Re: FW: Oinkmaster can't get rules

[Jun Wan <junwei_wan () hotmail com>]

Hi Joel,

 

Tried it again:

 

C:\snort\pulledpork-0.3.4>pulledpork.pl -o c:\snort\rules -O a9xnnnxnnnxnxnnnxnnxnxnnnxnnxnxnxnxn....xnnnc -f 
snortrules-snap
shot-2853.tar.gz -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m c:\snort\etc\sid-msg.map -h 
c:\snort\log\sid_changes.log -I security -H

 

I got the same result:

 

 Checking latest MD5....
        A 403 error occured, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2853.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 269


Any info and help would be much appreciated.
 
Thanks 
 
Regards
 
John


 


 


From: jesler () sourcefire com
To: junwei_wan () hotmail com
Subject: Re: [Snort-users] FW: Oinkmaster can't get rules
Date: Mon, 26 Jul 2010 21:54:55 -0400
CC: cummingsj () gmail com; snort-users () lists sourceforge net


Your rule file name is still wrong. It's not 2.8.5.3, it's 2853.tar.gz


--Sent from my iPad

On Jul 26, 2010, at 9:43 PM, Jun Wan <junwei_wan () hotmail com> wrote:




Hi JJC,
 
Thanks for the info, I did the following on my Windows XP:
 
C:\snort\pulledpork-0.3.4>pulledpork.pl -o c:\snort\rules -O a9xnnnxnnnxnxnnnxnnxnxnnnxnnxnxnxnxn....xnnnc -f 
snortrules-snap
shot-2.8.5.3.tar.gz -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m c:\snort\etc\sid-msg.map -h 
c:\snort\log\sid_changes.log -I security -H
 
Then I got the following:
 
Checking latest MD5....
        A 403 error occured, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2.8.5.3.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 269

Any info and help would be much appreciated.
 
Thanks 
 
Regards
 
John
 


Date: Mon, 26 Jul 2010 07:02:13 -0600
Subject: Re: [Snort-users] FW: Oinkmaster can't get rules
From: cummingsj () gmail com
To: junwei_wan () hotmail com
CC: snort-users () lists sourceforge net

You are attempting to retrieve an invalid tarball (snortrules-snapshot-2.8.tar.gz).. 


you need to use one of the following at this time:
snortrules-snapshot-2853.tar.gz
snortrules-snapshot-2860.tar.gz
snortrules-snapshot-2861.tar.gz


Please take note also of what Nigel said, that the 2853 rules will remain for 90 days to give you time to upgrade!  And 
on another note, there is an updated version of pulledpork that has many bugfixes..


JJC










On Mon, Jul 26, 2010 at 12:28 AM, Jun Wan <junwei_wan () hotmail com> wrote:


Ok, I downloaded Pulled Pork v0.3.4, follow the "Readme", instead of using: 
./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \
-h /var/log/sid_changes.log -I security -H
 
I used this on my Windows XP:

C:\snort\pulledpork-0.3.4>pulledpork.pl -c pulledpork.conf -i disablesid.conf -b
 dropsid.conf -m c:\snort\etc\sid-msg.map -h c:\snort\log\sid_changes.log -I sec
urity -H
 
And then I got this:
 
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / Pulled_Pork v0.3.4
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cummingsj () gmail com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5....
A 403 error occured, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2.8.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 2
69.
 
After 25 minutes, I tried again, same error.

I would like to know what is wrong and any info and help would be appreciated.
 
Many thanks in advance.
 
Regards
 
John  



From: junwei_wan () hotmail com
To: snort-users () lists sourceforge net
Date: Mon, 26 Jul 2010 03:55:34 +0000



Subject: Re: [Snort-users] Oinkmaster can't get rules

Hi, I am unable to update the rules via Oinkmaster (it was okay before), My snort (2.8.5.3) is running on my Windows 
XP, I am getting an error: 404 forbidden message, please see the attached info.
 
I will use Pulled Pork in the near future, but now I would like to fix this issue with rules update&Oinkmaster.
 
Any information and help would be appreciated.
 
Thanks
 
Regards
 
John 
 



Australia's #1 job site If It Exists, You'll Find it on SEEK 

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users                                          
_________________________________________________________________
If It Exists, You'll Find it on SEEK. Australia's #1 job site
http://clk.atdmt.com/NMN/go/157639755/direct/01/

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users