[Snort-users] php, base issue

Greg Williams alphawebfx at ...11827...
Fri May 18 14:10:47 EDT 2012


Thanks Doug.  I'll probably try it again after you guys rebuild it with
12.04.  I could have also been my hard drives.  They died about a month
after I tested Security Onion.  I would like to test further at some point.
 Thanks for the link though.  I'll remember it when I go through testing
again.

On Fri, May 18, 2012 at 12:05 PM, Doug Burks <doug.burks at ...11827...> wrote:

> Hi Greg,
>
> We'd be glad to help you troubleshoot any performance issues you're having
> with Security Onion over on our mailing list:
> http://groups.google.com/group/security-onion
>
> Thanks,
> Doug
>
> On Fri, May 18, 2012 at 1:56 PM, Greg Williams <alphawebfx at ...11827...>wrote:
>
>> I tried it and was a little disappointed in how slow it was running for
>> me.  I only gave it about 15 minutes, but I was definitely losing more
>> packets than my custom install.  Maybe it's better now. ~400-500 MBps
>> sustained.
>>
>>
>> On Fri, May 18, 2012 at 11:53 AM, Rick Chisholm <chavez243 at ...11827...>wrote:
>>
>>> FWIW - you can always take a look at Security Onion - it has a bunch of
>>> Snort front-ends you can play with.
>>>
>>> First we had ACID and it went ker-splat, then BASE, which is dying on
>>> the vine. Not sure what the next move is, all I know is that I need a
>>> functional front-end and for right now that's Snorby.
>>>
>>>
>>> On Fri, May 18, 2012 at 1:46 PM, Greg Williams <alphawebfx at ...11827...>wrote:
>>>
>>>> Well said! I 100% agree. Even though I have alerts forwarding via
>>>> syslog to other destinations like Splunk, there is just something about
>>>> BASE that trumps everything else.  I've tried many other apps as well
>>>> including Snorby and Sguil.
>>>>
>>>>
>>>>
>>>> On May 18, 2012, at 11:36 AM, Ron Sinclair <unixfool at ...11827...> wrote:
>>>>
>>>> I hear such statements all the time.  Would be nice if someone took
>>>> BASE and revamped (but not whole-hog) it.
>>>>
>>>> I've been using BASE for almost 10 years, even after using both Sguil
>>>> and Snorby.  There's something about BASE that Snorby just can't
>>>> match...just my opinion.  I do check Snorby from time to time to assess any
>>>> new features.  Last I checked, it still had a long way to go, so I kept
>>>> using BASE.  Sguil...I don't know, since I never force myself to spend
>>>> enough time to better utilize it.  I usually just get frustrated and wipe
>>>> it out.
>>>>
>>>> BASE seems less maintenance intensive than either Sguil and Snorby.  I
>>>> don't want to have to learn Ruby/Rails to use Snorby.  I didn't really have
>>>> to understand all that much about PHP to begin using BASE, and I already
>>>> had a good knowledge of MySQL, Snort, and Apache (and a multitude of other
>>>> things).  I'll be using BASE for another 10 years, or until something else
>>>> (that isn't Sguil or Snorby) is released. If that doesn't happen, I'll go
>>>> straight to the raw logs and begin using correlation scripts and tools.
>>>>
>>>> On Fri, May 18, 2012 at 1:06 PM, Rick Chisholm <chavez243 at ...11827...>wrote:
>>>>
>>>>> Hi Dennis:
>>>>>
>>>>> BASE is getting pretty long in the tooth, does not appear to be
>>>>> actively developed and as PHP advances, is slowly breaking. It is advisable
>>>>> to switch to something like Snorby, Sguil etc.
>>>>>
>>>>>  On Fri, May 18, 2012 at 12:37 PM, Dennis Circolone <
>>>>> djcircolone at ...11827...> wrote:
>>>>>
>>>>>>  Hello,
>>>>>> I have configured snort-2.9.2.2 on an opensuse 12.1 box, everything
>>>>>> is working great except for the portscan traffic stays at 0% after an NMAP
>>>>>> test and when I select source ports link or dest ports link I recieve an
>>>>>> error.Does anyone know how I can resolve this issue?
>>>>>>
>>>>>>
>>>>>>  Basic Analysis and Security Engine (BASE)
>>>>>>
>>>>>>     - Today's alerts: unique<http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>>>>>> listing<http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1> Source
>>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+> Destination
>>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>  -
>>>>>> Last 24 Hours alerts: unique<http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>>>>>> listing<http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1> Source
>>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+> Destination
>>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>  -
>>>>>> Last 72 Hours alerts: unique<http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>>>>>> listing<http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1> Source
>>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+> Destination
>>>>>> IP<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>  -
>>>>>> Most recent 15 Alerts: any protocol<http://10.2.7.170/base/base_qry_main.php?new=1&caller=last_any&num_result_rows=-1&submit=Last%20Any>
>>>>>> TCP<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&caller=last_tcp&num_result_rows=-1&submit=Last%20TCP>
>>>>>> UDP<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&caller=last_udp&num_result_rows=-1&submit=Last%20UDP>
>>>>>> ICMP<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&caller=last_icmp&num_result_rows=-1&submit=Last%20ICMP> -
>>>>>> Last Source Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=-1&sort_order=last_d>
>>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=6&sort_order=last_d>
>>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=17&sort_order=last_d> -
>>>>>> Last Destination Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=-1&sort_order=last_d>
>>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=6&sort_order=last_d>
>>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=17&sort_order=last_d> -
>>>>>> Most Frequent Source Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=-1&sort_order=occur_d>
>>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=6&sort_order=occur_d>
>>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=17&sort_order=occur_d> -
>>>>>> Most Frequent Destination Ports: any protocol<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=-1&sort_order=occur_d>
>>>>>> TCP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=6&sort_order=occur_d>
>>>>>> UDP<http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=17&sort_order=occur_d> -
>>>>>> Most frequent 15 Addresses: Source<http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=1&sort_order=occur_d>
>>>>>> Destination<http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=2&sort_order=occur_d> -
>>>>>> Most recent 15 Unique Alerts<http://10.2.7.170/base/base_stat_alerts.php?caller=last_alerts&sort_order=last_d> -
>>>>>> Most frequent 5 Unique Alerts<http://10.2.7.170/base/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d>
>>>>>>  *Queried on *: Fri May 18, 2012 16:34:43
>>>>>> *Database:* snort at ...274...    (*Schema Version:* 107)
>>>>>> *Time Window:* [2012-05-18 11:05:19] - [2012-05-18 11:06:55]
>>>>>>  *Search <http://10.2.7.170/base/base_qry_main.php?new=1>*
>>>>>> *Graph Alert Data <http://10.2.7.170/base/base_graph_main.php>*
>>>>>> Graph Alert Detection Time<http://10.2.7.170/base/base_stat_time.php>
>>>>>>
>>>>>> ------------------------------
>>>>>>   *Sensors/Total:* 1 <http://10.2.7.170/base/base_stat_sensor.php> /
>>>>>> 2
>>>>>> *Unique Alerts:* 1 <http://10.2.7.170/base/base_stat_alerts.php>
>>>>>> *Categories: *1<http://10.2.7.170/base/base_stat_class.php?sort_order=class_a>
>>>>>> *Total Number of Alerts:* 48<http://10.2.7.170/base/base_qry_main.php?&num_result_rows=-1&submit=Query+DB&current_view=-1>
>>>>>>
>>>>>>    - Src IP addrs: 13<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1>
>>>>>>    - Dest. IP addrs: 1<http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2>
>>>>>>    - Unique IP links 13 <http://10.2.7.170/base/base_stat_iplink.php>
>>>>>>    -
>>>>>>
>>>>>>    Source Ports: 2<http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=-1>
>>>>>>    -
>>>>>>       - TCP ( 0<http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=6>)  UDP
>>>>>>       ( 2<http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=17>
>>>>>>       )
>>>>>>    - Dest Ports: 2<http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=-1>
>>>>>>    -
>>>>>>       - TCP ( 0<http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=6>)  UDP
>>>>>>       ( 2<http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=17>
>>>>>>       )
>>>>>>
>>>>>> *Traffic Profile by Protocol*  TCP (0%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>>    UDP (100%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>>      ICMP (0%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>>
>>>>>> ------------------------------
>>>>>>   Portscan Traffic (0%)<http://10.2.7.170/base/base_qry_main.php?new=1&layer4=RawIP&num_result_rows=-1&sort_order=time_d&submit=Query+DB>
>>>>>>
>>>>>>
>>>>>>   Basic Analysis and Security Engine (BASE)
>>>>>>   Home <http://10.2.7.170/base/base_main.php>  |   Search<http://10.2.7.170/base/base_qry_main.php?new=1>
>>>>>>
>>>>>>   [ Back <http://10.2.7.170/base/base_main.php?back=1&> ]
>>>>>>
>>>>>> /srv/www/htdocs/base/includes/base_cache.inc.php:556: ERROR:
>>>>>> $number_sensors_array is NOT an array!
>>>>>>
>>>>>>
>>>>>> /srv/www/htdocs/base/includes/base_cache.inc.php:564: ERROR:
>>>>>> $number_sensors_array is either NULL or empty!
>>>>>>
>>>>>>  *Queried on* : Fri May 18, 2012 16:36:23      Meta Criteria *   any
>>>>>> *   IP Criteria *   any *   Layer 4 Criteria *   none * Payload
>>>>>> Criteria *   any *
>>>>>>
>>>>>> *No Alerts were found.*
>>>>>>
>>>>>>          <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_a>
>>>>>>  Port ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_a>
>>>>>>  Sensor ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_a>
>>>>>>  Occurrences ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_a>
>>>>>> Unique Alerts ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_a>
>>>>>>  Src. Addr. ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_a>
>>>>>>  Dest. Addr. ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_a>
>>>>>>  First ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_d>
>>>>>>    <<http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_a>
>>>>>>  Last ><http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_d>
>>>>>>      ACTION
>>>>>> { action }ADD to AG (by ID)ADD to AG (by Name)Create AG (by Name)Delete
>>>>>> alert(s)Email alert(s) (full)Email alert(s) (summary)Email alert(s)
>>>>>> (csv)Archive alert(s) (copy)Archive alert(s) (move)
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Live Security Virtual Conference
>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>> Discussions
>>>>>> will include endpoint security, mobile security and the latest in
>>>>>> malware
>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>> _______________________________________________
>>>>>> Snort-users mailing list
>>>>>> Snort-users at lists.sourceforge.net
>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>> Snort-users list archive:
>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>
>>>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>>>> Snort news!
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Rick Chisholm
>>>>> http://parallel42.ca
>>>>> http://appliedusers.ca
>>>>> =========================
>>>>> "There is no faith which has never yet been broken, except that of a
>>>>> truly faithful dog." - Konrad Lorenz
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Live Security Virtual Conference
>>>>> Exclusive live event will cover all the ways today's security and
>>>>> threat landscape has changed and how IT managers can respond.
>>>>> Discussions
>>>>> will include endpoint security, mobile security and the latest in
>>>>> malware
>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>
>>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>>> Snort news!
>>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>> Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>> malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>>
>>>
>>>
>>> --
>>> Rick Chisholm
>>> http://parallel42.ca
>>> http://appliedusers.ca
>>> =========================
>>> "There is no faith which has never yet been broken, except that of a
>>> truly faithful dog." - Konrad Lorenz
>>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
> --
> Doug Burks | http://securityonion.blogspot.com
> Don't miss SANS SEC503 Intrusion Detection In-Depth in
> Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
> http://augusta.issa.org/drupal/SANS-Augusta-2012
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120518/042334a3/attachment.html>


More information about the Snort-users mailing list