[Snort-users] Snort-users Digest, Vol 72, Issue 37

Dennis Circolone djcircolone at ...11827...
Fri May 18 15:48:47 EDT 2012


Thanks for the information but it didn't really address the error I was
getting. I added screen shots with the errors to my original email , were
you able to see the error or are you telling me not to use base because
there is no fix?

On Fri, May 18, 2012 at 1:10 PM,
<snort-users-request at lists.sourceforge.net>wrote:

> Send Snort-users mailing list submissions to
>        snort-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
>        snort-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>        snort-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
>
>
> When responding, please don't respond with the entire Digest.  Please trim
> your response.
>
> Today's Topics:
>
>   1. Re: php, base issue (Greg Williams)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 18 May 2012 12:10:47 -0600
> From: Greg Williams <alphawebfx at ...11827...>
> Subject: Re: [Snort-users] php, base issue
> To: Doug Burks <doug.burks at ...11827...>
> Cc: "snort-users at lists.sourceforge.net"
>        <snort-users at lists.sourceforge.net>,    Dennis Circolone
>        <djcircolone at ...11827...>
> Message-ID:
>        <CAH1YzBQFPVKCOpUkwYkfaZUzjFrX78v5fw2j3dda1i58aC+iLQ at ...11828...
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thanks Doug.  I'll probably try it again after you guys rebuild it with
> 12.04.  I could have also been my hard drives.  They died about a month
> after I tested Security Onion.  I would like to test further at some point.
>  Thanks for the link though.  I'll remember it when I go through testing
> again.
>
> On Fri, May 18, 2012 at 12:05 PM, Doug Burks <doug.burks at ...11827...> wrote:
>
> > Hi Greg,
> >
> > We'd be glad to help you troubleshoot any performance issues you're
> having
> > with Security Onion over on our mailing list:
> > http://groups.google.com/group/security-onion
> >
> > Thanks,
> > Doug
> >
> > On Fri, May 18, 2012 at 1:56 PM, Greg Williams <alphawebfx at ...11827...
> >wrote:
> >
> >> I tried it and was a little disappointed in how slow it was running for
> >> me.  I only gave it about 15 minutes, but I was definitely losing more
> >> packets than my custom install.  Maybe it's better now. ~400-500 MBps
> >> sustained.
> >>
> >>
> >> On Fri, May 18, 2012 at 11:53 AM, Rick Chisholm <chavez243 at ...11827...
> >wrote:
> >>
> >>> FWIW - you can always take a look at Security Onion - it has a bunch of
> >>> Snort front-ends you can play with.
> >>>
> >>> First we had ACID and it went ker-splat, then BASE, which is dying on
> >>> the vine. Not sure what the next move is, all I know is that I need a
> >>> functional front-end and for right now that's Snorby.
> >>>
> >>>
> >>> On Fri, May 18, 2012 at 1:46 PM, Greg Williams <alphawebfx at ...11827...
> >wrote:
> >>>
> >>>> Well said! I 100% agree. Even though I have alerts forwarding via
> >>>> syslog to other destinations like Splunk, there is just something
> about
> >>>> BASE that trumps everything else.  I've tried many other apps as well
> >>>> including Snorby and Sguil.
> >>>>
> >>>>
> >>>>
> >>>> On May 18, 2012, at 11:36 AM, Ron Sinclair <unixfool at ...11827...>
> wrote:
> >>>>
> >>>> I hear such statements all the time.  Would be nice if someone took
> >>>> BASE and revamped (but not whole-hog) it.
> >>>>
> >>>> I've been using BASE for almost 10 years, even after using both Sguil
> >>>> and Snorby.  There's something about BASE that Snorby just can't
> >>>> match...just my opinion.  I do check Snorby from time to time to
> assess any
> >>>> new features.  Last I checked, it still had a long way to go, so I
> kept
> >>>> using BASE.  Sguil...I don't know, since I never force myself to spend
> >>>> enough time to better utilize it.  I usually just get frustrated and
> wipe
> >>>> it out.
> >>>>
> >>>> BASE seems less maintenance intensive than either Sguil and Snorby.  I
> >>>> don't want to have to learn Ruby/Rails to use Snorby.  I didn't
> really have
> >>>> to understand all that much about PHP to begin using BASE, and I
> already
> >>>> had a good knowledge of MySQL, Snort, and Apache (and a multitude of
> other
> >>>> things).  I'll be using BASE for another 10 years, or until something
> else
> >>>> (that isn't Sguil or Snorby) is released. If that doesn't happen,
> I'll go
> >>>> straight to the raw logs and begin using correlation scripts and
> tools.
> >>>>
> >>>> On Fri, May 18, 2012 at 1:06 PM, Rick Chisholm <chavez243 at ...11827...
> >wrote:
> >>>>
> >>>>> Hi Dennis:
> >>>>>
> >>>>> BASE is getting pretty long in the tooth, does not appear to be
> >>>>> actively developed and as PHP advances, is slowly breaking. It is
> advisable
> >>>>> to switch to something like Snorby, Sguil etc.
> >>>>>
> >>>>>  On Fri, May 18, 2012 at 12:37 PM, Dennis Circolone <
> >>>>> djcircolone at ...11827...> wrote:
> >>>>>
> >>>>>>  Hello,
> >>>>>> I have configured snort-2.9.2.2 on an opensuse 12.1 box, everything
> >>>>>> is working great except for the portscan traffic stays at 0% after
> an NMAP
> >>>>>> test and when I select source ports link or dest ports link I
> recieve an
> >>>>>> error.Does anyone know how I can resolve this issue?
> >>>>>>
> >>>>>>
> >>>>>>  Basic Analysis and Security Engine (BASE)
> >>>>>>
> >>>>>>     - Today's alerts: unique<
> http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+
> >
> >>>>>> listing<
> http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1>
> Source
> >>>>>> IP<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
> Destination
> >>>>>> IP<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=18&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>  -
> >>>>>> Last 24 Hours alerts: unique<
> http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+
> >
> >>>>>> listing<
> http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1>
> Source
> >>>>>> IP<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
> Destination
> >>>>>> IP<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=17&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>  -
> >>>>>> Last 72 Hours alerts: unique<
> http://10.2.7.170/base/base_stat_alerts.php?time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+
> >
> >>>>>> listing<
> http://10.2.7.170/base/base_qry_main.php?new=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+&submit=Query+DB&num_result_rows=-1&time_cnt=1>
> Source
> >>>>>> IP<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
> Destination
> >>>>>> IP<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2&sort_order=occur_d&time_cnt=1&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B2%5D=05&time%5B0%5D%5B3%5D=15&time%5B0%5D%5B4%5D=2012&time%5B0%5D%5B5%5D=16&time%5B0%5D%5B6%5D=&time%5B0%5D%5B7%5D=&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=+>
>  -
> >>>>>> Most recent 15 Alerts: any protocol<
> http://10.2.7.170/base/base_qry_main.php?new=1&caller=last_any&num_result_rows=-1&submit=Last%20Any
> >
> >>>>>> TCP<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&caller=last_tcp&num_result_rows=-1&submit=Last%20TCP
> >
> >>>>>> UDP<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&caller=last_udp&num_result_rows=-1&submit=Last%20UDP
> >
> >>>>>> ICMP<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&caller=last_icmp&num_result_rows=-1&submit=Last%20ICMP>
> -
> >>>>>> Last Source Ports: any protocol<
> http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=-1&sort_order=last_d
> >
> >>>>>> TCP<
> http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=6&sort_order=last_d
> >
> >>>>>> UDP<
> http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=1&proto=17&sort_order=last_d>
> -
> >>>>>> Last Destination Ports: any protocol<
> http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=-1&sort_order=last_d
> >
> >>>>>> TCP<
> http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=6&sort_order=last_d
> >
> >>>>>> UDP<
> http://10.2.7.170/base/base_stat_ports.php?caller=last_ports&port_type=2&proto=17&sort_order=last_d>
> -
> >>>>>> Most Frequent Source Ports: any protocol<
> http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=-1&sort_order=occur_d
> >
> >>>>>> TCP<
> http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=6&sort_order=occur_d
> >
> >>>>>> UDP<
> http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=1&proto=17&sort_order=occur_d>
> -
> >>>>>> Most Frequent Destination Ports: any protocol<
> http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=-1&sort_order=occur_d
> >
> >>>>>> TCP<
> http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=6&sort_order=occur_d
> >
> >>>>>> UDP<
> http://10.2.7.170/base/base_stat_ports.php?caller=most_frequent&port_type=2&proto=17&sort_order=occur_d>
> -
> >>>>>> Most frequent 15 Addresses: Source<
> http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=1&sort_order=occur_d
> >
> >>>>>> Destination<
> http://10.2.7.170/base/base_stat_uaddr.php?caller=most_frequent&addr_type=2&sort_order=occur_d>
> -
> >>>>>> Most recent 15 Unique Alerts<
> http://10.2.7.170/base/base_stat_alerts.php?caller=last_alerts&sort_order=last_d>
> -
> >>>>>> Most frequent 5 Unique Alerts<
> http://10.2.7.170/base/base_stat_alerts.php?caller=most_frequent&sort_order=occur_d
> >
> >>>>>>  *Queried on *: Fri May 18, 2012 16:34:43
> >>>>>> *Database:* snort at ...274...    (*Schema Version:* 107)
> >>>>>> *Time Window:* [2012-05-18 11:05:19] - [2012-05-18 11:06:55]
> >>>>>>  *Search <http://10.2.7.170/base/base_qry_main.php?new=1>*
> >>>>>> *Graph Alert Data <http://10.2.7.170/base/base_graph_main.php>*
> >>>>>> Graph Alert Detection Time<
> http://10.2.7.170/base/base_stat_time.php>
> >>>>>>
> >>>>>> ------------------------------
> >>>>>>   *Sensors/Total:* 1 <http://10.2.7.170/base/base_stat_sensor.php>
> /
> >>>>>> 2
> >>>>>> *Unique Alerts:* 1 <http://10.2.7.170/base/base_stat_alerts.php>
> >>>>>> *Categories: *1<
> http://10.2.7.170/base/base_stat_class.php?sort_order=class_a>
> >>>>>> *Total Number of Alerts:* 48<
> http://10.2.7.170/base/base_qry_main.php?&num_result_rows=-1&submit=Query+DB&current_view=-1
> >
> >>>>>>
> >>>>>>    - Src IP addrs: 13<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=1>
> >>>>>>    - Dest. IP addrs: 1<
> http://10.2.7.170/base/base_stat_uaddr.php?addr_type=2>
> >>>>>>    - Unique IP links 13 <
> http://10.2.7.170/base/base_stat_iplink.php>
> >>>>>>    -
> >>>>>>
> >>>>>>    Source Ports: 2<
> http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=-1>
> >>>>>>    -
> >>>>>>       - TCP ( 0<
> http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=6>)  UDP
> >>>>>>       ( 2<
> http://10.2.7.170/base/base_stat_ports.php?port_type=1&proto=17>
> >>>>>>       )
> >>>>>>    - Dest Ports: 2<
> http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=-1>
> >>>>>>    -
> >>>>>>       - TCP ( 0<
> http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=6>)  UDP
> >>>>>>       ( 2<
> http://10.2.7.170/base/base_stat_ports.php?port_type=2&proto=17>
> >>>>>>       )
> >>>>>>
> >>>>>> *Traffic Profile by Protocol*  TCP (0%)<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=TCP&num_result_rows=-1&sort_order=time_d&submit=Query+DB
> >
> >>>>>>    UDP (100%)<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=UDP&num_result_rows=-1&sort_order=time_d&submit=Query+DB
> >
> >>>>>>      ICMP (0%)<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=ICMP&num_result_rows=-1&sort_order=time_d&submit=Query+DB
> >
> >>>>>>
> >>>>>> ------------------------------
> >>>>>>   Portscan Traffic (0%)<
> http://10.2.7.170/base/base_qry_main.php?new=1&layer4=RawIP&num_result_rows=-1&sort_order=time_d&submit=Query+DB
> >
> >>>>>>
> >>>>>>
> >>>>>>   Basic Analysis and Security Engine (BASE)
> >>>>>>   Home <http://10.2.7.170/base/base_main.php>  |   Search<
> http://10.2.7.170/base/base_qry_main.php?new=1>
> >>>>>>
> >>>>>>   [ Back <http://10.2.7.170/base/base_main.php?back=1&> ]
> >>>>>>
> >>>>>> /srv/www/htdocs/base/includes/base_cache.inc.php:556: ERROR:
> >>>>>> $number_sensors_array is NOT an array!
> >>>>>>
> >>>>>>
> >>>>>> /srv/www/htdocs/base/includes/base_cache.inc.php:564: ERROR:
> >>>>>> $number_sensors_array is either NULL or empty!
> >>>>>>
> >>>>>>  *Queried on* : Fri May 18, 2012 16:36:23      Meta Criteria *   any
> >>>>>> *   IP Criteria *   any *   Layer 4 Criteria *   none * Payload
> >>>>>> Criteria *   any *
> >>>>>>
> >>>>>> *No Alerts were found.*
> >>>>>>
> >>>>>>          <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_a
> >
> >>>>>>  Port ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=port_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_a
> >
> >>>>>>  Sensor ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sensor_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_a
> >
> >>>>>>  Occurrences ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=occur_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_a
> >
> >>>>>> Unique Alerts ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=alerts_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_a
> >
> >>>>>>  Src. Addr. ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=sip_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_a
> >
> >>>>>>  Dest. Addr. ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=dip_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_a
> >
> >>>>>>  First ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=first_d
> >
> >>>>>>    <<
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_a
> >
> >>>>>>  Last ><
> http://10.2.7.170/base/base_stat_ports.php?caller=&sort_order=&port_type=1&proto=1&sort_order=last_d
> >
> >>>>>>      ACTION
> >>>>>> { action }ADD to AG (by ID)ADD to AG (by Name)Create AG (by
> Name)Delete
> >>>>>> alert(s)Email alert(s) (full)Email alert(s) (summary)Email alert(s)
> >>>>>> (csv)Archive alert(s) (copy)Archive alert(s) (move)
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> ------------------------------------------------------------------------------
> >>>>>> Live Security Virtual Conference
> >>>>>> Exclusive live event will cover all the ways today's security and
> >>>>>> threat landscape has changed and how IT managers can respond.
> >>>>>> Discussions
> >>>>>> will include endpoint security, mobile security and the latest in
> >>>>>> malware
> >>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >>>>>> _______________________________________________
> >>>>>> Snort-users mailing list
> >>>>>> Snort-users at lists.sourceforge.net
> >>>>>> Go to this URL to change user options or unsubscribe:
> >>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>> Snort-users list archive:
> >>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>>
> >>>>>> Please visit http://blog.snort.org to stay current on all the
> latest
> >>>>>> Snort news!
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Rick Chisholm
> >>>>> http://parallel42.ca
> >>>>> http://appliedusers.ca
> >>>>> =========================
> >>>>> "There is no faith which has never yet been broken, except that of a
> >>>>> truly faithful dog." - Konrad Lorenz
> >>>>>
> >>>>>
> >>>>>
> ------------------------------------------------------------------------------
> >>>>> Live Security Virtual Conference
> >>>>> Exclusive live event will cover all the ways today's security and
> >>>>> threat landscape has changed and how IT managers can respond.
> >>>>> Discussions
> >>>>> will include endpoint security, mobile security and the latest in
> >>>>> malware
> >>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >>>>> _______________________________________________
> >>>>> Snort-users mailing list
> >>>>> Snort-users at lists.sourceforge.net
> >>>>> Go to this URL to change user options or unsubscribe:
> >>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>> Snort-users list archive:
> >>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>
> >>>>> Please visit http://blog.snort.org to stay current on all the latest
> >>>>> Snort news!
> >>>>>
> >>>>
> >>>>
> >>>>
> ------------------------------------------------------------------------------
> >>>> Live Security Virtual Conference
> >>>> Exclusive live event will cover all the ways today's security and
> >>>> threat landscape has changed and how IT managers can respond.
> >>>> Discussions
> >>>> will include endpoint security, mobile security and the latest in
> >>>> malware
> >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >>>>
> >>>> _______________________________________________
> >>>> Snort-users mailing list
> >>>> Snort-users at lists.sourceforge.net
> >>>> Go to this URL to change user options or unsubscribe:
> >>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>> Snort-users list archive:
> >>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>
> >>>> Please visit http://blog.snort.org to stay current on all the latest
> >>>> Snort news!
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Rick Chisholm
> >>> http://parallel42.ca
> >>> http://appliedusers.ca
> >>> =========================
> >>> "There is no faith which has never yet been broken, except that of a
> >>> truly faithful dog." - Konrad Lorenz
> >>>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Live Security Virtual Conference
> >> Exclusive live event will cover all the ways today's security and
> >> threat landscape has changed and how IT managers can respond.
> Discussions
> >> will include endpoint security, mobile security and the latest in
> malware
> >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >> _______________________________________________
> >> Snort-users mailing list
> >> Snort-users at lists.sourceforge.net
> >> Go to this URL to change user options or unsubscribe:
> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> Snort-users list archive:
> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>
> >> Please visit http://blog.snort.org to stay current on all the latest
> >> Snort news!
> >>
> >
> >
> >
> > --
> > Doug Burks | http://securityonion.blogspot.com
> > Don't miss SANS SEC503 Intrusion Detection In-Depth in
> > Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
> > http://augusta.issa.org/drupal/SANS-Augusta-2012
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 72, Issue 37
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120518/050f1eb9/attachment.html>


More information about the Snort-users mailing list