[Snort-users] SRI Emerlad Project/ACID-XML Status Update

S. sleepy at ...7582...
Thu Jan 23 00:06:02 EST 2003


Hello every one :
I just wanted to let you know I am getting ready to release ACID-XML for
unix by the end of th week.
I had completely rewrote it, used expat for XML parsing, and QT for GUI. it
builds on Linux and OpenBSD, written in C++, clean code   and looks pretty
nice.
I will explain the data structure later this week when I release it. but I
just want some feedback specially from people who downloaded the win32
version.

it currently features the Events Table, but in addition to features that
were in the win32 version, I added 6 maps to show Src/Dst Occurrences
frequency in ICMP/UDP/TCP protocols.if you have any suggestions, go ahead
and post it on the site, if it is not too complicated , I might push it in
as long as it would not be major testing.
I am sure the elders know about this, but I thought maybe the newcomers like
me would like to read a bit about it.
The Emerald project, being developed in Stanford Research institute has been
working on an intrusion detection and network sensors project since 1996.
They have recently acquired a patent it seems. it is overall interesting,
Take a look
http://www.sdl.sri.com/projects/emerald/

Sleepy
Do you Unix?
http://www.maximumunix.org

----- Original Message -----
From: <snort-users-request at lists.sourceforge.net>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, January 22, 2003 1:34 PM
Subject: Snort-users digest, Vol 1 #2702 - 15 msgs


> Send Snort-users mailing list submissions to
> snort-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
> snort-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
> snort-users-admin at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
>
>
> Today's Topics:
>
>    1. Problems with local host .. (David Alonso De La Vega Tapage)
>    2. $HOME_NET question (Ralph Churchill)
>    3. Re: Problems with local host .. (Matt Kettler)
>    4. Re: Problems with local host .. (Eli Stair)
>    5. Attention ALL Windows Users : Install Complete IDS Solution on
Windows - Major Update v2! (Michael Steele)
>    6. Re: $HOME_NET question (Matt Kettler)
>    7. Re: $HOME_NET question (Erek Adams)
>    8. Re: Problems with local host .. (Erick Mechler)
>    9. Re: Classifications (Peter VE)
>   10. Re: $HOME_NET question (twig les)
>   11. Hogwash Compile (JOHN R BLACKMORE)
>   12. RE: $HOME_NET question (Michael Steele)
>   13. Re: Snort Rules for LOKI Daemon (Matt Kettler)
>   14. mysql_error (Darrin Powell)
>   15. Re: Snort Rules for LOKI Daemon (twig les)
>
> --__--__--
>
> Message: 1
> Date: Wed, 22 Jan 2003 15:09:08 -0500
> From: David Alonso De La Vega Tapage <delavegad at ...7768...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Problems with local host ..
>
>
> Maybe is a simple thing ..  but last day, recompile my php and now when
> try to contact http://localhost/acid/acid_main.php  have this  error ..
>
> The conection was refused when atemptin conect to local host ..
>
> Some idea about it ..
>
> Thanx for all siguestions in advance ..
>
> David Alonso
>
>
>
> --__--__--
>
> Message: 2
> Date: Wed, 22 Jan 2003 12:13:31 -0800 (PST)
> From: Ralph Churchill <mrchucho at ...131...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] $HOME_NET question
>
> I have snort 1.8.7. I have set my $HOME_NET to be
> $eth0_ADDRESS and my external net set to !$HOME_NET.
> However, I still get alerts from other computers on my
> subnet! For example, the "SNMP public access udp" rule
> says:
>
> alert udp $EXTERNAL_NET any -> $HOME_NET 161...
>
> For this example, assume my IP is 192.168.1.2. I'm
> getting  alerts for a packet from 172.20.39.32 to
> 192.168.1.3. Why?   I'm totally confused. I thought
> $HOME, if set to $eth0_ADDRESS would only give alerts
> for things coming into my IP?!?! Am I wrong?
>
> RMC
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> --__--__--
>
> Message: 3
> Date: Wed, 22 Jan 2003 15:44:40 -0500
> To: David Alonso De La Vega Tapage <delavegad at ...7768...>,
>    snort-users at lists.sourceforge.net
> From: Matt Kettler <mkettler at ...4108...>
> Subject: Re: [Snort-users] Problems with local host ..
>
> I assume you're trying to do this on the box that PHP and whatever
> webserver your using is installed on, instead of some other machine.
>
> Did you check to see if the httpd is up and running?
>
> Try netstat -l, you should see a line like:
>
> tcp        0      0 *:http                  *:*                     LISTEN
>
>
>
> At 03:09 PM 1/22/2003 -0500, David Alonso De La Vega Tapage wrote:
>
> >Maybe is a simple thing ..  but last day, recompile my php and now when
> >try to contact http://localhost/acid/acid_main.php  have this  error ..
> >
> >The conection was refused when atemptin conect to local host ..
> >
> >Some idea about it ..
> >
> >Thanx for all siguestions in advance ..
> >
> >David Alonso
>
>
>
> --__--__--
>
> Message: 4
> Date: Mon, 20 Jan 2003 18:11:57 -0500
> From: Eli Stair <estair at ...7351...>
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Problems with local host ..
>
> Try doing a google search for "The conection was refused when atemptin
conect to local host"
> or checking on the Apache or PHP mailing lists.
>
> On Wed, 22 Jan 2003 15:09:08 -0500
> David Alonso De La Vega Tapage <delavegad at ...7768...> wrote:
>
> > Maybe is a simple thing ..  but last day, recompile my php and now when
> > try to contact http://localhost/acid/acid_main.php  have this  error ..
> >
> > The conection was refused when atemptin conect to local host ..
> >
> > Some idea about it ..
> >
> > Thanx for all siguestions in advance ..
> >
> > David Alonso
>
> --
> CAUTION: Repeated use of finger can cause a system to become overloaded,
which can cause it to stop responding.
> --Infinite wisdom from the font that is ISS 6.2.1
>
>
> --__--__--
>
> Message: 5
> From: "Michael Steele" <michaels at ...155...>
> To: <snort-users at lists.sourceforge.net>
> Date: Wed, 22 Jan 2003 12:48:14 -0800
> Subject: [Snort-users] Attention ALL Windows Users : Install Complete IDS
Solution on Windows - Major Update v2!
>
> To all Windows users of Snort:
>
> Please read all the notices below.
>
> Yesterday, with the latest released my documentation, I found several =
> minor
> to moderate buuuugs. If you have used that documentation please go back =
> and
> update with the newly released version.
>
>
> New Stuff.....
>
> I have completed the documentation for have creating a complete IDS =
> solution
> for Windows using Apache as the webserver.
>
> Right now the documentation ONLY addresses installing Snort, IIS or =
> Apache,
> MySQL, and Acid.
>
> Note: All support programs are cutting edge, so precautions are always =
> wise.
>
> Note: I will be addressing Snortsnarf in the very near future.
>
> Note: This is a major rewrite of my previous documentation.
>
> I would like to thank two very brave people for testing this =
> installation:
>
> Steve Konde
> Robert Birkely
>
> Also, great thanks to; Michael Davis & Chris Reid for porting this great
> program, "SNORT"; to windows. The future of security :-) (Please, No =
> flames)
>
> Finally, the link:
>
> http://www.silicondefense.com/techsupport/windows-acid.htm
>
> -Michael
> --=20
>  Michael Steele | System Engineer / Support Technician    =20
>  mailto:michaels at ...155...   =20
>  Silicon Defense: IDS solutions - http://www.silicondefense.com
>  Snort: Open Source Network IDS - http://www.snort.org
>
>
>
>
>
>
> --__--__--
>
> Message: 6
> Date: Wed, 22 Jan 2003 15:54:16 -0500
> To: Ralph Churchill <mrchucho at ...131...>,
snort-users at lists.sourceforge.net
> From: Matt Kettler <mkettler at ...4108...>
> Subject: Re: [Snort-users] $HOME_NET question
>
> As per the comments in snort.conf, if you use $eth0_ADDRESS it uses the IP
> *and* netmask of eth0.
>
> # or use global variable $<interfacename>_ADDRESS
> # which will be always initialized to IP address and
> # netmask of the network interface which you run
> # snort at.
> #
> # var HOME_NET $eth0_ADDRESS
>
> This in your case your home_net is likely going to be 192.168.1.2/24 which
> means that 192.168.1.* will be recognized as part of it.
>
> At 12:13 PM 1/22/2003 -0800, Ralph Churchill wrote:
> >I have snort 1.8.7. I have set my $HOME_NET to be
> >$eth0_ADDRESS and my external net set to !$HOME_NET.
> >However, I still get alerts from other computers on my
> >subnet! For example, the "SNMP public access udp" rule
> >says:
> >
> >alert udp $EXTERNAL_NET any -> $HOME_NET 161...
> >
> >For this example, assume my IP is 192.168.1.2. I'm
> >getting  alerts for a packet from 172.20.39.32 to
> >192.168.1.3. Why?   I'm totally confused. I thought
> >$HOME, if set to $eth0_ADDRESS would only give alerts
> >for things coming into my IP?!?! Am I wrong?
> >
> >RMC
>
>
>
> --__--__--
>
> Message: 7
> Date: Wed, 22 Jan 2003 15:42:30 -0500 (EST)
> From: Erek Adams <erek at ...950...>
> To: Ralph Churchill <mrchucho at ...131...>
> cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] $HOME_NET question
>
> On Wed, 22 Jan 2003, Ralph Churchill wrote:
>
> > I have snort 1.8.7. I have set my $HOME_NET to be
> > $eth0_ADDRESS and my external net set to !$HOME_NET.
> > However, I still get alerts from other computers on my
> > subnet! For example, the "SNMP public access udp" rule
> > says:
> >
> > alert udp $EXTERNAL_NET any -> $HOME_NET 161...
> >
> > For this example, assume my IP is 192.168.1.2. I'm
> > getting  alerts for a packet from 172.20.39.32 to
> > 192.168.1.3. Why?   I'm totally confused. I thought
> > $HOME, if set to $eth0_ADDRESS would only give alerts
> > for things coming into my IP?!?! Am I wrong?
>
> Depends.
>
> Where are the alerts coming from?  From rules or from one of the
> preprocessors?  Can you post a copy of the error?  Can you post your
> HOME_NET statement?
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson
>
>
> --__--__--
>
> Message: 8
> Date: Wed, 22 Jan 2003 12:53:03 -0800
> From: Erick Mechler <emechler at ...7719...>
> To: David Alonso De La Vega Tapage <delavegad at ...7768...>
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Problems with local host ..
>
> :: Maybe is a simple thing ..  but last day, recompile my php and now when
> :: try to contact http://localhost/acid/acid_main.php  have this  error ..
> ::
> :: The conection was refused when atemptin conect to local host ..
>
> Sounds like your web server isn't running.  Try restarting it.
>
>
> --__--__--
>
> Message: 9
> From: "Peter VE" <peter.ve at ...1187...>
> To: <snort-users at lists.sourceforge.net>,
> "Kenneth G. Arnold" <bkarnold at ...8060...>
> Subject: Re: [Snort-users] Classifications
> Date: Wed, 22 Jan 2003 21:57:17 +0100
>
> interesting idea... I'll try that
>
> thanks a lot !!!
>
> P
>
> ----- Original Message -----
> From: "Kenneth G. Arnold" <bkarnold at ...8060...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Wednesday, January 22, 2003 8:14 PM
> Subject: Re: [Snort-users] Classifications
>
>
> > The classification is stored in the database so you could use sql to
> change
> > or set the classification of a preprocessor for ACID.  Snortsnarf is
> > another matter since it uses the alerts file directly.
> > Ken
> >
> > At 07:05 AM 1/22/03 +0100, Peter VE wrote:
> > >Hi all,
> > >
> > >
> > >Is it possibe to assign a classification to a preprocessor ? (e.g. to
the
> > >portscan preprocessors;
> > >all of the log entries do not carry a classification, and it would be
> easier
> > >to maintain with ACID or another frontend
> > >if the preprocessor has a classification...
> > >
> > >Does anyone know how to assign classtypes to a preprocessor ?
> > >Or is this a matter of re-programming the preprocessor so it would
> support a
> > >classtype
> > >
> > >thanks
> > >
> > >P
> > >
> > >
> > >
> > >-------------------------------------------------------
> > >This SF.net email is sponsored by: Scholarships for Techies!
> > >Can't afford IT training? All 2003 ictp students receive scholarships.
> > >Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> > >www.ictp.com/training/sourceforge.asp
> > >_______________________________________________
> > >Snort-users mailing list
> > >Snort-users at lists.sourceforge.net
> > >Go to this URL to change user options or unsubscribe:
> > >https://lists.sourceforge.net/lists/listinfo/snort-users
> > >Snort-users list archive:
> > >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Scholarships for Techies!
> > Can't afford IT training? All 2003 ictp students receive scholarships.
> > Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> > www.ictp.com/training/sourceforge.asp
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
> --__--__--
>
> Message: 10
> Date: Wed, 22 Jan 2003 12:57:16 -0800 (PST)
> From: twig les <twigles at ...131...>
> Subject: Re: [Snort-users] $HOME_NET question
> To: Ralph Churchill <mrchucho at ...131...>,
snort-users at lists.sourceforge.net
>
> If I remember correctly from a previous post on this
> issue, 1.8.7 had a parsing problem.  I'd just upgrade
> to 1.9
>
>
> --- Ralph Churchill <mrchucho at ...131...> wrote:
> > I have snort 1.8.7. I have set my $HOME_NET to be
> > $eth0_ADDRESS and my external net set to !$HOME_NET.
> > However, I still get alerts from other computers on
> > my
> > subnet! For example, the "SNMP public access udp"
> > rule
> > says:
> >
> > alert udp $EXTERNAL_NET any -> $HOME_NET 161...
> >
> > For this example, assume my IP is 192.168.1.2. I'm
> > getting  alerts for a packet from 172.20.39.32 to
> > 192.168.1.3. Why?   I'm totally confused. I thought
> > $HOME, if set to $eth0_ADDRESS would only give
> > alerts
> > for things coming into my IP?!?! Am I wrong?
> >
> > RMC
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> > now.
> > http://mailplus.yahoo.com
> >
> >
> >
> -------------------------------------------------------
> > This SF.net email is sponsored by: Scholarships for
> > Techies!
> > Can't afford IT training? All 2003 ictp students
> > receive scholarships.
> > Get hands-on training in Microsoft, Cisco, Sun,
> > Linux/UNIX, and more.
> > www.ictp.com/training/sourceforge.asp
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
> https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> =====
> -----------------------------------------------------------
> Know yourself and know your enemy and you will never fear defeat.
> -----------------------------------------------------------
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> --__--__--
>
> Message: 11
> Date: Wed, 22 Jan 2003 15:59 -0500
> From: JOHN R BLACKMORE <JBLACKMORE at ...6367...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Hogwash Compile
>
> Stupid question-
>
> What's the syntax to compile hogwash with libnet?
>
> Thanks!
>
>
> --__--__--
>
> Message: 12
> From: "Michael Steele" <michaels at ...155...>
> To: "'Ralph Churchill'" <mrchucho at ...131...>,
> <snort-users at lists.sourceforge.net>
> Subject: RE: [Snort-users] $HOME_NET question
> Date: Wed, 22 Jan 2003 13:10:12 -0800
>
> RMC,
>
> If you are using 'var EXTERNAL_NET !$HOME_NET', then short should pass on
> everything defined in 'var HOME_NET blah' on that sensor.
>
> -Michael
> --
>  Michael Steele | System Engineer / Support Technician
>  mailto:michaels at ...155...
>  Silicon Defense: IDS solutions - http://www.silicondefense.com
>  Snort: Open Source Network IDS - http://www.snort.org
>
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Ralph
> Churchill
> Sent: Wednesday, January 22, 2003 12:14 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] $HOME_NET question
>
> I have snort 1.8.7. I have set my $HOME_NET to be
> $eth0_ADDRESS and my external net set to !$HOME_NET.
> However, I still get alerts from other computers on my
> subnet! For example, the "SNMP public access udp" rule
> says:
>
> alert udp $EXTERNAL_NET any -> $HOME_NET 161...
>
> For this example, assume my IP is 192.168.1.2. I'm
> getting  alerts for a packet from 172.20.39.32 to
> 192.168.1.3. Why?   I'm totally confused. I thought
> $HOME, if set to $eth0_ADDRESS would only give alerts
> for things coming into my IP?!?! Am I wrong?
>
> RMC
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for Techies!
> Can't afford IT training? All 2003 ictp students receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
> --__--__--
>
> Message: 13
> Date: Wed, 22 Jan 2003 16:22:25 -0500
> To: "kevin reynolds" <kevinreynolds2525 at ...125...>,
>    snort-users at lists.sourceforge.net
> From: Matt Kettler <mkettler at ...4108...>
> Subject: Re: [Snort-users] Snort Rules for LOKI Daemon
>
> Well, a detection using this method would have to be a snort preprocessor.
> A simple snort rule cannot be stateful, thus can't compare the number of
> echo replies with the number of echo requests...
>
> Of course, if there's something significant in the data contents of the
> echo reply packets themselves, then a simple snort rule would work great.
>
> At 02:38 PM 1/22/2003 +0000, kevin reynolds wrote:
> >What rules, if any, does snort use to detect the lokid?  If there the
> >default rule set does not include one, does anyone have a custom rule?
> >Cisco IDS fires the lokid signature when it sees more incoming echo
replys
> >than outbound echo requests.  This rule depends on the foreign host
> >sending more echo replies to the local host than the local host has sent
> >echo requests to it.  With this logic, you could assume that you will see
> >less than half of all possible loki intrusions.  Thanks.
> >
> >Kevin
>
>
>
> --__--__--
>
> Message: 14
> From: Darrin Powell <dpowell at ...2288...>
> To: snort-users at lists.sourceforge.net
> Date: 22 Jan 2003 16:29:56 -0500
> Subject: [Snort-users] mysql_error
>
> I just installed snort 1.9 on Red Hat 8.0. Used the create_mysql found
> in /usr/local/src/snort-1.9.0/contrib/create_mysql. When I try to start
> snort I get the following error:
>
> Jan 22 17:11:36 snortr0 snort: Portscan2 config:
> Jan 22 17:11:36 snortr0 snort:     log: /var/log/snort/scan.log
> Jan 22 17:11:36 snortr0 snort:     scanners_max: 3200
> Jan 22 17:11:36 snortr0 snort:     targets_max: 5000
> Jan 22 17:11:36 snortr0 snort:     target_limit: 5
> Jan 22 17:11:37 snortr0 snort:     port_limit: 20
> Jan 22 17:11:37 snortr0 snort:     timeout: 60
> Jan 22 17:11:37 snortr0 snort: FATAL ERROR: database: mysql_error: Lost
> connection to MySQL server during query
> Jan 22 17:11:37 snortr0 kernel: device eth0 left promiscuous mode
>
> Any help would be greatly appreciated.
>
>
> Thanks
> Darrin
>
>
>
>
> --__--__--
>
> Message: 15
> Date: Wed, 22 Jan 2003 13:33:01 -0800 (PST)
> From: twig les <twigles at ...131...>
> Subject: Re: [Snort-users] Snort Rules for LOKI Daemon
> To: Matt Kettler <mkettler at ...4108...>,
>   kevin reynolds <kevinreynolds2525 at ...125...>,
>   snort-users at lists.sourceforge.net
>
> Didn't classic loki use something stupid in the packet
> that gave it away?  I believe it was the same sequence
> number for every packet.  The reason I bring this up
> is I am curious as to how you know what triggers an
> alert in Cisco IDS.  I thought the signatures were
> off-limits...am I wrong?
>
>
> --- Matt Kettler <mkettler at ...4108...> wrote:
> > Well, a detection using this method would have to be
> > a snort preprocessor.
> > A simple snort rule cannot be stateful, thus can't
> > compare the number of
> > echo replies with the number of echo requests...
> >
> > Of course, if there's something significant in the
> > data contents of the
> > echo reply packets themselves, then a simple snort
> > rule would work great.
> >
> > At 02:38 PM 1/22/2003 +0000, kevin reynolds wrote:
> > >What rules, if any, does snort use to detect the
> > lokid?  If there the
> > >default rule set does not include one, does anyone
> > have a custom rule?
> > >Cisco IDS fires the lokid signature when it sees
> > more incoming echo replys
> > >than outbound echo requests.  This rule depends on
> > the foreign host
> > >sending more echo replies to the local host than
> > the local host has sent
> > >echo requests to it.  With this logic, you could
> > assume that you will see
> > >less than half of all possible loki intrusions.
> > Thanks.
> > >
> > >Kevin
> >
> >
> >
> >
> -------------------------------------------------------
> > This SF.net email is sponsored by: Scholarships for
> > Techies!
> > Can't afford IT training? All 2003 ictp students
> > receive scholarships.
> > Get hands-on training in Microsoft, Cisco, Sun,
> > Linux/UNIX, and more.
> > www.ictp.com/training/sourceforge.asp
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
> https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> =====
> -----------------------------------------------------------
> Know yourself and know your enemy and you will never fear defeat.
> -----------------------------------------------------------
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
>
> --__--__--
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest
>





More information about the Snort-users mailing list