Snort mailing list archives
Re: wget to snort.org fails; 301 redirect to 127.0.0.1
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 14 Aug 2014 20:36:04 +0000
Tony, We’re looking into the issue. We have a ticket open to see if we can resolve the issue. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos On Aug 13, 2014, at 11:01 PM, Tony Robinson <deusexmachina667 () gmail com<mailto:deusexmachina667 () gmail com>> wrote: I can confirm that a wget to https://snort.org<https://snort.org/> hangs indefinitely: wget https://snort.org<https://snort.org/> --2014-08-13 22:19:36-- https://snort.org/ Resolving snort.org<http://snort.org/> (snort.org<http://snort.org/>)... 205.178.189.129 Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:21:45-- (try: 2) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:23:54-- (try: 3) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:26:04-- (try: 4) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:28:16-- (try: 5) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:30:28-- (try: 6) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:32:41-- (try: 7) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:34:56-- (try: 8) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection timed out. Retrying. --2014-08-13 22:37:11-- (try: 9) https://snort.org/ Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... ^C The hanging occurs regardless of whether or not I spoof the user-agent. I suspect you're correct in that the initial server that does the 301 redirect has no listener on https (443/tcp). I CAN confirm that modifying the user-agent to something even dumber than my example above (e.g. wget --user-agent "wgetbypass" snort.org<http://snort.org/>) works perfectly; follows 301, downloads index page as needed. I could just as easily modify my code to add a spoofed user-agent to wget, but I'd really like to hear from the snort.org<http://snort.org/> crew why this is a thing and if I'm in violation of some user agreement/ToS if I bypass this. On Wed, Aug 13, 2014 at 10:51 PM, Jefferson Diego Gomes Rosa <jeffersondiego8 () gmail com<mailto:jeffersondiego8 () gmail com>> wrote: As you can see on "Moved Permanently", http://snort.org<http://snort.org/> has just a redirect to https://www.snort.org<https://www.snort.org/>. https://snort.org<https://snort.org/> hangs until timeout is reached because there is no service really listening on 443 port of this address. I don't know why just wget's user-agent is redirected to localhost , but you can still use wget directly with https://www.snort.org<https://www.snort.org/>: wget -c https://www.snort.org<https://www.snort.org/> 2014-08-13 23:02 GMT-03:00 Tony Robinson <deusexmachina667 () gmail com<mailto:deusexmachina667 () gmail com>>: Title says it all. Anyone notice this recently? wget snort.org<http://snort.org/> --2014-08-13 21:42:39-- http://snort.org/ Resolving snort.org<http://snort.org/> (snort.org<http://snort.org/>)... 205.178.189.129 Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://127.0.0.1<http://127.0.0.1/> [following] --2014-08-13 21:42:39-- http://127.0.0.1/ Connecting to 127.0.0.1:80... If I fake the user-agent with ANYTHING, it's successful: wget --user-agent "toteslegitnotafakeUA" snort.org<http://snort.org/> --2014-08-13 21:49:23-- http://snort.org/ Resolving snort.org<http://snort.org/> (snort.org<http://snort.org/>)... 205.178.189.129 Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: http://www.snort.org<http://www.snort.org/> [following] --2014-08-13 21:49:23-- http://www.snort.org/ Resolving www.snort.org<http://www.snort.org/> (www.snort.org<http://www.snort.org/>)... 50.19.124.119, 54.225.152.149, 54.243.242.66 Connecting to www.snort.org<http://www.snort.org/> (www.snort.org<http://www.snort.org/>)|50.19.124.119|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://www.snort.org/ [following] --2014-08-13 21:49:24-- https://www.snort.org/ Connecting to www.snort.org<http://www.snort.org/> (www.snort.org<http://www.snort.org/>)|50.19.124.119|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 34907 (34K) [text/html] Saving to: `index.html' 100%[================================================================>] 34,907 --.-K/s in 0.02s 2014-08-13 21:49:24 (1.76 MB/s) - `index.html' saved [34907/34907] Cursory glance I would guess .htaccess is blacklisting wget as a user-agent. Is there a reason for this? I use wget to pull the index page and determine the current version of snort to download from the page. I don't repeatedly do this, only when installing Snort on a new machine. Too long;didn't read: wget to snort.org<http://snort.org/> redirects to localhost. wget to snort.org<http://snort.org/> with any other user-agent results in happy index.html wget to https://snort.org<https://snort.org/> no user-agent modification hangs until timeout is reached. why is this a thing? -- when does reality end? when does fantasy begin? ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! -- Best Regards, Jefferson “Diede” Diego -- when does reality end? when does fantasy begin? ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- wget to snort.org fails; 301 redirect to 127.0.0.1 Tony Robinson (Aug 13)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Jefferson Diego Gomes Rosa (Aug 13)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Tony Robinson (Aug 13)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Joel Esler (jesler) (Aug 14)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Tony Robinson (Aug 15)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Joel Esler (jesler) (Aug 15)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Tony Robinson (Aug 15)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Tony Robinson (Aug 13)
- Re: wget to snort.org fails; 301 redirect to 127.0.0.1 Jefferson Diego Gomes Rosa (Aug 13)