   - ./configure && make && make install

If you run Debian or Ubuntu, you can use apt-get. Most RPM based distro's
should have tcpreplay. (blatantly plagiarizing from the website).

To quote Marty Roesch "Learn to use Linux. Like eating your broccoli, it's
good for you." A really good start would be to download a Snort set up doc
for Ubuntu or CentOS and follow it through. David Gullet has done a much
better job than I on keeping up with current releases with his Ubuntu doc.

Happy Snorting!

Nick

On Thu, May 24, 2012 at 6:30 AM, Sandip Bankewar
<sbankewar< at >cloudaccess.com>wrote:

Testing snort

Sandip Bankewar — 2012-05-24T10:04:08

Hi All,

I want to test snort using large packets.
I started wireshark and started to capture traffic. I am planning to save .pcap file and load it into a system running snort.
My question is how can I load .pcap or wireshark file to that system?
Is there any tool?

Is there any other method to test it?


Regards,
Sandip Bankewar

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Daemonlogger native package now in OpenWRT trunk!

Robert Vineyard — 2012-05-23T23:14:17

My patch for building Daemonlogger as a native OpenWRT package has been 
accepted into the mainline distribution and committed to trunk. 
Pre-built binary packages are now available for all supported 
architectures in the nightly snapshots tree.

Unfortunately these packages only work on the latest trunk firmware 
builds at the moment, and the 3.2 kernel along with the extra software 
included in these builds does not leave enough free JFFS space or usable 
RAM to run daemonlogger effectively. I'm trying to convince the 
developers to include this in the next stable release of Backfire 
(10.03.2) based on the 2.6 kernel, but no luck yet.

For the time being you can still grab my binary package from my GitHub 
repository. This one *does* install and run cleanly on the current 
stable version of Backfire (10.03.1).

   - Announcement: http://goo.gl/Wy5G8
   - Downloads: https://github.com/vineyard/WRT-SPAN

Cheers,
Robert Vineyard

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

JJC — 2012-05-23T19:45:19

Tune that system.. I can fairly safely assume that if you have 20,000
rules enabled, you are looking for attacks against stuff that you
don't have.

JJC

On Wed, May 23, 2012 at 8:51 AM, Jeronimo L. Cabral
<jelocabral< at >gmail.com> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

Jeremy Hoel — 2012-05-23T15:03:31

Sguil can do auto email on some events only.. it can email by
category, priority or just sid..

On Wed, May 23, 2012 at 2:57 PM, Lay, James <james.lay< at >wincofoods.com> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

Lay, James — 2012-05-23T14:57:16

Have the watching app look for specific things...perhaps only certain
classifications ("A Network Trojan was Detected") or something of the
like.

James

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

Jeronimo L. Cabral — 2012-05-23T14:51:50

Something else: suppose I use logsurfer/swatch/logwatch to alert in
real time the Snorts events. Actually I have near 5 events per minute.

What is the criteria to take just a few number of critical events of
Snort ??? Because I have 20.000 signatures...

On Wed, May 23, 2012 at 11:40 AM, Jeronimo L. Cabral
<jelocabral< at >gmail.com> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

Lay, James — 2012-05-23T14:47:12

Hehe...whatever works :)

James

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

Jeronimo L. Cabral — 2012-05-23T14:40:30

What about Swatch ??? Is it more appropriate ???

On Wed, May 23, 2012 at 11:13 AM, Lay, James <james.lay< at >wincofoods.com> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort and real-time alerting

Lay, James — 2012-05-23T14:13:57

Log to fast alert then use wots/logsurfer/logwatch to tail/watch the
file and email out.  Assuming linux/BSD/OSX.

James

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Snort and real-time alerting

Jeronimo L. Cabral — 2012-05-23T14:10:05

Dear, I have a Snort 2.9 with Base running OK, but I need a real time
alerting mechanism via email if possible.

How can I do that ??? Any extra module to use in that way ???

Special thanks

JeLo

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: New snort install question

livio Ricciulli — 2012-05-22T01:27:29

Good plan. Power supplies always go; it is not a question of if, it is a 
question of when..
As a back of the envelope calculation. If you use PF_RING (to run 3-4 
snort processes in parallel on you 3-4 hyperthreads), roughly, you will 
be able to monitor 100-300 Mbps with ~6000 rules.
See www.*snort*.org/assets/186/*PF_RING*_*Snort*_Inline_Instructions.pdf
You are smart.. Internal monitoring can be challenging because of the 
rule tuning required; but it is also very important in my opinion. Today 
smart phones/ laptops traverse firewalls every day; so perimeter 
defenses are getting obsolete.. You are going to need a good event 
management system..


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: vendor list surfing

Joel Esler — 2012-05-22T16:05:19


Agreed.  I keep a tight restriction even on our sales dept about advertising via the lists or information from the lists.

I am going to make the option available to Snort users who want to hear more about Sourcefire products.  But it will never be via the mailing lists.

Of course.  Lots of companies use Snort and the VRT Integrator License to put our product on their hardware.  It all depends on how they are using it.



Safemedia contacted me this morning and let me know that it was an overzealous sales person who was not aware of the policy.  They assured me it won't happen again.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort Stream5 Support

Joel Esler — 2012-05-22T15:49:34

Either call your test.rule from snort.conf with an include statement, or place the contents of your test.rule in the bottom of snort.conf

I recommend the first option.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On May 22, 2012, at 11:36 AM, Turnbough, Bradley E. wrote:



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort Stream5 Support

Turnbough, Bradley E. — 2012-05-22T15:36:48

Ah.... That would make sense.  So then I can't consider my rules to be additive to what's in snort.conf already.  Bummer.....

Any way around that?  I'd rather not place any configs in snort.conf.

From: Russ Combs [mailto:rcombs< at >sourcefire.com]
Sent: Tuesday, May 22, 2012 10:31 AM
To: Turnbough, Bradley E.
Cc: snort-users< at >lists.sourceforge.net
Subject: Re: [Snort-users] Snort Stream5 Support

Looks like the conf you are telling snort to use is /tmp/test.rule which, per your cat output, does not include the stream5 config, etc.
On Tue, May 22, 2012 at 10:22 AM, Turnbough, Bradley E. <bturnbough< at >belcan.com<mailto:bturnbough< at >belcan.com>> wrote:
Very new to snort.

I seem to be having some issues with getting Stream5 support up and running.  Here is the rule:

[root< at >hostname]# cat /tmp/test.rule
log tcp any any ->  xx.xx.xx.xx/29 23
alert tcp any any -> xx.xx.xx.xx/29 22 (\
msg:"Potential SSH Brute Force";\
flow:to_server;\
flags:S;\
threshold:type threshold, track by_src, count 3, seconds 60;\
classtype:attempted-dos;\
sid:2001218;\
rev:4;\
resp:rst-all;\
)

Using the following options to startup:

snort -d -i eth0 -c /tmp/test.rule -l /tmp/log

Produces a nasty error:

Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/tmp/test.rule"
Tagged Packet Limit: 256
Log directory = /tmp/log

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: /tmp/test.rule(11): Stream5 must be enabled to use the 'to_server' option.
Fatal Error, Quitting..

Review of the snort.conf file, it appears I DO have Stream5 support enabled:

preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5
preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \
   overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
    ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \
        161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665 6666 6667 6668 6669 \
        7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \
    ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 7510 7802 7777 7779 \
        7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \
        7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555
preprocessor stream5_udp: timeout 180

Why am I getting the error?
This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net<mailto:Snort-users< at >lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Re: Snort Stream5 Support

Russ Combs — 2012-05-22T15:30:39

Looks like the conf you are telling snort to use is /tmp/test.rule which,
per your cat output, does not include the stream5 config, etc.

On Tue, May 22, 2012 at 10:22 AM, Turnbough, Bradley E. <
bturnbough< at >belcan.com> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

subcribe

Lawrence R. Hughes, Sr. — 2012-05-22T14:24:36

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users< at >lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!