[Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon

Administrator administrator_at_awaatscsirc at ...4014...
Wed Nov 7 02:47:36 EST 2001


Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--__--__--

Message: 1
Date: Tue, 06 Nov 2001 23:52:14 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005108986 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

-- __--__-- 

Message: 1
Date: Tue, 06 Nov 2001 23:21:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005107184 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--  __--__--  

Message: 1
Date: Tue, 06 Nov 2001 23:01:13 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005105984 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--   __--__--   

Message: 1
Date: Tue, 06 Nov 2001 22:37:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005104487 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--    __--__--    

Message: 1
Date: Tue, 06 Nov 2001 22:06:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005102686 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--     __--__--     

Message: 1
Date: Tue, 06 Nov 2001 21:44:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005101188 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--      __--__--      

Message: 1
Date: Tue, 06 Nov 2001 21:21:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005099985 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--       __--__--       

Message: 1
Date: Tue, 06 Nov 2001 20:49:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005097884 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--        __--__--        

Message: 1
Date: Tue, 06 Nov 2001 20:26:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005096687 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--         __--__--         

Message: 1
Date: Tue, 06 Nov 2001 20:06:13 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005095489 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: Acid -> remote system (bretwatson at ...2046...)
   2. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--          __--__--          

Message: 1
To: Lance Spitzner <lance at ...2024...>
Cc: "Snort-Users (E-mail)" <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] Acid -> remote system
From: bretwatson at ...2046...
Date: Wed, 7 Nov 2001 08:32:58 +0800

This is a multipart message in MIME format.
--=_alternative 0002F64748256AFD_=
Content-Type: text/plain; charset="us-ascii"

Hi Lance,
yep you sure do... but either use the SSL capabilities on the Mysql 4.x 
library (if you're brave - its still in alpha) or use 
SSH/stunnel/zebedee/your favourite encrypted tunnel device... to do the 
remote connection.

In true modern architectural style you can also have snort,mysql,acid all 
on different systems :}.. we run it with the primary mysql database on a 
separate system, but we replicate teh database around the globe for our 
regional sites...

and no the package from sunfreeware doesn't have the headers :{... if 
you're willing to trust me I can pop my mysql-client package up on my 
website - it does have the headers etc..

Cheers,

Bret





Lance Spitzner <lance at ...2024...>        07/11/2001 04:37
Sent by: snort-users-admin at lists.sourceforge.net


To:     "Snort-Users (E-mail)" <snort-users at lists.sourceforge.net>
cc:     (bcc: WATSON Bret/Mgr/CSM/ST Group)
Subject: [Snort-users] Acid -/remote system








Question,

I'm attempting to build and use Snort+Acid, however
acid is on a different remote system.  When I attempt
to build snort, do I have to still compile it with the
mysql option?

Does this mean that when I do the build, on the build
system mysql has to be installed so the build can find
all the headers, even though Acid is on a different
system?

I've got a feeling the answer to this is yes, just
want to make sure.  And if so, will the following
from www.sunfreeware.com work on Solaris8 Sparc?

   mysql-3.22.26a-sol8-sparc-local.gz

Thanks!

-- 
Lance Spitzner
http://project.honeynet.org


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




--=_alternative 0002F64748256AFD_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">Hi Lance,</font>
<br><font size=2 face="sans-serif">yep you sure do... but either use the SSL capabilities on the Mysql 4.x library (if you're brave - its still in alpha) or use SSH/stunnel/zebedee/your favourite encrypted tunnel device... to do the remote connection.</font>
<br>
<br><font size=2 face="sans-serif">In true modern architectural style you can also have snort,mysql,acid all on different systems :}.. we run it with the primary mysql database on a separate system, but we replicate teh database around the globe for our regional sites...</font>
<br>
<br><font size=2 face="sans-serif">and no the package from sunfreeware doesn't have the headers :{... if you're willing to trust me I can pop my mysql-client package up on my website - it does have the headers etc..</font>
<br>
<br><font size=2 face="sans-serif">Cheers,</font>
<br>
<br><font size=2 face="sans-serif">Bret</font>
<br>
<br>
<br>
<br>
<br>
<br><font size=2 color=blue face="sans-serif"><b>Lance Spitzner <lance at ...2024...></b></font><font size=2 face="sans-serif">        </font><font size=2 color=blue face="sans-serif">07/11/2001 04:37</font>
<br><font size=1 color=blue face="sans-serif">Sent by: snort-users-admin at lists.sourceforge.net</font>
<p>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif">To:        "Snort-Users (E-mail)" <snort-users at lists.sourceforge.net></font>
<br><font size=1 face="sans-serif">cc:        (bcc: WATSON Bret/Mgr/CSM/ST Group)</font>
<br><font size=1 face="sans-serif">Subject: [Snort-users] Acid -/remote system</font>
<td>
<tr valign=top>
<td>
<td>
<td></table>
<br>
<br>
<br>
<br>
<br><font size=2 face="Courier New">Question,<br>
<br>
I'm attempting to build and use Snort+Acid, however<br>
acid is on a different remote system.  When I attempt<br>
to build snort, do I have to still compile it with the<br>
mysql option?<br>
<br>
Does this mean that when I do the build, on the build<br>
system mysql has to be installed so the build can find<br>
all the headers, even though Acid is on a different<br>
system?<br>
<br>
I've got a feeling the answer to this is yes, just<br>
want to make sure.  And if so, will the following<br>
from www.sunfreeware.com work on Solaris8 Sparc?<br>
<br>
   mysql-3.22.26a-sol8-sparc-local.gz<br>
<br>
Thanks!<br>
<br>
-- <br>
Lance Spitzner<br>
http://project.honeynet.org<br>
<br>
<br>
_______________________________________________<br>
Snort-users mailing list<br>
Snort-users at lists.sourceforge.net<br>
Go to this URL to change user options or unsubscribe:<br>
https://lists.sourceforge.net/lists/listinfo/snort-users<br>
Snort-users list archive:<br>
http://www.geocrawler.com/redir-sf.php3?list=snort-users<br>
</font>
<br>
<br>
<br>
--=_alternative 0002F64748256AFD_=--


--          __--__--          

Message: 2
Date: Tue, 06 Nov 2001 19:41:12 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005093990 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--           __--__--           

Message: 1
Date: Tue, 06 Nov 2001 19:16:13 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005092491 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--            __--__--            

Message: 1
Date: Tue, 06 Nov 2001 18:56:14 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005091289 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: View events via web (Erek Adams)
   2. Re: Wrappers (JPP)
   3. Re: Acid -> remote system (Olaf Schreck)
   4. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--             __--__--             

Message: 1
Date: Tue, 6 Nov 2001 13:51:09 -0800 (PST)
From: Erek Adams <erek at ...577...>
To: "Wells, Kenneth L" <kw151002 at ...3461...>
cc: snort-users at lists.sourceforge.net, <snortlist at ...125...>
Subject: Re: [Snort-users] View events via web

On Tue, 6 Nov 2001, Wells, Kenneth L wrote:

> I'm trying to run the following command
>
> Cat /var/log/snort | /snort_stat.pl -f -h ? /alert.html
>
> I get the error command not found, even when I run it in the same directory
> where the command is..
>
> Can anyone help?

Try 'cat /var/log/snort/alert | ./snort_stat.pl -f -h > alert.html' instead.

Also note that snort_stat.pl is lookinf for /usr/bin/perl and not
/usr/local/bin/perl.

> Or does anyone know a better method to view events via a webpage??

ACID + MySQL/Postgres.  A bit easier to read, view and get more 'realtime'
alerts.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



--             __--__--             

Message: 2
Date: Tue, 06 Nov 2001 15:04:52 -0700
From: JPP <jpp at ...1565...>
Organization: Front Range Web Services
CC: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Wrappers

Well 

Consensus seems to be to add sshd to inetd.conf (which I did not do)
The reason I even tried in the first place was that I had read somewhere
that xinetd and SSH did not play well together.
So, all I did was copy the inetd app from the older RH machine to the
newer ones, and added the sshd: lines to the hosts. files and fired up
inetd
No additions to the inetd.conf file and just used the SSH right out of
the RPM (though I did rebuild one or 2 when some of the exploits for SSH
were announced - but nothing special aside from MAYBE wrapper support).

I will look into exactly what I added and did not add, but I know I did
not add anything to inetd.conf nor to xinetd.conf (they both work well
together and apart, btw).

Will post what I  find out for ya'all.

JPP

Skip Carter wrote:
> 
> > Using Xinetd set to use hosts.allow and hosts.deny (in particular), I
> > have found on RedHat 7.x systems that using these files to regulate SSH
> > connections works quite well.
> >
> > Adding to hosts.deny:
> > ALL: ALL
> >
> > Will indeed stop SSH connections as well as everything else that uses
> > these wrappers (least for me it does!)
> >
> > I add:
> > SSHD:  Some.IP.Range. or.some.ip.address
> >
> > to hosts.allow and I get access once more.
> >
> > I may be far off base here - but it indeed works in my case. Give it a
> > try. May work for you also. And possibly some kind soul can explain why
> > SSH is regulated this way without being added to any conf file ...
> 
>   With the appropriate entry in inetd.conf or /etc/xinetd.d   SSH and
>   httpd (at least Apache anyway) CAN be tcp_wrappered (regardless of
>   the Linux distro).  BUT, in both of these cases there is a significant
>   program startup overhead involved, so its really not a very good idea
>   for these programs unless these startup delays can be tolerated in
>   your network environment.
> 
> 
> --
>  Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
>  Taygeta Scientific Inc.        INTERNET: skip at ...1552...
>  1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
>  Monterey, CA. 93940
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--             __--__--             

Message: 3
Date: Tue, 6 Nov 2001 23:36:05 +0100
From: Olaf Schreck <chakl at ...931...>
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Acid -> remote system

Lance,

> I'm attempting to build and use Snort+Acid, however
> acid is on a different remote system.  When I attempt
> to build snort, do I have to still compile it with the
> mysql option?

yes

> Does this mean that when I do the build, on the build
> system mysql has to be installed so the build can find
> all the headers, even though Acid is on a different
> system?

Installing the mysql header files and the mysqlclient library files should 
suffice.  You can copy them from a similar Solaris box.

> I've got a feeling the answer to this is yes, just
> want to make sure.  And if so, will the following
> from www.sunfreeware.com work on Solaris8 Sparc?
> 
>    mysql-3.22.26a-sol8-sparc-local.gz

No, there were some problems with ACID and mysql < v3.23.x.  Sorry, I don't 
remember the details.  You can download recent MySQL Solaris binaries from 
www.mysql.com.


ciao,
chakl

nice book!


--             __--__--             

Message: 4
Date: Tue, 06 Nov 2001 18:12:11 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005089494 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: Wrappers (Skip Carter)
   2. RE: Wrappers (Chris Eidem)
   3. View events via web (Wells, Kenneth L)
   4. RE: snort on Linux works, on OpenBSD doesn\\\'t (donegan at ...3789...)
   5. RE: cc:Mail Link to SMTP Undeliverable Message: Unk
       nown user: Bud CTR Gordon (Steve Halligan)
   6. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--              __--__--              

Message: 1
To: JPP <jpp at ...1565...>
cc: snort-users at lists.sourceforge.net, skip at ...1551...
Subject: Re: [Snort-users] Wrappers 
Date: Tue, 06 Nov 2001 13:28:03 -0800
From: Skip Carter <skip at ...1552...>


> Using Xinetd set to use hosts.allow and hosts.deny (in particular), I
> have found on RedHat 7.x systems that using these files to regulate SSH
> connections works quite well.
> 
> Adding to hosts.deny:
> ALL: ALL
> 
> Will indeed stop SSH connections as well as everything else that uses
> these wrappers (least for me it does!)
> 
> I add:
> SSHD:  Some.IP.Range. or.some.ip.address
> 
> to hosts.allow and I get access once more.
> 
> I may be far off base here - but it indeed works in my case. Give it a
> try. May work for you also. And possibly some kind soul can explain why
> SSH is regulated this way without being added to any conf file ...

  With the appropriate entry in inetd.conf or /etc/xinetd.d   SSH and
  httpd (at least Apache anyway) CAN be tcp_wrappered (regardless of
  the Linux distro).  BUT, in both of these cases there is a significant
  program startup overhead involved, so its really not a very good idea
  for these programs unless these startup delays can be tolerated in
  your network environment.
 

-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at ...1552...
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            













--              __--__--              

Message: 2
Subject: RE: [Snort-users] Wrappers
Date: Tue, 6 Nov 2001 15:24:50 -0600
From: "Chris Eidem" <jceidem at ...2191...>
To: "Wells, Kenneth L" <kw151002 at ...3461...>,
	<snort-users at lists.sourceforge.net>

Use the -c option to tell snort where the config file is and make sure
that you have the full path in the snort.conf file for all the #include
*rules (i.e. #include local.rules should be #include
/usr/local/snort/local.rules).

Your eagerness is touching, but perhaps you should spend a few minutes
getting familiar with the snort FAQ that comes inside each box of snort.
You'll save yourself a lot of email time.  You know, RTFM...

Chris

> -----Original Message-----
> From: Wells, Kenneth L [mailto:kw151002 at ...3461...]
> Sent: Tuesday, November 06, 2001 2:40 PM
> To: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Wrappers
>=20
>=20
>=20
> I have the following error when I try to run snort
>=20
> Initializing rule chains...
> ERROR: Unable to open rules file: /snort.conf or //snort.conf
> Fatal Error. Quitting...
>=20
>=20
> My rules are in a folder call rules in the snort-1.8.2 directory.
>=20
> What should my include statement say?
>=20
>=20
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
>=20
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
>=20


--              __--__--              

Message: 3
From: "Wells, Kenneth L" <kw151002 at ...3461...>
To: snort-users at lists.sourceforge.net
Cc: snortlist at ...125...
Date: Tue, 6 Nov 2001 16:33:14 -0500 
Subject: [Snort-users] View events via web

I'm trying to run the following command

Cat /var/log/snort | /snort_stat.pl -f -h ? /alert.html

I get the error command not found, even when I run it in the same directory
where the command is..

Can anyone help?

Or does anyone know a better method to view events via a webpage??



--              __--__--              

Message: 4
Date: Tue, 6 Nov 2001 13:33:52 -0800
To: Chris Eidem <jceidem at ...2191...>
Subject: RE: [Snort-users] snort on Linux works, on OpenBSD doesn\\\'t
From: donegan at ...3789...
Cc: <snort-users at lists.sourceforge.net>

Well, tried both of your suggestions. Neither appears to work :-( The
linux snort just keeps on reporting items and the openbsd one remains
mute...


On 11-06-2001 11:46 am, Chris Eidem <jceidem at ...2191...> wrote:

> Not necessary, here is my setup:
> 
> [root at ...3953... /home/ceidem/src]# for i in /etc/hostname.*; do echo
$i;
> cat $i; done
> /etc/hostname.fxp0
> up
> /etc/hostname.xl0
> inet 10.70.0.108 255.255.255.0 NONE 
> /etc/hostname.xl1
> up
> 
> > -----Original Message-----
> > From: Ashley Thomas [mailto:athomas at ...3539...]
> > Sent: Tuesday, November 06, 2001 1:08 PM
> > To: donegan at ...3789...
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] snort on Linux works, on OpenBSD
doesn\\\'t
> > 
> > 
> > One point to be noted:
> > in OpenBSD ifconfig rl0 up does\'nt seem to work.
> > 
> > So modify /etc/hostname.rl0
> > 
> > inet 0.0.0.0 255.255.255.0 NONE
> > 
> > That should do the trick :-)
> > 
> > let me know if that works
> > 
> > cheers
> > ashley
> > 
> > 
> > On Tue, 6 Nov 2001 donegan at ...3789... wrote:
> > 
> > > I have just installed, from the same sources, snort on Linux and
> > > OpenBSD. Both compile AOK, both appear to execute OK, the 
> > Linux snort
> > > catches all the nimda stuff that continues to provide test 
> > data :-) and
> > > the OpenBSD snort catches nothing. Both are connected to 
> > the same hub
> > > (not switch), both interfaces show PROMISC mode and UP.
> > >
> > > A key difference here is that the OpenBSD snort is running on an
> > > interface that has no IP address - i.e. ifconfig rl0 up.
> > >
> > > Any pointers on waking the OpenBSD version up would be
appreciated.
> > >
> > > Thanks!
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > 
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> 
> 


--              __--__--              

Message: 5
From: Steve Halligan <agent33 at ...187...>
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unk
	nown user: Bud CTR Gordon
Date: Tue, 6 Nov 2001 15:40:02 -0600 

Ugh, the FAA uses CC Mail.  The flying public should feel safe knowing the
FAA uses the cutting edge of technology.

Please excuse me if any list readers work for the FAA other than Bud CTR
Gordon (who apparently doesn't work there anymore either).  I know that it
isn't your fault.

-steve

PS.  I know, I am using Exchange Server.  It is not my fault.  Well, I guess
it kinda is.  Sorry :P



>  -----Original Message-----
> From: 	Administrator [mailto:administrator_at_awaatscsirc at ...4014...] 
> Sent:	Tuesday, November 06, 2001 2:55 PM
> To:	snort-users at lists.sourceforge.net
> Subject:	[Snort-users] cc:Mail Link to SMTP Undeliverable Message:
Unknown user: Bud CTR Gordon
> 
>  << File: TextItem.txt >>  << File: RFC822.TXT >> 


--              __--__--              

Message: 6
Date: Tue, 06 Nov 2001 16:36:13 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005082889 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: Acid -> remote system (roel at ...47...)
   2. RE: Wrappers (Demetri Mouratis)
   3. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--               __--__--               

Message: 1
From: roel at ...47...
Subject: Re: [Snort-users] Acid -> remote system 
To: Lance Spitzner <lance at ...2024...>
Cc: snort-users at lists.sourceforge.net
Date: Tue, 06 Nov 2001 13:05:46 -0800

Lance,

You need at least the client libraries from mysql...

Something like the following gets you there:

./configure --without-server 

And since you're on solaris check the following:

http://www.mysql.com/doc/S/o/Solaris.html

(And hit next until you have the version of solaris that applies....)

I'd also suggest you go get the recent stable from mysql.com 3.22 is a little 
older, 3.23 is the current stable.

There is quite a few subtleties about mysql on solaris


		roel



--               __--__--               

Message: 2
Date: Tue, 6 Nov 2001 15:10:50 -0600 (CST)
From: Demetri Mouratis <dmourati at ...3877...>
To: "Wells, Kenneth L" <kw151002 at ...3461...>
cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Wrappers

Use something like the following:
# snort -c /path/to/snort.conf

where "/path/to" is the path to the directory where you unpacked snort.
On Tue, 6 Nov 2001, Wells, Kenneth L wrote:

> 
> I have the following error when I try to run snort
> 
> Initializing rule chains...
> ERROR: Unable to open rules file: /snort.conf or //snort.conf
> Fatal Error. Quitting...
> 
> 
> My rules are in a folder call rules in the snort-1.8.2 directory.
> 
> What should my include statement say?
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...



--               __--__--               

Message: 3
Date: Tue, 06 Nov 2001 16:16:13 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005081687 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: Acid -> remote system (Blake Frantz)
   2. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--                __--__--                

Message: 1
Date: Tue, 6 Nov 2001 14:43:46 -0600 (CST)
From: Blake Frantz <blake at ...319...>
To: Lance Spitzner <lance at ...2024...>
cc: "Snort-Users (E-mail)" <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] Acid -> remote system



Install mysql on your snort box with the --without-server compile option.

-Blake


On Tue, 6 Nov 2001, Lance Spitzner wrote:

> Question,
> 
> I'm attempting to build and use Snort+Acid, however
> acid is on a different remote system.  When I attempt
> to build snort, do I have to still compile it with the
> mysql option?
> 
> Does this mean that when I do the build, on the build
> system mysql has to be installed so the build can find
> all the headers, even though Acid is on a different
> system?
> 
> I've got a feeling the answer to this is yes, just
> want to make sure.  And if so, will the following
> from www.sunfreeware.com work on Solaris8 Sparc?
> 
>    mysql-3.22.26a-sol8-sparc-local.gz
> 
> Thanks!
> 
> -- 
> Lance Spitzner
> http://project.honeynet.org
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



--                __--__--                

Message: 2
Date: Tue, 06 Nov 2001 15:55:10 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005080232 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="TextItem.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="TextItem.txt"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: LAN (Jason Costomiris)
   2. Re: (no subject) (Byron York)
   3. Re: (no subject) (james)
   4. Re: Wrappers (james)
   5. Acid -> remote system (Lance Spitzner)
   6. RE: Wrappers (Wells, Kenneth L)
   7. cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon (Administrator)

--                 __--__--                 

Message: 1
Date: Tue, 6 Nov 2001 15:16:47 -0500
From: Jason Costomiris <jcostom at ...2019...>
To: snortlst snortlst <snortlst at ...125...>
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] LAN

On Tue, Nov 06, 2001 at 10:01:29AM -0500, snortlst snortlst wrote:
: I run snort as ids.I have a sensor on LAN that sniffs traffic coming inside
: our lan from firewall's lan interface. Is that enough to figure out if there
: are some trojans running on some workstations on the lan, or some other
: problems with lan wstations?

That's enough to see traffic going to/from the Internet, not necessarily
all of your network.

: If this configuration is not enough then what.....I should mirror all 700
: ports on the lan switch to the snort sensor port?

If you've got that many live ports, I'd say you're probably best off
using multiple sensors with barnyard talking to a postresql/mysql db.

-- 
Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.
                    My account, My opinions.


--                 __--__--                 

Message: 2
Date: Tue, 06 Nov 2001 14:47:52 -0600
From: Byron York <byron at ...3288...>
To: "Wells, Kenneth L" <kw151002 at ...3461...>,
        "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] (no subject)


--------------5535BD072F54F6E729D4AC0D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

rpm -qa | grep libpcap

And I don't think you are missing anything with those steps.


"Wells, Kenneth L" wrote:

> Thanks to whoever sent this to me.......Can anyone tell me if I'm
> missing anything?
>
> How can I tell if I have libpcap already installed?
>
> Kenny

--------------5535BD072F54F6E729D4AC0D
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
rpm -qa | grep libpcap
<p>And I don't think you are missing anything with those steps.
<br> 
<p>"Wells, Kenneth L" wrote:
<blockquote TYPE=CITE><font face="Arial"><font size=-1>Thanks to whoever
sent this to me.......Can anyone tell me if I'm missing anything?</font></font>
<p><font face="Arial"><font size=-1>How can I tell if I have libpcap already
installed?</font></font>
<p><font face="Arial"><font size=-1>Kenny</font></font></blockquote>
</html>

--------------5535BD072F54F6E729D4AC0D--



--                 __--__--                 

Message: 3
From: "james" <the_saint_james at ...131...>
To: "Wells, Kenneth L" <kw151002 at ...3461...>
Cc: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] (no subject)
Date: Tue, 6 Nov 2001 13:36:23 -0700

if you have updated updatedb:

locate libpcap

or 

whereis libpcap




James Edwards
jamesh at ...3784...
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700




--                 __--__--                 

Message: 4
From: "james" <the_saint_james at ...131...>
To: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] Wrappers
Date: Tue, 6 Nov 2001 13:37:38 -0700

It really depends on what Unix distro you use. Some do or don't allow you to
control ssh and http via the wrappers.
In theory, any service that has a one to one mapping wuth an exacutable can
be remapped to tcpd or the service daemon
replaced with tcpd and then tcpd passed the connection (after check and
logging) to the correct daemon.

james



--                 __--__--                 

Message: 5
Date: Tue, 6 Nov 2001 14:37:37 -0600 (CST)
From: Lance Spitzner <lance at ...2024...>
To: "Snort-Users (E-mail)" <snort-users at lists.sourceforge.net>
Subject: [Snort-users] Acid -> remote system

Question,

I'm attempting to build and use Snort+Acid, however
acid is on a different remote system.  When I attempt
to build snort, do I have to still compile it with the
mysql option?

Does this mean that when I do the build, on the build
system mysql has to be installed so the build can find
all the headers, even though Acid is on a different
system?

I've got a feeling the answer to this is yes, just
want to make sure.  And if so, will the following
from www.sunfreeware.com work on Solaris8 Sparc?

   mysql-3.22.26a-sol8-sparc-local.gz

Thanks!

-- 
Lance Spitzner
http://project.honeynet.org



--                 __--__--                 

Message: 6
From: "Wells, Kenneth L" <kw151002 at ...3461...>
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Wrappers
Date: Tue, 6 Nov 2001 15:40:01 -0500 


I have the following error when I try to run snort

Initializing rule chains...
ERROR: Unable to open rules file: /snort.conf or //snort.conf
Fatal Error. Quitting...


My rules are in a folder call rules in the snort-1.8.2 directory.

What should my include statement say?


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--                 __--__--                 

Message: 7
Date: Tue, 06 Nov 2001 15:37:10 -0500
From: "Administrator"<administrator_at_awaatscsirc at ...4014...>
To: <snort-users at lists.sourceforge.net>
Subject: [Snort-users] cc:Mail Link to SMTP Undeliverable Message: Unknown user: Bud CTR Gordon


--1005079301 at ...4014...
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Description: "cc:Mail Note Part"

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: Wrappers (Chris Green)
   2. Re: Ignoring ports (Chris Green)
   3. RE: snort on Linux works, on OpenBSD doesn\'t (Chris Eidem)
   4. RE: Barnyard and ACID question (Steve Halligan)
   5. RE: snort on Linux works, on OpenBSD doesn\'t (Ashley Thomas)
   6. (no subject) (Wells, Kenneth L)

--                  __--__--                  

Message: 1
To: "snortlst snortlst" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] Wrappers
From: Chris Green <cmg at ...671...>
Reply-To: snort-users at lists.sourceforge.net
Date: Tue, 06 Nov 2001 13:39:39 -0600

"snortlst snortlst" <snortlst at ...125...> writes:

> On which layer snort inspects incoming traffic? If it inspects it before
> tcp/ip (like checkpoint firewall) then can I use tcp wrappers and deny all
> traffic in tcp wrappers in order to secure linux machine?

It sniffs in promiscous mode so it can see traffic with no interaction
with the native tcp/ip stack  ( other than where it overlaps with BPF
).

Yes.  Using TCP wrappers will not affect snort.

>  thx.

-- 
Chris Green <cmg at ...671...>
A good pun is its own reword.


--                  __--__--                  

Message: 2
To: "Joshua Thomas" <thomasj at ...3870...>
Cc: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] Ignoring ports
From: Chris Green <cmg at ...671...>
Reply-To: snort-users at lists.sourceforge.net
Date: Tue, 06 Nov 2001 13:44:43 -0600

"Joshua Thomas" <thomasj at ...3870...> writes:

> How do I ignore arbirtary ports with out rewriting all the rules?
> For example, kazza runs on port 1214; how can I make all my rules not
> trigger on port 1214 traffic?

pcap filter of 'not tcp and port 1214 '

or

pass tcp any any <-> any 1214
along with using snort -o

Beware that this will open one for attacks due to clever attackers
using 1214 as a source port for the attack.

Someday, snort might be able to tell what kinda traffic it is and
possibly ignore it based on that.
-- 
Chris Green <cmg at ...671...>
"I'm beginning to think that my router may be confused."


--                  __--__--                  

Message: 3
Subject: RE: [Snort-users] snort on Linux works, on OpenBSD doesn\'t
Date: Tue, 6 Nov 2001 13:46:51 -0600
From: "Chris Eidem" <jceidem at ...2191...>
To: "Ashley Thomas" <athomas at ...3539...>,
	<donegan at ...3789...>
Cc: <snort-users at lists.sourceforge.net>

Not necessary, here is my setup:

[root at ...3953... /home/ceidem/src]# for i in /etc/hostname.*; do echo $i;
cat $i; done
/etc/hostname.fxp0
up
/etc/hostname.xl0
inet 10.70.0.108 255.255.255.0 NONE=20
/etc/hostname.xl1
up

> -----Original Message-----
> From: Ashley Thomas [mailto:athomas at ...3539...]
> Sent: Tuesday, November 06, 2001 1:08 PM
> To: donegan at ...3789...
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] snort on Linux works, on OpenBSD doesn\'t
>=20
>=20
> One point to be noted:
> in OpenBSD ifconfig rl0 up does'nt seem to work.
>=20
> So modify /etc/hostname.rl0
>=20
> inet 0.0.0.0 255.255.255.0 NONE
>=20
> That should do the trick :-)
>=20
> let me know if that works
>=20
> cheers
> ashley
>=20
>=20
> On Tue, 6 Nov 2001 donegan at ...3789... wrote:
>=20
> > I have just installed, from the same sources, snort on Linux and
> > OpenBSD. Both compile AOK, both appear to execute OK, the=20
> Linux snort
> > catches all the nimda stuff that continues to provide test=20
> data :-) and
> > the OpenBSD snort catches nothing. Both are connected to=20
> the same hub
> > (not switch), both interfaces show PROMISC mode and UP.
> >
> > A key difference here is that the OpenBSD snort is running on an
> > interface that has no IP address - i.e. ifconfig rl0 up.
> >
> > Any pointers on waking the OpenBSD version up would be appreciated.
> >
> > Thanks!
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
> >
>=20
>=20
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
>=20


--                  __--__--                  

Message: 4
From: Steve Halligan <agent33 at ...187...>
To: Steve Halligan <agent33 at ...187...>, "'Andrew R. Baker'"
	 <andrewb at ...950...>
Cc: "'snort-users at lists.sourceforge.net'"
	 <snort-users at lists.sourceforge.net>
Subject: RE: [Snort-users] Barnyard and ACID question
Date: Tue, 6 Nov 2001 13:53:00 -0600 

One more piece of wierdness:  Barnyard popped up a few "Unknown Network
Header (0x0)" and inserted an alert with only a sig, no ip info, tcp info,
etc.



> -----Original Message-----
> From: Steve Halligan [mailto:agent33 at ...187...]
> Sent: Tuesday, November 06, 2001 12:29 PM
> To: 'Andrew R. Baker'; 'Wozz'
> Cc: 'snort-users at lists.sourceforge.net'
> Subject: RE: [Snort-users] Barnyard and ACID question
> 
> 
> PS:  The timestamps appear to be set to UTC.  Both the 
> snort/barnyard box
> and the database box are set to the correct time and timezone, but
> timestamps logged in the database are +6 hours (which would 
> be utc from
> where I am).  Not a bug, but is there anyway to change this behaviour?
> 
> > -----Original Message-----
> > From: Steve Halligan 
> > Sent: Tuesday, November 06, 2001 12:23 PM
> > To: 'Andrew R. Baker'; Wozz
> > Cc: snort-users at lists.sourceforge.net
> > Subject: RE: [Snort-users] Barnyard and ACID question
> > 
> > 
> > I am having this problem also.  OpenBSD 2.9-release here.  
> > Barnyard from CVS today.  snort-unified-logfile is attached.
> > I also noticed that sometimes (although not in this logfile, 
> > I believe)  the ordering of the source ip address backwards 
> > also a.b.c.d becomes d.c.b.a.  The dest ip is unaffected.
> > -steve
> > 
> > > -----Original Message-----
> > > From: Andrew R. Baker [mailto:andrewb at ...950...]
> > > Sent: Monday, November 05, 2001 11:44 PM
> > > To: Wozz
> > > Cc: snort-users at lists.sourceforge.net
> > > Subject: Re: [Snort-users] Barnyard and ACID question
> > > 
> > > 
> > > Wozz wrote:
> > > > 
> > > > I'm noticing some problems with barnyard and the mysql 
> > > output plugin.
> > > > After some correlation, here's the real headers for the 
> > > event (from the
> > > > barnyard log output plugin)
> > > > 
> > > > [**] [1:1002:1] WEB-IIS cmd.exe access [**]
> > > > [Classification: Attempted User Privilege Gain] [Priority: 8]
> > > > Event ID: 692     Event Reference: 0
> > > > 11/03/01-11:34:37.020121 a.b.c.130:55776 -> x.y.z.64:80
> > > > TCP TTL:50 TOS:0x0 ID:37849 IpLen:20 DgmLen:208 DF
> > > > ***AP*** Seq: 0x6CA76E65  Ack: 0x636CB06B  Win: 0x2238  
> TcpLen: 32
> > > > 
> > > > For some reason, when using the mysql output plugin in 
> > > barnyard, the source
> > > > port is being munged from the correct 55776 to 57561, and 
> > > the destination
> > > > port from 80 to 20480.  I've confirmed that this is the 
> > > data that is being
> > > > inserted into mysql (as opposed to it being an ACID display 
> > > problem).
> > > > 
> > > > This is consistant across all alerts being inserted into 
> > > mysql (as far as I
> > > > can tell)
> > > > 
> > > > Is this a known bug?
> > > 
> > > 
> > > Which version (and build) of snort are you using?  Do you 
> > have a small
> > > unified alert file you could send me for testing?  AFAIK, 
> > this should
> > > not occur.  I will look into it tomorrow.
> > > 
> > > -A
> > > 
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > 
> > 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


--                  __--__--                  

Message: 5
Date: Tue, 6 Nov 2001 14:55:52 -0500 (EST)
From: Ashley Thomas <athomas at ...3539...>
To: Chris Eidem <jceidem at ...2191...>
cc: <donegan at ...3789...>, <snort-users at lists.sourceforge.net>
Subject: RE: [Snort-users] snort on Linux works, on OpenBSD doesn\'t


Could you explain what you are doing.

thanks
ashley

On Tue, 6 Nov 2001, Chris Eidem wrote:

> Not necessary, here is my setup:
>
> [root at ...3953... /home/ceidem/src]# for i in /etc/hostname.*; do echo $i;
> cat $i; done
> /etc/hostname.fxp0
> up
> /etc/hostname.xl0
> inet 10.70.0.108 255.255.255.0 NONE
> /etc/hostname.xl1
> up
>
> > -----Original Message-----
> > From: Ashley Thomas [mailto:athomas at ...3539...]
> > Sent: Tuesday, November 06, 2001 1:08 PM
> > To: donegan at ...3789...
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] snort on Linux works, on OpenBSD doesn\'t
> >
> >
> > One point to be noted:
> > in OpenBSD ifconfig rl0 up does'nt seem to work.
> >
> > So modify /etc/hostname.rl0
> >
> > inet 0.0.0.0 255.255.255.0 NONE
> >
> > That should do the trick :-)
> >
> > let me know if that works
> >
> > cheers
> > ashley
> >
> >
> > On Tue, 6 Nov 2001 donegan at ...3789... wrote:
> >
> > > I have just installed, from the same sources, snort on Linux and
> > > OpenBSD. Both compile AOK, both appear to execute OK, the
> > Linux snort
> > > catches all the nimda stuff that continues to provide test
> > data :-) and
> > > the OpenBSD snort catches nothing. Both are connected to
> > the same hub
> > > (not switch), both interfaces show PROMISC mode and UP.
> > >
> > > A key difference here is that the OpenBSD snort is running on an
> > > interface that has no IP address - i.e. ifconfig rl0 up.
> > >
> > > Any pointers on waking the OpenBSD version up would be appreciated.
> > >
> > > Thanks!
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>



--                  __--__--                  

Message: 6
From: "Wells, Kenneth L" <kw151002 at ...3461...>
To: snort-users at lists.sourceforge.net
Date: Tue, 6 Nov 2001 15:05:02 -0500 
Subject: [Snort-users] (no subject)

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C166FE.5206D3B0
Content-Type: text/plain

Thanks to whoever sent this to me.......Can anyone tell me if I'm missing
anything?

How can I tell if I have libpcap already installed?

Kenny




1.Search the web and install libpcap 
- unpack it 
Then run: 
- ./configure 
- make 
- make install 
2. download snort (www.snort.org <http://www.snort.org> ) 
- unpack it (gzip -d <snort file.tar.gzip>, then tar -xvf <snortfile.tar> 
Then run 
- ./configure 
- make 
- make install 
3. Make sure when you run snort it sets your nic to promiscuous mode. If it
doesn't then do the followingt manually before starting snort: ifconfig
<yournic> promisc 
4. In the installation directory find the snort.conf file and edit the
following values: 
- set $home_net to your lan 
- set external_net to !$home_net 
- set the logging to /var/snort/log 
- include your dns server addresses in the list of ignored hosts 
- in the bottom of the file (where you see a lot of 'include rules' provide
a path to the rules. You'll have to download the rules from snort.org) 
5. Create a 'snort' directory in the /var/log. Here IDS logs things. 
6. Download snort_stat.pl from snort.org. This perl script will parse alert
and portscan files and present it to you in nice html format. 
7. Connect snort machine to internet or to internal lan (depends what you
wanna sniff exactly) 
8. On the switch or hub mirror firewall (or whatever you want to sniff) port
to port where snort machine is connected. 
9.start snort like : snort -c /snort.conf 
(it will automatically use full loggong feature and and will use default log
directory /var/log/snort) 
10. after a while run: 
cat /var/log/snort | /snort_stat.pl -f -h > /alert.html (this one will
create and alert.html file in the / , you can open it later with browser) 
That's what I remember from the top of my head.This is a very basic setup,
you can do much more complicated things, especially regarding representation
of alert files. 
hope this helps. 
P.S. don't disregard reading FAQ on snort.org, though I think it misses
quite a lot of things for newbies and can't be very useful for the bigginer.



------_=_NextPart_001_01C166FE.5206D3B0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2654.19">
<TITLE></TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks to whoever sent this to =
me.......Can anyone tell me if I'm missing anything?</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">How can I tell if I have libpcap =
already installed?</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Kenny</FONT>
</P>
<BR>
<BR>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Arial">1.Search the web and install =
libpcap</FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- unpack it</FONT><FONT FACE=3D"Times =
New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Then run:</FONT><FONT FACE=3D"Times =
New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- ./configure</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- make</FONT><FONT FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- make install</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">2. download snort (</FONT><A =
HREF=3D"http://www.snort.org"><U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">www.snort.org</FONT></U></A><FONT SIZE=3D2 =
FACE=3D"Arial">)</FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- unpack it (gzip -d <snort =
file.tar.gzip>, then tar -xvf <snortfile.tar></FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Then run</FONT><FONT FACE=3D"Times =
New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- ./configure</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- make</FONT><FONT FACE=3D"Times New =
Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- make install</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">3. Make sure when you run snort it =
sets your nic to promiscuous mode. If it doesn't then do the followingt =
manually before starting snort: ifconfig <yournic> =
promisc</FONT><FONT FACE=3D"Times New Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">4. In the installation directory find =
the snort.conf file and edit the following values:</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- set $home_net to your =
lan</FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- set external_net to =
!$home_net</FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- set the logging to =
/var/snort/log</FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- include your dns server addresses =
in the list of ignored hosts</FONT><FONT FACE=3D"Times New Roman"> =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">- in the bottom of the file (where =
you see a lot of 'include rules' provide a path to the rules. You'll =
have to download the rules from snort.org)</FONT><FONT FACE=3D"Times =
New Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">5. Create a 'snort' directory in the =
/var/log. Here IDS logs things.</FONT><FONT FACE=3D"Times New Roman"> =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">6. Download snort_stat.pl from =
snort.org. This perl script will parse alert and portscan files and =
present it to you in nice html format.</FONT><FONT FACE=3D"Times New =
Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">7. Connect snort machine to internet =
or to internal lan (depends what you wanna sniff exactly)</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">8. On the switch or hub mirror =
firewall (or whatever you want to sniff) port to port where snort =
machine is connected.</FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">9.start snort like : snort -c =
/snort.conf</FONT>=20
<BR><FONT SIZE=3D2 FACE=3D"Arial">(it will automatically use full =
loggong feature and and will use default log directory /var/log/snort)</=
FONT><FONT FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">10. after a while run:</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">cat /var/log/snort | /snort_stat.pl =
-f -h > /alert.html (this one will create and alert.html file in the =
/ , you can open it later with browser)</FONT><FONT FACE=3D"Times New =
Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">That's what I remember from the top of =
my head.This is a very basic setup, you can do much more complicated =
things, especially regarding representation of alert files.</FONT><FONT =
FACE=3D"Times New Roman"> </FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">hope this helps.</FONT><FONT =
FACE=3D"Times New Roman"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">P.S. don't disregard reading FAQ on =
snort.org, though I think it misses quite a lot of things for newbies =
and can't be very useful for the bigginer.</FONT></P>
<BR>

</BODY>
</HTML>
------_=_NextPart_001_01C166FE.5206D3B0--



--                  __--__--                  

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005079301 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 15:35:34 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA6KZXO00194;
	Tue, 6 Nov 2001 15:35:33 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161Cdi-00058W-00; Tue, 06 Nov 2001 12:16:06 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1222 - 6 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161Cdi-00058W-00 at ...1030...>
Date: Tue, 06 Nov 2001 12:16:06 -0800

--1005079301 at ...4015...



--                 __--__--                 

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005080232 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 15:55:21 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA6KtKO02300;
	Tue, 6 Nov 2001 15:55:20 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161D3p-0002NZ-00; Tue, 06 Nov 2001 12:43:05 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1223 - 7 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161D3p-0002NZ-00 at ...1030...>
Date: Tue, 06 Nov 2001 12:43:05 -0800

--1005080232 at ...4015...



--                __--__--                

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005081687 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 16:15:09 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA6LF8O04111;
	Tue, 6 Nov 2001 16:15:08 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161DJH-0004iO-00; Tue, 06 Nov 2001 12:59:03 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1224 - 2 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161DJH-0004iO-00 at ...1030...>
Date: Tue, 06 Nov 2001 12:59:03 -0800

--1005081687 at ...4015...



--               __--__--               

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005082889 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 16:35:55 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA6LZsO05999;
	Tue, 6 Nov 2001 16:35:54 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161DgV-0008Hx-00; Tue, 06 Nov 2001 13:23:03 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1225 - 3 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161DgV-0008Hx-00 at ...1030...>
Date: Tue, 06 Nov 2001 13:23:03 -0800

--1005082889 at ...4015...



--              __--__--              

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005089494 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay2.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 17:05:31 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay2.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA6M5T015623;
	Tue, 6 Nov 2001 17:05:29 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161Dzs-0003b1-00; Tue, 06 Nov 2001 13:43:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1226 - 7 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161Dzs-0003b1-00 at ...1030...>
Date: Tue, 06 Nov 2001 13:43:04 -0800

--1005089494 at ...4015...



--             __--__--             

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005091289 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 18:49:55 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA6NpFJ14326;
	Tue, 6 Nov 2001 18:51:15 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161FiJ-0000TW-00; Tue, 06 Nov 2001 15:33:03 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1227 - 4 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161FiJ-0000TW-00 at ...1030...>
Date: Tue, 06 Nov 2001 15:33:03 -0800

--1005091289 at ...4015...



--            __--__--            

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005092491 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 19:11:03 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA70COO18359;
	Tue, 6 Nov 2001 19:12:24 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161GBM-0000tL-00; Tue, 06 Nov 2001 16:03:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1228 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161GBM-0000tL-00 at ...1030...>
Date: Tue, 06 Nov 2001 16:03:04 -0800

--1005092491 at ...4015...



--           __--__--           

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005093990 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 19:37:59 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA70bwJ17189;
	Tue, 6 Nov 2001 19:37:58 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161GUi-0001NL-00; Tue, 06 Nov 2001 16:23:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1229 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161GUi-0001NL-00 at ...1030...>
Date: Tue, 06 Nov 2001 16:23:04 -0800

--1005093990 at ...4015...



--          __--__--          

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005095489 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 20:06:18 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA716HJ19231;
	Tue, 6 Nov 2001 20:06:17 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161Gsu-0006on-00; Tue, 06 Nov 2001 16:48:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1230 - 2 msgs
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161Gsu-0006on-00 at ...1030...>
Date: Tue, 06 Nov 2001 16:48:04 -0800

--1005095489 at ...4015...



--         __--__--         

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005096687 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay2.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 20:24:12 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay2.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA71OA005076;
	Tue, 6 Nov 2001 20:24:11 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161HHB-0003nJ-00; Tue, 06 Nov 2001 17:13:09 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1231 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161HHB-0003nJ-00 at ...1030...>
Date: Tue, 06 Nov 2001 17:13:09 -0800

--1005096687 at ...4015...



--        __--__--        

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005097884 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 20:47:05 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA71l3J21967;
	Tue, 6 Nov 2001 20:47:03 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161HaR-0006Ws-00; Tue, 06 Nov 2001 17:33:03 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1232 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161HaR-0006Ws-00 at ...1030...>
Date: Tue, 06 Nov 2001 17:33:03 -0800

--1005097884 at ...4015...



--       __--__--       

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005099985 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay2.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 21:13:32 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay2.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA72DV009497;
	Tue, 6 Nov 2001 21:13:31 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161Hto-0001qb-00; Tue, 06 Nov 2001 17:53:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1233 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161Hto-0001qb-00 at ...1030...>
Date: Tue, 06 Nov 2001 17:53:04 -0800

--1005099985 at ...4015...



--      __--__--      

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005101188 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 21:40:20 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA72eIJ25216;
	Tue, 6 Nov 2001 21:40:18 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161IRg-0004xN-00; Tue, 06 Nov 2001 18:28:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1234 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161IRg-0004xN-00 at ...1030...>
Date: Tue, 06 Nov 2001 18:28:04 -0800

--1005101188 at ...4015...



--     __--__--     

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005102686 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay2.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 22:03:31 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay2.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA733U013407;
	Tue, 6 Nov 2001 22:03:30 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161Il1-0006Tx-00; Tue, 06 Nov 2001 18:48:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1235 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161Il1-0006Tx-00 at ...1030...>
Date: Tue, 06 Nov 2001 18:48:04 -0800

--1005102686 at ...4015...



--    __--__--    

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005104487 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 22:32:10 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA73W8O00497;
	Tue, 6 Nov 2001 22:32:08 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161J9F-0000aS-00; Tue, 06 Nov 2001 19:13:05 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1236 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161J9F-0000aS-00 at ...1030...>
Date: Tue, 06 Nov 2001 19:13:05 -0800

--1005104487 at ...4015...



--   __--__--   

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005105984 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 22:58:06 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA73w5J00290;
	Tue, 6 Nov 2001 22:58:05 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161JcF-0004bF-00; Tue, 06 Nov 2001 19:43:03 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1237 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161JcF-0004bF-00 at ...1030...>
Date: Tue, 06 Nov 2001 19:43:03 -0800

--1005105984 at ...4015...



--  __--__--  

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005107184 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay4.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 23:19:04 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay4.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA74J3J01760;
	Tue, 6 Nov 2001 23:19:03 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161K0S-00088x-00; Tue, 06 Nov 2001 20:08:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1238 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161K0S-00088x-00 at ...1030...>
Date: Tue, 06 Nov 2001 20:08:04 -0800

--1005107184 at ...4015...



-- __--__-- 

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest



--1005108986 at ...4014...
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"

Received: from relay2.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Tue, 06 Nov 2001 23:47:36 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay2.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA74lY021657;
	Tue, 6 Nov 2001 23:47:34 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161KJo-0001uG-00; Tue, 06 Nov 2001 20:28:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1239 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161KJo-0001uG-00 at ...1030...>
Date: Tue, 06 Nov 2001 20:28:04 -0800

--1005108986 at ...4015...



--__--__--

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest


-------------- next part --------------
Received: from relay5.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP R8.31.00.5)
	; Wed, 07 Nov 2001 00:15:53 -0500
Return-Path: <snort-users-admin at lists.sourceforge.net>
Received: from usw-sf-list1.sourceforge.net (usw-sf-fw2.sourceforge.net [216.136.171.252])
	by relay5.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA75HEO06828;
	Wed, 7 Nov 2001 00:17:14 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
	by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
	id 161Kmq-0006Qr-00; Tue, 06 Nov 2001 20:58:04 -0800
From: snort-users-request at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #1240 - 1 msg
Reply-to: snort-users at lists.sourceforge.net
X-Mailer: Mailman v2.0.5
MIME-version: 1.0
Content-type: text/plain
To: snort-users at lists.sourceforge.net
Sender: snort-users-admin at lists.sourceforge.net
Errors-To: snort-users-admin at lists.sourceforge.net
X-BeenThere: snort-users at lists.sourceforge.net
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
List-Post: <mailto:snort-users at lists.sourceforge.net>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,
	<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Message-Id: <E161Kmq-0006Qr-00 at ...1030...>
Date: Tue, 06 Nov 2001 20:58:04 -0800

--1005129506 at ...4015...



More information about the Snort-users mailing list