Snort mailing list archives
Re: still having download problems
From: JJC <cummingsj () gmail com>
Date: Thu, 1 Jul 2010 08:50:31 -0600
Do you know what version of LWP::SImple you are using? On Thu, Jul 1, 2010 at 8:32 AM, John York <YorkJ () brcc edu> wrote:
I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box. I also tried to update the CA certs with apt-get, but they are already up to date. When I do a packet trace, I see the box go to Snort and ask for the rules. Snort replies that the rules have moved to s3.amazonaws.com. At that point, my box just gives up--I don't see any traffic where it even tries to connect with amazon. Any ideas? I tried manually changing pp so it asked for sub-rules instead of reg-rules, but both do the same thing. The pp debug output and https conversation are below, mangled to protect the oinkcode. Thanks John PP debug me@snort:~$ sudo apt-get install ca-certificates [sudo] password for me: Reading package lists... Done Building dependency tree Reading state information... Done ca-certificates is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. me@snort:~$ sudo ./ppgo http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / Pulled_Pork v0.4.2 `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Variable Debug: Config Path is: /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf Path to disablesid file: /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf Verbose Flag is Set Extra Verbose Flag is Set Config File Variable Debug /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf snort_path = /usr/local/bin/snort pid_path = /var/run/snortd.pid rule_path = /usr/local/etc/snort/rules/snort.rules ignore = deleted,experimental,local rule_file = snortrules-snapshot-2860.tar.gz sid_changelog = /var/log/sid_changes.log sid_msg = /usr/local/etc/snort/sid-msg.map config_path = /usr/local/etc/snort/snort.conf sostub_path = /usr/local/etc/snort/rules/so_rules.rules oinkcode = 7025mangle-mangle7813 temp_path = /tmp distro = Ubuntu-8.04 base_url = http://www.snort.org/ sorule_path = /usr/local/lib/snort_dynamicrules/ version = 0.4.2 disablesid = /usr/local/etc/snort/disablesid.conf local_rules = /usr/local/etc/snort/rules/local.rules Checking latest MD5.... Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5 most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf Rules tarball download.... Fetching rules file: snortrules-snapshot-2860.tar.gz Error 501 when fetching snortrules-snapshot-2860.tar.gz at /home/bryorkj/snortrules/pulledpork/pulledpork.pl line 264. going to get this url: http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP conversation GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP/1.1 TE: deflate,gzip;q=0.3 Connection: TE, close Host: www.snort.org User-Agent: LWP::Simple/5.820 HTTP/1.0 302 Moved Temporarily Date: Thu, 01 Jul 2010 13:57:15 GMT Server: Apache X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4 X-Runtime: 448 Cache-Control: no-cache Set-Cookie: _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc; path=/; HttpOnly Location: https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D Content-Length: 251 Status: 302 Content-Type: text/html; charset=utf-8 X-Cache: MISS from web610.br.vccs.edu Via: 1.0 web610.br.vccs.edu:8080 (http_scan/4.0.2.6.19) Connection: close <html><body>You are being <a href=" https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D ">redirected</a>.</body></html> ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- still having download problems John York (Jul 01)
- Re: still having download problems JJC (Jul 01)
- Re: still having download problems Crook, Parker (Jul 01)
- Re: still having download problems JJC (Jul 01)
- Re: still having download problems Joel Esler (Jul 01)
- Re: still having download problems JJC (Jul 01)
- Re: still having download problems John York (Jul 01)
- Re: still having download problems Crook, Parker (Jul 01)
- Re: still having download problems JJC (Jul 01)