Snort mailing list archives
Re: [Snort-users] Update your oinkmaster/pulled_porkconf files
From: "Weir, Jason" <jason.weir () nhrs org>
Date: Tue, 29 Jun 2010 10:41:56 -0400
Me too - common guys this isn't that complicated Oinkmaster output below ------------------------------------------------------------------------ ------------------ Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh ot-2853.tar.gz... /usr/local/bin/oinkmaster.pl: Error: could not download from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh ot-2853.tar.gz. Output from wget follows: http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh ot-2853.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277818240&Signatu re=Ey7O5ok2EPNau9DIKbFi8UpF3Hw%3D [following] --2010-06-29 09:30:10-- https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277818240&Signatu re=Ey7O5ok2EPNau9DIKbFi8UpF3Hw%3D Resolving s3.amazonaws.com... 72.21.202.152 Connecting to s3.amazonaws.com|72.21.202.152|:443... connected. ERROR: cannot verify s3.amazonaws.com's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2': Unable to locally verify the issuer's authority. To connect to s3.amazonaws.com insecurely, use `--no-check-certificate'. Unable to establish SSL connection. ------------------------------------------------------------------------ --------------------- -Jason -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, June 29, 2010 10:19 AM To: infosec posts Cc: snort-sigs () lists sourceforge net; Snort Users List Subject: Re: [Snort-sigs] [Snort-users] Update your oinkmaster/pulled_porkconf files On Jun 29, 2010, at 10:11 AM, infosec posts wrote:
I was using this URL in my update scripts: wget http://www.snort.org/pub-bin/oinkmaster.cgi/$oink_code/snortrules-snap shot-2853_s.tar.gz Now I'm getting this: http://www.snort.org/pub-bin/oinkmaster.cgi/$oink_code/snortrules-snap shot-2853_s.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2010-06-29 08:46:33 ERROR 403: Forbidden. Did the URL above get broken, too? Since that didn't work I tried: wget http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/$oink_c ode but that redirected to an SSL connection with Amazon, which isn't open
on my firewall from the machine in question. So, I went to another machine and tried wget
http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/$oink_cod e
wget
http://www.snort.org/reg-rules/snortrules-snapshot-2853_s.tar.gz/$oink_c ode
Both of which are giving me 403: Forbidden. Are the 2.8.5.3 URLs no longer supported? Is the "15-minute rule" being imposed by oink code now instead of connecting IP? Is the '_s' filename still in use to distinguish subscriber packs from non-subscribers? (Note: Obviously, my actual oinkmaster code has been sanitized to '$oink_code' in everything above.)
There is no need for the _s anymore. http://vrt-sourcefire.blogspot.com/2010/06/important-rule-download-chang e.html I'll send this over to the web team. Joel _____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Update your oinkmaster/pulled_pork conf files Mike Guiterman (Jun 28)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files infosec posts (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Fred Austin (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Mike Guiterman (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Todd Adamson (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files Joel Esler (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files infosec posts (Jun 29)