File: CREDITS

package info (click to toggle)
snort 2.3.2-3
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 22,244 kB
  • ctags: 11,282
  • sloc: ansic: 70,376; sh: 4,364; makefile: 744; perl: 478; sql: 212
file content (306 lines) | stat: -rw-r--r-- 9,855 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
$Id: CREDITS,v 1.30 2004/09/13 17:44:49 jhewlett Exp $

Marc Norton     <mnorton@idsresearch.org>
    * Snort 2.0 detection engine
    * Aho-Corasick pattern matchers
    * Wu-Manber pattern matchers
    * sfxhash, sflsq, ipobj libraries
    * Thresholding/suppression
    * Performance monitoring preprocessor

Daniel Roelker  <djr@idsresearch.org>
    * Snort 2.0 detection engine
    * HttpInspect detection engine
    * ASN.1 decoder and detection plugin
    * Multi-event queuing, prioritizing, and logging
    * sfPortscan detection engine
    * Snort-inline integration from snort-inline project
    * Performance monitoring preprocessor

Jeremy Hewlett <jh@sourcefire.com>
    * CVS and release manager
    * Snort testing 
    * Bug triage
    * Documentation

Sebastian    <scut@nb.in-berlin.de>
    * Added TOS decoding and logging

Ron Gula    <rjg@network-defense.com>
    * Provided lots of signatures

Mike Borella    <mike@borella.net>
    * Made some libpcap code that was actually easy enough to follow along
      in so that even idiots like myself could do something like this.  
      Mike's a cool dude (and he listens to Slayer), check his stuff out
      at www.borella.net

Jed Pickel    <jed@pickel.net>
    * Sent in the RAW packet decoder routine
    * Database output plugin module
    * XML output plugin module

Chris Sylvain    <csylvain@itg.ummc.ab.umd.edu>
    * Added HP-UX and S/Linux code, plus the "-x" command line switch.

Damien Daspit    <damien@bryan.edu>
    * Provided the WinPopup code and some other bug fixes, plus helped me
      debug a nasty problem with the rules parser.

Sebastien L.    <splice@videotron.ca>
    * Ideas guy and RPM guru, he's been a help behind the scenes lately.

CyberPsychotic     <fygrave@tigerteam.net>
    * configure.in Sparc alignment updates
    * daemon mode code
    * lots of help debugging the 1.2 release on OpenBSD/Sparc
    * new ftpd buffer overflow rule
    * UnixSock alerting code
    * NULL/Loopback decoder
    * my right hand man in Snort development, constantly working on 
      new stuff and enhancements for the system

Nick Rogness and Jim Forster <nick@rapidnet.com> <jforster@rapidnet.com>
    * lots o' rules, bug reports

Scott McIntyre <scott@whoi.edu>
    * Happy 99 virus rule
    * wacky FBSD bugs and attendant help with said bugs
    * also spotted the otn_tmp NULL bug in 1.3
    * tons of debug info and help!

Ron Snyder <snyder@athena.lblesd.k12.or.us>
    * IP address negation operator code
    * Bug hunter extrordinaire

Jonathan Emery <jemery@countersign-sq.com>
    * Ran Purify on the Snort source and tracked down some nasty buggage

Aaron Smith <aaron@mutex.org>
    * non-promiscuous mode patch
    * logging code streamlining

Dug Song & Torbjorn Wictorin <dugsong@monkey.org> <torbjorn.wictorin@its.uu.se> 
    * Torbjorn spotted it first, but Dug sent in a kick ass bug report so 
      they both get credit for finding the otn_tmp NULL bug in LogPkt.

Max Vision <vision@whitehats.com>
    * Ideas, debug help, lots of rules

Dragos Ruiu <dr@v-wave.com>
    * Ideas guy, keeps me honest :)
    * Author of defrag preprocessor

Colin Haxton <Colin.Haxton@arena.co.nz>
    * Timestamp bugfix, debug help

Worm5er <worm5er@hushmail.com>
    * Master Debugger, he's always got the best bugs! :)

Lance Spitzner <lance@ksni.net>
    * Thank Lance for the session keyword!
    * Lots of debug help, suggestions

Christian Lademann <cal@zls.de>
    * The Man!  Added the rules file variable and include code.  This man
      should have a place in every Snort user's heart. ;)
    * Added the ISDN for Linux support/decoders

Christian Hammers <ch@genesis.westend.com>
    * Maintains the Debian distro of Snort, sends me nice bug reports.

Michael Henry <mike@dergott.com>
    * Sent in the URL decoder that eventually became the http_decode
      preprocessor

Bob Beck <beck@bofh.ucs.ualberta.ca>
    * Sent in a few security patches, some advice 

Sebastian <krahmer@cs.uni-potsdam.de>
    * Linux PPC testing.
    * Great help with tracking down `loopback failure' problem.

Patrick Mullen <Patrick.Mullen@GD-CS.COM>
    * snort portscan preprocessor.
    * great helper on the project.

Herb Commodore <herb@nc.rr.com>
    * `--with-libpcap' fixes to configure.in.

John Wilson <tug@wilson.co.uk>
    * New implementation of insensitive pattern match code.

Mike Caughran <mike_caughran@hotmail.com>
    * Great help with porting snort to AIX platform.

Astaroth <astaroth@ziplip.com>
    * Added Tru64/Alpha support.

Daniel Monjar <dmonjar@orgtek.com>
    * More Tru64/Alpha diffs.

Ralf Hildebrandt <R.Hildebrandt@tu-bs.de>
    * HP-UX debugger and ombudsman.

Stuart Staniford-Chen <stuart@SiliconDefense.com>
    * Ideas guy, he's been bouncing around ideas for better output
      classification in Snort.
    * Wrote snortsnarf.pl, a CGI/HTML program for organizing Snort output.

Yen-Ming Chen <yenming@andrew.cmu.edu>
    * Wrote the excellent snort-stat.pl statistical analysis script for 
      Snort alerts.
    * Wrote a nice PHP front-end for the Snort alerting mechanism.

Erich Meier <Erich.Meier@informatik.uni-erlangen.de>
    * Lots of help debugging debugging!
    * ip tos plugin.

Denis Ducamp <Denis.Ducamp@hsc.fr>
    * Solaris debugging and patching.

Boa <andrew.bostaph@mcmail.vanderbilt.edu>
    * Great help with the addition of Token Ring support to Snort.

Anthony Stevens <astevens@chaotic.org>
    * Contributed the Guardian firewall response system to Snort.

Andrew R. Baker <andrewb@uab.edu>
    * Contributed the snort-sort alert analysis script.
    * Tweaked various other Snort analysis scripts.
    * Added variable level alert support, officially joining the ranks
      of the bad-asses :)

J Cheesman <cheesmaj@clsyst.demon.co.uk>
    * Enhanced the PID logging code to be more robust.

"Mark Hindess" <ccsmrh@lists.bath.ac.uk>
    * Added the RPC application layer detection plugin

Dave Wreski <dave@guardiandigital.com>
    * Provided support and help diagnosing problems with the 1.6.2
          config scripts
    * Snort-HOWTO paper.      

Bo <thumper@alumni.caltech.edu>
    * Provided fixes for my idiotic configure.in antics in version 1.6.2
 
Peter Weinberger <pjw@rentec.com>
    * Added code to fill in full transport protocol names

Dave Dittrich <dittrich@cac.washington.edu>
    * Provided a little patch to fix daemon mode alert filenames

Christopher Cramer <cec@ee.duke.edu>
    * Author of the TCP stream preprocessor! (spp_tcp_stream)

Joe Stewart <jstewart@lurhq.com>
    * Added UNICODE and NULL byte attack detection to http_decode preproc

Thomas Zajic <zlatko@gmx.at>
    * Provided some sanity check fixes for the PID file

Jason Ish <jason@codemonkey.net>
    * Cleaned up the plugin template files

Paul Herman <pherman@frenchfries.net>
    * Contributed a patch to clean up sloppy strlen/strncpy interactions

Todd Lewis <tlewis@secureworks.net>
    * Big new addition to the project, idea/code generator extrordinaire :)

Phil Wood <cpw@lanl.gov>
    * Master debugger, got the IP/bidirectional code back on its feet after
      the addition of IP lists
    * Numerous other bugpointers, tweaks etc.
    * pointed out signature logic errors

Dr SuSE <drsuse@drsuse.org>
    * Helps out with docs, answering questions on the mailing list, etc.

Joe McAlerney <joey@silicondefense.com>
    * sp_reference plugin, constant helper on the project

James Hoagland <hoagland@SiliconDefense.com>
    * SPADE statiscal anomaly detection plugin, lots of other help and 
      advice

Maciek Szarpak <M.Szarpak@elka.pw.edu.pl>
    * Author of the react plugin

Paul Ritchey <pritchey@jasi.com>
    * Provided the -y year printout command line switch code

Eugene Tsyrklevich <eugene@securityarchitects.com>
    * Added smalloc.h and fatal.h
    * patches for stupidity in various files
    * strl* functions/patches. A bunch of of other minor tweaks.
    * ideas for new debugging code.

Markus De Shon <mdeshon@secureworks.net> & Jon Ramsey <jramsey@secureworks.net>
    * tracked down tricky false positive condition in sp_pattern_match

Koji Shikata <shikap@yk.rim.or.jp>
    * spp_http preprocessor patch which allows to catch broken unicode 
      (which still works on IIS 4.x servers).

Achim Gsell <a@tac.ch>
    * some pointers/fixes on problems in spp_defrag.c piece.

Tomtom <tomtommister@gmx.de>
    * Added PPPoE decoder

Chris Green <cmg@uab.edu>
    * documentation
    * testing on #snort
    * code maintenance
    * flow-portscan
    * flow

Bill Gercken <william.c.gercken@census.gov>
    * lots of patches and testing on his busy network

HD Moore <hdm@secureaustin.com>
    * testing, keeping me honest :)

Matt Scarborough <vexversa@usa.net>
    * another good tester/bug reporter

Jeff Nathan <jeff@wwti.com>
    * added spp_arpcheck code, watches for ARP stuff, RTFS
    * updated man page for 1.8

Brian Caswell <bmc@mitre.org>
    * Snort Rules Nazi, keeps the rules trains running on time
    * wrote spo_csv
    * constant companion on #snort

Glenn Mansfield Keeni <glenn@cysol.co.jp>    
    * Added SNMP output support plugin for Snort, cool!

Chris Reid <Chris.Reid@CodeCraftConsultants.com>
    * win32 support patches.
    * ms-sql support for spo_database
    * create_mssql script
    * other minor fixes/tweaks

Robert Hughes <rob@robhughes.com>
    * rules fixes

Jimmy Stags 
    * pointed out duplicate signatures
    
Zeno <admin@cgisecurity.com>
    * a number of signatures included in web-attacks.rules

Ryan Russell <ryan@securityfocus.com>
    * a zillion signature corrections.  

Mike Davis <mike@datanerds.com>
    * original win32 port

Ofir Arkin <ofir@sys-security.com>
    * Helped with cleanup and correction of ICMP decoder subsystem

Fabio Bastiglia Oliva <fboliva@safenetworks.com>    
    * Rules cleanup!