[Snort-users] Re: Contents of Snort-users digest...


Welcome to the Virus.Org Mailing List Archive
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: [Snort-users] Re: Contents of Snort-users digest...
From: Daniel Castellano <[EMAIL PROTECTED]>
Date: Tue, 26 Aug 2003 18:22:22 -0300
Sender: [EMAIL PROTECTED]
-----Mensaje original-----
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Enviado el: Martes, 26 de Agosto de 2003 16:21
Para: [EMAIL PROTECTED]
Asunto: Snort-users digest, Vol 1 #3497 - 13 msgs


Send Snort-users mailing list submissions to
	[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	[EMAIL PROTECTED]

You can reach the person managing the list at
	[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: snort ?> mysql (Erek Adams)
   2. Re: RPMS (Daniel Wittenberg)
   3. Re: [Snort-devel] Available for download? (Roland Turner)
   4. RE: Anyone using "Enterprise implementation"? (Tom Van Overbeke)
   5. RE: Anyone using "Enterprise implementation"? (Kreimendahl, Chad J)
   6. AW: [Snort-users] Snort x Dragon Integration? (Poppi, Sandro)
   7. Re: Help!!! (Edin Dizdarevic)
   8. Snort on Windows 2003 Server (Tiberiu Tajts)
   9. RE: Snort on Windows 2003 Server (Jeff Dell)
  10. RE: Snort on Windows 2003 Server (Randy M. Nash)
  11. Barnyard CSV output (David)
  12. Re: No Alerts (Matt Kettler)
  13. Snort (Edward Marshall)

--__--__--

Message: 1
Date: Tue, 26 Aug 2003 05:58:15 -0400 (EDT)
From: Erek Adams <[EMAIL PROTECTED]>
To: Roger Brown <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED],
  [EMAIL PROTECTED]
Subject: Re: [Snort-users] snort ?> mysql

On Mon, 25 Aug 2003, Roger Brown wrote:

> I'm connecting to a remote;  thanks for the -T switch; here's what I 
> came up with. It looks like I have a problem with the mysql build - I 
> tried the ./configure and didn't get any errors but I still get the 
> message below:
>
> telnet_decode arguments:
>     Ports to decode telnet on: 21 23 25 119
> database: compiled support for ( )
> database: configured to use mysql
> database: 'mysql' support is not compiled into this build of snort
>
> ERROR: If this build of snort was obtained as a binary distribution 
> (e.g., rpm, or Windows), then check for alternate builds that contains 
> the necessary 'mysql' support.
>
> If this build of snort was compiled by you, then re-run the the 
> ./configure script using the '--with-mysql' switch. For non-standard 
> installations of a database, the '--with-mysql=DIR' syntax may need to 
> be used to specify the base directory of the DB install.
>
> See the database documentation for cursory details 
> (doc/README.database). and the URL to the most recent database plugin 
> documentation. Fatal Error, Quitting..

Fairly self explanatory.  :)

The Snort binary that you are using wasn't compiled with the --with-mysql
switch.  Rebuild it with that enabled, and all should be well.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


--__--__--

Message: 2
Subject: Re: [Snort-users] RPMS
From: Daniel Wittenberg <[EMAIL PROTECTED]>
To: Snort Users List <[EMAIL PROTECTED]>
Organization: The Starken Group
Date: Mon, 25 Aug 2003 20:31:35 -0500

If you have the oracle libraries installed, you can even build the
snort-oracle rpm too...

Dan

On Mon, 2003-08-25 at 18:40, JP Vossen wrote:

> Snort.org will provide binary packages for snort itself (including 
> docs and contrib), MySQL and PostgreSQL (all three with statically 
> compiled flexresp). If you don't like those it will be trivially easy 
> to build your own (assuming your system meets the dependencies).
> 
> Later,
> JP


-- 
=============================
Daniel Wittenberg
RHCE+AS/IBM Certified Specialist
President/CTO
The Starken Group
http://www.starken.com



--__--__--

Message: 3
Date: Tue, 26 Aug 2003 10:49:51 +0100
From: Roland Turner <[EMAIL PROTECTED]>
To:  [EMAIL PROTECTED]
Subject: [Snort-users] Re: [Snort-devel] Available for download?

Brian wrote:

> As far as I know, Countersnipe is just snort-inline, which is already 
> available on snort.org.

Our engine is snort with a handful of patches, notably including the
snort-inline patch.

Note that the snort-inline patch at
http://sourceforge.net/projects/snort-inline appears to be somewhat more
recent than that at http://www.snort.org/dl/contrib/patches/inline/

- Raz








--__--__--

Message: 4
Date: Tue, 26 Aug 2003 17:26:57 +0200
From: Tom Van Overbeke <[EMAIL PROTECTED]>
Subject: RE: [Snort-users] Anyone using "Enterprise implementation"?
To: 'Emre Bastuz' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]

If you're getting that much of info in only 8 hours, i suggest you finetu=
ne your snort config first. there can't possibly be that much of interesting
information in such a short timeframe.


Tom.




> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Emre 
> Bastuz
> Sent: 26 August 2003 11:04
> To: [EMAIL PROTECTED]
> Subject: [Snort-users] Anyone using "Enterprise implementation"?
>
>
> Hi,
>
> I=B4ve been planning to deploy Acid+Snort+Snortcenter in an 
> "enterprise=
"
> scenario with about 10 sensors with GigE Interfaces and one managment 
> machine with mysql,apache, etc..
>
> During my initial test Snort wrote about 6 Gig of information from 
> sensor to managment machine within 8 hours.
>
> Not that I did not expect this but the mysql queries on the Acid 
> console take forever thus leaving the system completely useless.
>
> I read the FAQ and also did some serious Googling to learn how to 
> improve performance but creating indexes and tuning buffers did not
> really help.
>
> Is anyone out there using Acid+Snort+Snortcenter in an environment 
> like I=B4m planning to do?
>
> How do you guys handle the huge data that is being written to the db?
>
> Just wondering: just one sensor with GigE, sniffing on 3x100mbit is 
> generating that much data, how does Acid+Snort scale when using with
> more sensors?
>
> I could live with doing daily archives of the database but I=B4m 
> afraid with multiple sensorts I would have to switch to archiving 
> every 12 or 6 hours.
>
> Any solution or suggestion? Even links, faq=B4s and docs I might have 
> missed are very welcome :)
>
> Emre
>
> --
> [EMAIL PROTECTED]              http://www.emre.de
> UIN: 561260           PGP Key ID: 0xAFAC77FD
> I don't see why some people even HAVE cars. -- Calvin
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single 
> machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> machines at the same time. Free trial click
> here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Snort-users mailing list
> [EMAIL PROTECTED]
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users



*************************************************************************=
***
Disclaimer:=20
This electronic transmission and any files attached to it are strictly=20
confidential and intended solely for the addressee. If you are not=20 the
intended addressee, you must not disclose, copy or take any action in
reliance of this transmission. If you have received this=20 transmission in
error, please notify the sender by return and delete the transmission.
Although the sender endeavors to maintain a computer virus free network, the
sender does not warrant that this transmission is virus-free and will not be
liable for any damages=20 resulting from any virus transmitted.=20 Thank
You.
*************************************************************************=
***



--__--__--

Message: 5
Subject: RE: [Snort-users] Anyone using "Enterprise implementation"?
Date: Tue, 26 Aug 2003 10:34:35 -0500
From: "Kreimendahl, Chad J" <[EMAIL PROTECTED]>
To: "Emre Bastuz" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>


I wouldn't recommend using mysql in an 'Enterprise' environment for =
anything that matters to you.   If your company already pays for oracle, =
you'll be better off using that.   If not, postgres is a step in the =
right direction.

-----Original Message-----
From: Emre Bastuz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 4:04 AM
To: [EMAIL PROTECTED]
Subject: [Snort-users] Anyone using "Enterprise implementation"?


Hi,

I=B4ve been planning to deploy Acid+Snort+Snortcenter in an "enterprise"
scenario with about 10 sensors with GigE Interfaces and one managment
machine with mysql,apache, etc..

During my initial test Snort wrote about 6 Gig of information from sensor to
managment machine within 8 hours.

Not that I did not expect this but the mysql queries on the Acid console
take forever thus leaving the system completely useless.

I read the FAQ and also did some serious Googling to learn how to = improve
performance but creating indexes and tuning buffers did not really help.

Is anyone out there using Acid+Snort+Snortcenter in an environment like =
I=B4m planning to do?

How do you guys handle the huge data that is being written to the db?

Just wondering: just one sensor with GigE, sniffing on 3x100mbit is =
generating that much data, how does Acid+Snort scale when using with more
sensors?

I could live with doing daily archives of the database but I=B4m afraid =
with multiple sensorts I would have to switch to archiving every 12 or 6 =
hours.

Any solution or suggestion? Even links, faq=B4s and docs I might have =
missed are very welcome :)

Emre

--=20
[EMAIL PROTECTED]              http://www.emre.de       =20
UIN: 561260           PGP Key ID: 0xAFAC77FD
I don't see why some people even HAVE cars. -- Calvin


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same
time. Free trial click = here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
[EMAIL PROTECTED]
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users


--__--__--

Message: 6
From: "Poppi, Sandro" <[EMAIL PROTECTED]>
To: Bernardo Santos Wernesback <[EMAIL PROTECTED]>,
   [EMAIL PROTECTED]
Subject: AW: [Snort-users] Snort x Dragon Integration?
Date: Mon, 25 Aug 2003 10:13:20 +0200

I tried it sometime ago with Dragon 5 and Snort snmp plugin, but the results
were not what I expected. AFAIR there where problems to differentiate the
OIDs in Dragon to have Dragon report on each specific Snort rule.

If you plan to work on it I could send you a small script to convert Snort
rules (pre 2.0) to Dragon rules if I can find it again ;)

As of Dragon 6 I think it should be possible to write an own Dragon plugin
for Snort (using the newly introduced Dragon API for development) but never
tried it though.

So long,
Sandro
>
>Hello Everyone,
>
>Has anyone tried to integrate Dragon and Snort?
>
>What I mean by integration is having Snort detect events, send
>them to Dragon (SNMP?) and have Dragon take action?
>
>I thought about that possibility and I wondered if anyone had tried.
>
>Thanks for any opinions,
>
>Bernardo Santos Wernesback
>bernardo -= at =- ish.com.br
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: VM Ware
>With VMware you can run multiple operating systems on a single
>machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell 
>virtual machines at the same time. Free trial click 
>here:http://www.vmware.com/wl/offer/358/0
>_______________________________________________
>Snort-users mailing list
>[EMAIL PROTECTED]
>Go to this URL to change user options or unsubscribe: 
>https://lists.sourceforge.net/lists/listinfo/sn>ort-users
>
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


--__--__--

Message: 7
Date: Mon, 25 Aug 2003 17:28:19 +0200
From: Edin Dizdarevic <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Organization: interActive Systems
To: henrique de lima arabe - PDBL/uoi <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: [Snort-users] Help!!!



henrique de lima arabe - PDBL/uoi wrote:
> Anyone could help me using Snort? What rules and config files have to
> be changed to reflect a network? How do they interact? Any help would
> be greatly appreciated. Thanks Hank.

All the information you need is in the FAQ and the documentation shipped
with Snort. A decent book may also help, try Stephen Northcutts IDS
books.

Regards,

Edin

-- 
Edin Dizdarevic



--__--__--

Message: 8
Date: Tue, 26 Aug 2003 12:54:04 -0400
From: "Tiberiu Tajts" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [Snort-users] Snort on Windows 2003 Server

I receive the message: ERROR unable to open rules file;
classification.config or./classification.config
fatal error.Quiting...

Any suggestions??

Tibi Tajts


--__--__--

Message: 9
From: "Jeff Dell" <[EMAIL PROTECTED]>
To: "'Tiberiu Tajts'" <[EMAIL PROTECTED]>,
	<[EMAIL PROTECTED]>
Subject: RE: [Snort-users] Snort on Windows 2003 Server
Date: Tue, 26 Aug 2003 13:29:01 -0400

Check the location of the file classification.config. It looks like
snort.conf can't find it. If you find it, any easy fix is to just put it
in the same directory as snort.conf.

Jeff

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tiberiu
Tajts
Sent: Tuesday, August 26, 2003 12:54 PM
To: [EMAIL PROTECTED]
Subject: [Snort-users] Snort on Windows 2003 Server


I receive the message: ERROR unable to open rules file;
classification.config or./classification.config
fatal error.Quiting...

Any suggestions??

Tibi Tajts


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click
here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
[EMAIL PROTECTED]
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--__--__--

Message: 10
Date: Tue, 26 Aug 2003 11:25:07 -0700 (PDT)
From: "Randy M. Nash" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: RE: [Snort-users] Snort on Windows 2003 Server
To: Jeff Dell <[EMAIL PROTECTED]>,
  'Tiberiu Tajts' <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]

Jeff,

You should review your snort.conf file.  You can use
the full path pointing to the classification.config
file as follows (Windows example):

#
# Include classification & priority settings
#
include c:\snort\etc\classification.config


Hope this helps!

Randy
--- Jeff Dell <[EMAIL PROTECTED]> wrote:
> Check the location of the file
> classification.config. It looks like
> snort.conf can't find it. If you find it, any easy
> fix is to just put it
> in the same directory as snort.conf.
> 
> Jeff
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Tiberiu
> Tajts
> Sent: Tuesday, August 26, 2003 12:54 PM
> To: [EMAIL PROTECTED]
> Subject: [Snort-users] Snort on Windows 2003 Server
> 
> 
> I receive the message: ERROR unable to open rules
> file;
> classification.config or./classification.config
> fatal error.Quiting...
> 
> Any suggestions??
> 
> Tibi Tajts
> 
> 
>
-------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems
> on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell
> virtual machines
> at the same time. Free trial click
> here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Snort-users mailing list
> [EMAIL PROTECTED]
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> 
>
-------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems
> on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell
> virtual machines
> at the same time. Free trial click
> here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Snort-users mailing list
> [EMAIL PROTECTED]
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
Randy M. Nash
@RISK Online
http://www.atriskonline.com

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


--__--__--

Message: 11
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
From: "David" <[EMAIL PROTECTED]>
Cc: 
Date: Tue, 26 Aug 2003 13:55:52 -0400 (EDT)
Subject: [Snort-users] Barnyard CSV output








Hello snorters,



quick question...



I am trying to use barnyard to produce some nice csv output.  In my barnyard
config file I have the line:



output alert_csv: /foo/bar/csvalerts timestamp,srcip,sport, etc.



so my quick question is...(drumroll please) :P



what are possible values to have barnyard output into my csv file?  For
example, above I have timestamp, srcip and sport going into the csvalert
file.  So what are all the other values I can have.  I know there is dstip,
dport, msg, protoname and a few others, but is there a definitive list
anywhere?  Also, are there any detailed docs for barnyard?  I have the docs
that come with the barnyard package, but I would love to find a really nice
thick and juicy barnyard man page :D



Thanks everyone!



Dave

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!


--__--__--

Message: 12
Date: Tue, 26 Aug 2003 14:56:12 -0400
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: Matt Kettler <[EMAIL PROTECTED]>
Subject: Re: [Snort-users] No Alerts

At 07:08 PM 8/25/2003 -0700, [EMAIL PROTECTED] wrote:
>Hi,
>   I've configured SNORT with ACID and everything seems ok.  But when I 
> run port
>scans the scans report all the correct information but ACID never shows 
>any alerts.

Are you using one of the portscan preprocessors in a way which would cause 
your scan to trigger an alert?

Have you verified using tcpdump that the snort sensor is even seeing the 
traffic in the first place? 



--__--__--

Message: 13
From: "Edward Marshall" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Tue, 26 Aug 2003 15:10:08 -0400
Subject: [Snort-users] Snort

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C36BE4.24369BE0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Hello, can anyone suggest a good log analyzer for snort 2.0 /2.0.1???
 
 
Thanks
 
 
Edward Marshall
[EMAIL PROTECTED]

------=_NextPart_000_0001_01C36BE4.24369BE0
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">


<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C36BE4.230EE4C0">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */=20
 table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0in 5.4pt 0in 5.4pt;
	mso-para-margin:0in;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Hello, can anyone suggest a good log analyzer for =
snort 2.0
/2.0.1???<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Thanks<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Edward Marshall<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>[EMAIL PROTECTED]<o:p></o:p></span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0001_01C36BE4.24369BE0--




--__--__--

_______________________________________________
Snort-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
[EMAIL PROTECTED]
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Prev by Date: Re: [Snort-users] Snort
Next by Date: RE: [Snort-users] Anyone using "Enterprise implementation"?
Previous by thread: Re: [Snort-users] ICMP PING CyberKit 2.2 rule falsing on "PingPlotter"
Next by thread: [Snort-users] FW: Syn flood agains routers
Index(es):
- Main
- Thread
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.