Jutichai Thongkrachai | 14 Sep 07:02 2014
Picon

there is nothing in Snort log on my server

Hello,

I try to test that Snort is work or not. I run Snort in NIDS mode successfully. It show the packet that run through a network.

So, I see the folder that keep a log of Snort. There are log files in the folder but all of them have no size and there is nothing in them.

I try to run nmap for port scanning but there is nothing in snort log files again.

Do I configure Snort wrong?
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Jutichai Thongkrachai | 14 Sep 06:02 2014
Picon

Is there not a database schema in Snort Source for Snort?

Hello,
I'm just curious

I try to set up Snort with Barnyard2 and Snorby as this links:
http://monkeyadmin.blogspot.com/2010/09/installing-snort-mysql-and-snorby-on.html

I do until the step that add the schema to the snort database but there is not a file that contain a bunch of sql command to create a schema at my Snort source directory ( /usr/local/src/snort-2.9.6.2)
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matt M. | 12 Sep 21:47 2014
Picon

No Events/Alerts Arriving in Snorby

Afternoon,

I appear to have Snort, Barnyard, and Snorby running, but in attempting to test that alerts are arriving in Snorby, I'm not getting anything.

First, do I need to start Snort, Barnyard, and Snorby and if I need to start more than Snorby, should I do it in that order?

Second, I've added the following rule to my snort.conf
alert ip any any -> any any (msg: "ICMP packet detected!"; sid: 1;)

Then turned off my firewall and started a ping, but nothing happens in Snorby.

Thanks for any help on this one,

--
M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Sharif Uddin | 12 Sep 18:39 2014

rule for cacti failed login

Hello

 

 

I want to create a rule for failed login access on apache. Attached has the tcpdump of the failed attempt. My rule is

 

 

alert tcp $HOME_NET any -> $HOME_NET any (msg:"failed apache login"; content:"Invalid User Name/Password"; sid:1000000; rev:1;)

 

 

this rule captures source as the web server. How do I amend this rule so source is client

 

 

 

 

 

Sharif Uddin
Development/Support Engineer
-------------------

Spectrum Geo Ltd
Dukes Court, Duke Street
Woking, Surrey
GU21 5BH
UNITED KINGDOM

Tel: +44 (0) 1483 730201
Fax: +44 (0) 1483 762620

 

www.spectrumasa.com

 


IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender immediately and delete the original message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited.
We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email.
Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation.
Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered office: 95 Aldwych, London WC2B 4JF.
Attachment (cactilogin.pcap): application/octet-stream, 10 KiB
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Rochon, Jason | 12 Sep 17:35 2014
Picon

Best way to change and apply multiple rules for a certain criteria

Hello,

 

I’m looking for a way to change all my rules that have “PCAnywhere” going outside, to only detect going inside.

 

Example:

alert tcp $HOME_NET 5631:5632 -> $EXTERNAL_NET any (msg:"PUA-OTHER PCAnywhere Failed Login"; flow:to_server,established; content:"Invalid login"; depth:16; metadata:ruleset community; classtype:unsuccessful-user; sid:512; rev:9;)

 

I would like to change the important parts to alert on attempts to my $HOME_NET only:

Direction change: $HOME_NET 5631:5632 <- $EXTERNAL_NET

Flow change: flow:to_client

 

Also, should I disable this rule, and recreate it in local.rules, or just editing would suffice?

I forgot if the order of included rules matter. Would I need to put edited rules at the top?

Example, change this:

include my_custom_rules.rules

include rules_to_be_edited.rules

 

To this:

include rules_to_be_edited.rules

include my_custom_rules.rules

 

Are the rules overwritten, so that all custom rules should be last at the bottom of snort.conf?

 

Thank you and Best Regards,

 

Jason C. Rochon

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Martin, Greg | 11 Sep 20:44 2014

Pulled Pork issue

I’m having an issue with running the below cmd line following the instructions for Pulledpork configuration.   

 

'perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T'

 

I get the below error message from the command line:

 

Can't load 'E:/winids/strawberry/perl/vendor/lib/auto/Crypt/SSLeay/SSLeay.dll' f

or module Crypt::SSLeay: load_file:The device is not ready at E:/winids/strawber

ry/perl/lib/DynaLoader.pm line 190.

at e:\winids\pulledpork\pulledpork.pl line 28

Compilation failed in require at e:\winids\pulledpork\pulledpork.pl line 28.

BEGIN failed--compilation aborted at e:\winids\pulledpork\pulledpork.pl line 28.

 

Any ideas?

 

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed.  If you have received this email in error please delete the message and notify the originator.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matt M. | 10 Sep 23:14 2014
Picon

No Sensors Showing in Snorby

Afternoon,

I've been able to get Snort, Barnyard2, Pulled Pork, and Snorby "working".  However, I'm not seeing any sensors populate in Snorby.

My Snort Config has:
output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types

Barnyard2.conf has:
output database: log, mysql, dbname=snort user=snorby password=PASSWORD host=localhost

I can see that snort is running and creating a snort.log file.

I'm trying to get this running on OSX.

I did have issues in snorby where it said the worker wasn't running, so I modified the worker.rb file: 

At line 49 in lib/snorby/worker.rb, replace with…
        Snorby::Process.new(`ps awux | fgrep 'delayed_job' | head -n 1`.chomp.strip)

I then manually start the worker in snorby and it appears to start, as the message goes away.

I do not appear to have any errors when running Snort, Barnyard2, or Snorby.  I launch them with the following...

snort: sudo snort -c /etc/snort/snort.conf -l /var/log/snort/
barnyard2: /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /private/var/log/snort -f snort.log
snorby: bundle exec rails server -e production

Thanks for any help with this,

PS- The only thing I could think of is if this may be related to waldo files?
--
M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matt M. | 10 Sep 20:21 2014
Picon

Barnyard2 MySQL DB Error

Hello,

Just ran into an error that I cannot seem to resolve and wondering if anyone has any ideas.

Ran: /usr/local/bin/barnyard2 -c /usr/local/etc/barnyard2.conf -d /private/var/log/snort -f snort.log

ERROR: [Select()]: Failed to execute  query [SELECT vseq FROM `schema`] , will retry 

Attempted to do the following...

mysql> GRANT SELECT ON snort.schema TO snorby <at> localhost;

ERROR 1146 (42S02): Table 'snort.schema' doesn't exist


Could this be an indication that my snort database was not setup correctly?

iirc the database was setup by running "CREATE DATABASE snort;"

Appreciate any ideas on this one.

--
M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Sharif Uddin | 9 Sep 11:35 2014

rule explanation

Hello

 

 

I am trying to understand these rules, is there a page where it describes each and every rule?

 

If I google the rule I don’t get any explanation of the rule other than suppress or disable them?

 

I have so far suppressed the following which has reduced the alerts a lot.

 

 

#(http_inspect) SIMPLE REQUEST

suppress gen_id 119, sig_id 32, track by_src, ip $HOME_NET

 

#(http_inspect) UNKNOWN METHOD

suppress gen_id 119, sig_id 31, track by_src, ip $HOME_NET

 

#(http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE

suppress gen_id 120, sig_id 8, track by_src, ip $HOME_NET

 

#(http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE

suppress gen_id 120, sig_id 3, track by_src, ip $HOME_NET

 

#(http_inspect) DOUBLE DECODING ATTACK

suppress gen_id 119, sig_id 2, track by_src, ip $HOME_NET

 

#(http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED

suppress gen_id 120, sig_id 6, track by_src, ip $HOME_NET

 

#(http_inspect) IIS UNICODE CODEPOINT ENCODING

suppress gen_id 119, sig_id 7, track by_src, ip $HOME_NET

 

#(http_inspect) BARE BYTE UNICODE ENCODING

suppress gen_id 119, sig_id 4, track by_src, ip $HOME_NET

 

#(http_inspect) JAVASCRIPT OBFUSCATION LEVELS EXCEEDS 1

suppress gen_id 120, sig_id 9, track by_src, ip $HOME_NET

 

#(http_inspect) JAVASCRIPT WHITESPACES EXCEEDS MAX ALLOWED

suppress gen_id 120, sig_id 10, track by_src, ip $HOME_NET

 

#(http_inspect) UNESCAPED SPACE IN HTTP URI

suppress gen_id 119, sig_id 33, track by_src, ip $HOME_NET

 

#(http_inspect) U ENCODING

suppress gen_id 119, sig_id 3, track by_src, ip $HOME_NET

 

#stream5: Reset outside window

suppress gen_id 129, sig_id 15, track by_src, ip $HOME_NET

#suppress gen_id 129, sig_id 15, track by_dst, ip 10.20.30.40/29

 

#stream5: Bad segment, overlap adjusted size less than/equal 0

suppress gen_id 129, sig_id 5, track by_src, ip $HOME_NET

#suppress gen_id 129, sig_id 5, track by_dst, ip 10.20.30.40/29

 

 

 

 

Now I get average 34 alerts per hour and would like to know some explanations regarding them. See screenshot.

 

 

 

 

 

 

 

 

 

Sharif Uddin
Development/Support Engineer
-------------------

Spectrum Geo Ltd
Dukes Court, Duke Street
Woking, Surrey
GU21 5BH
UNITED KINGDOM

Tel: +44 (0) 1483 730201
Fax: +44 (0) 1483 762620

 

www.spectrumasa.com

 


IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender immediately and delete the original message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited.
We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email.
Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation.
Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered office: 95 Aldwych, London WC2B 4JF.
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
kinomakino | 10 Sep 13:38 2014
Picon

snort alert ip source/Dest changed

As always, thanks for reading
I have a problem with an installation of Snort and IP source / destination alerts.

The problem is that it changes the source IP to the destination, and vice versa.
I think it's been since I've activated "k none", but if not active, detects almost no traffic, just a few rules.
I have to say it's a VPS with a nic (eth2) and an alias (eth2: 1).
Both IP's are public, but the web server listens on the IP of eth2: 1.
Thanks for everything.

My snort command is:
./snort --daq --daq pcap-mode passive -i d eth2: 1 c u snort snort -g /etc/snort/snort.conf l / var / log / snort k none

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Sharif Uddin | 10 Sep 12:18 2014

Re: not logging data

Yes I did full make make install

I think I misunderstood strace.

[root <at> snort snort]# ps -eaf | grep snort
avahi      659     1  0 10:48 ?        00:00:00 avahi-daemon: running [snort.local]
root      2622  2529  0 10:51 pts/1    00:00:00 tail -f /var/log/messages /var/log/mariadb/mariadb.log /var/log/snort/alert
root      2711     1  3 10:51 ?        00:00:42 barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo
snort     3184     1  4 11:08 ?        00:00:13 snort -q -u snort -g snort -c /etc/snort/snort.conf -i ens34 -D
root      3371  2625  0 11:14 pts/2    00:00:00 grep --color=auto snort

Snort and barnyard running. My log files are empty

[root <at> snort snort]# pwd
/var/log/snort
[root <at> snort snort]# ll
total 8
-rw-r--r-- 1 snort snort    0 Sep  9 15:35 alert
-rw-rw-r-- 1 snort snort 2056 Sep 10 11:08 barnyard2.waldo
-rw-r--r-- 1 snort snort 2056 Sep  8 16:58 barnyard2.waldo-20140907
-rw------- 1 snort snort    0 Sep 10 11:02 snort.u2.1410343376
-rw------- 1 snort snort    0 Sep 10 11:04 snort.u2.1410343496
-rw------- 1 snort snort    0 Sep 10 11:08 snort.u2.1410343717

[root <at> snort snort]# strace -fp 3184
Process 3184 attached with 2 threads
[pid  3185] restart_syscall(<... resuming interrupted call ...> <unfinished ...>
[pid  3184] restart_syscall(<... resuming interrupted call ...>) = 1
[pid  3184] brk(0)                      = 0x148bc000
[pid  3184] brk(0x148dd000)             = 0x148dd000
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] brk(0)                      = 0x148dd000
[pid  3184] brk(0x148fe000)             = 0x148fe000
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000 <unfinished ...>
[pid  3185] <... restart_syscall resumed> ) = 0
[pid  3185] rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL STOP RTMIN RT_1], 8) = 0
[pid  3185] nanosleep({1, 0},  <unfinished ...>
[pid  3184] <... poll resumed> )        = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] brk(0)                      = 0x148fe000
[pid  3184] brk(0x1491f000)             = 0x1491f000
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
[pid  3184] poll([{fd=4, events=POLLIN}], 1, 1000^CProcess 3184 detached
 <detached ...>
Process 3185 detached

Without changing any configurations to snort I should be getting thousands of alerts as I did when I 1st set
it up.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 <at> windstream.net]
Sent: 10 September 2014 01:35
To: snort-users <at> lists.sourceforge.net
Subject: Re: [Snort-users] cannot decode data link type 239

On 9/9/2014 1:01 PM, Sharif Uddin wrote:
> I have just tried and made no difference. Strace still gives me

probably a stupid question but after running

./configure --enable-non-ether-decoders

you did also run the complete make and installation cycles, right?

--
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

IMPORTANT - This message and any attached files contain information intended for the exclusive use of the
party or parties to whom it is addressed and may contain information that is proprietary, privileged,
confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient,
you are hereby notified that any viewing, copying, disclosure or distribution of this information may be
subject to legal restriction or sanction. Please notify the sender immediately and delete the original
message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited.
We cannot guarantee the security or confidentiality of email communications. We do not accept any
liability for losses or damages that you may suffer as a result of your receipt of this email.
Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation.
Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422.
Registered office: 95 Aldwych, London WC2B 4JF.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


Gmane