Snort mailing list archives
Re: Snort Wget Failure (can't resolve www.snort.org)
From: Brandon Hall <bhall () firstheartland com>
Date: Thu, 6 Oct 2011 18:54:33 +0000
If you're having DNS issues, just add the www.snort.org IP address, which I resolve to be 68.177.102.20 in your hosts file. If it still can't download then you know it's a firewall problem. -----Original Message----- From: Negin Nickparsa [mailto:nickparsa () gmail com] Sent: Thursday, October 06, 2011 1:46 PM To: Joel Esler Cc: Carney, Megan; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort Wget Failure (can't resolve www.snort.org) cURL is more successful than wget. and wget -U firefox URL is another solution that I searched it too. i think nslookup fails in many areas(DNS problem),it is not wget problem,but i am not sure enough copy and pasting URL on address bar of the browser will respond me successfully I have eager to know where the problem is? Wget? DNS? snort website? On 10/6/11, Joel Esler <jesler () sourcefire com> wrote:
For reference: We are officially recommending that people use PulledPork. As it's A) More updated with the VRT ruleset's features and B) Will take advantage of future changes to the ruleset. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Oct 6, 2011, at 12:12 PM, Carney, Megan wrote:I haven't had this exact problem but I have had odd problems downloading the rulesets. I use oinkmaster to manage the rulesets and when I run the command to update the rules (/usr/sbin/oinkmaster -i -C /etc/oinkmaster.conf -C /etc/autodisable.conf -o /etc/snort/rules/ -b /etc/snort/backup/) I get this error: /usr/sbin/oinkmaster: Error: incorrect URL: "http://www.snort.org/sub-rules/snortrules-snapshot-2905.tar.gz/[reda cted]/ But if I visit that URL manually with wget the ruleset downloads just fine. Sorry I can't help with your specific problem. . .but I thought it might help if you knew you're not the only one having odd issues with downloading the rulesets. From: Todd Booth [mailto:todd.booth () ltu se] Sent: Friday, September 23, 2011 3:53 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort Wget Failure (can't resolve www.snort.org) Hello, I've configured snort, on my Vyatta network/security device but the initial downloading of rules fails. I surfed the net and see other users (without Vyatta) are having the same problems. Here is the initial wget wget http://www.snort.org/pub-bin/oinkmaster.cgi/<my snort oink code>/snortrules-snapshot-2905.tar.gz Here is the error: --2011-09-23 08:45:27-- http://www.snort.org/pub-bin/oinkmaster.cgi/<my snort oink code>/snortrules-snapshot-2905.tar.gz Resolving www.snort.org... failed: Name or service not known. wget: unable to resolve host address `www.snort.org' However if I ping www.snort.org from my Vyatta, I get the ip address resolved as 68.177.102.20 So in my new wget, I replaced www.snort.org with 68.177.102.20, as follows vyatta@Vyatta1:~$ wget http://68.177.102.20/pub-bin/oinkmaster.cgi/<my oink code>/snortrules-snapshot-2905.tar.gz --2011-09-23 07:55:21-- http://68.177.102.20/pub-bin/oinkmaster.cgi/<my oink code>/snortrules-snapshot-2905.tar.gz Connecting to 68.177.102.20:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://s3.amazonaws.com/snort-org/www/rules/20110823/snortrules-snaps hot-2905.tar.gz?AWSAccessKeyId=<key>&Expires=1316764830&Signature= JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D [following] --2011-09-23 07:55:24-- http://s3.amazonaws.com/snort-org/www/rules/20110823/sn ortrules-snapshot-2905.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Exp ires=131676 4830&Signature=JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D Resolving s3.amazonaws.com... failed: Name or service not known. wget: unable to resolve host address `s3.amazonaws.com' So I do a wget to www.snort.org and I get referred to s3.amazonaws.com However s3.amazonaws.com is also not resolved. So I try ping and get the s3.amazonaw.com ip address address and plug that in to the above 2nd wget wget http://72.21.211.173/snort-org/www/rules/20110823/snortrules-snapshot -2905.tar.gz?<key>&Expires=1316764830&Signature=JUAQj%2Bn1Y65X3zmVFuq 6ozSlPUo%3D Then I get the following error: HTTP request sent, awaiting response... 403 Forbidden 2011-09-23 08:50:47 ERROR 403: Forbidden. Is this a problem with wget? Or is this a problem with the configuration at www.snort.org? Thanks and Regards, <image005.jpg><image007.png> <image008.jpg> LuleƄ Technology University Teacher, Research Engineer and Lecturer Todd Booth Department: Computer Science, Electrical and Space Engineering, CSEE (SKE/SRT) Division: Computer Science Specialty: Computer and System Science / Information Security Courses: A0004N Information Security and A7011N Internet Security Direct: +46-910-585 324 Mobile: +46-76-346 3459 Email: Todd.Booth () LTU se Web: http://LTU.se LinkedIn: Todd.Booth () LTU se --------------------------------------------------------------------- --------- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1__________________________________ _____________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!---------------------------------------------------------------------- -------- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Wget Failure (can't resolve www.snort.org) Todd Booth (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Carney, Megan (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Negin Nickparsa (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Brandon Hall (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler (Oct 06)