Snort mailing list archives
Re: Pulledpork error at blacklist download
From: David Corsello <snort-users () wintertreemedia com>
Date: Wed, 2 May 2018 14:17:02 -0400
Please disregard this question. I was able to download a blacklist manually for testing. I found that the latency is too high with this machine, so we're going to need something with a faster processor that can support a newer OS.. On Wed, May 2, 2018 at 1:13 PM, David Corsello < snort-users () wintertreemedia com> wrote:
Much of this is related more to Linux than to Snort, but I'm hoping someone can offer help. I purchased a mini PC with decent specs to use as a Snort sensor. The one limitation that I missed prior to purchase is that the highest version of Ubuntu that it supports is 12.04.1. That OS is now installed. Snort 2.9.11.1 is installed and running. Pulledpork fails at the blacklist download. Pulledpork.conf contains the following: rule_url=https://talosintelligence.com/documents/ip-blacklist|IPBLACKLIST| oinkcodexxxxxxxxxxxxxxxxxxxxxx When run, it gives the following error: IP Blacklist download of https://talosintelligence.com/ documents/ip-blacklist.... ** GET https://talosintelligence.com/documents/ip-blacklist ==> 500 Can't connect to talosintelligence.com:443 Error downloading https://talosintelligence.com/documents/ip-blacklist: 500 Can't connect to talosintelligence.com:443 [ 500 ] GET from the command line gives the following error: root@IPS:~# GET "https://talosintelligence.com/documents/ip-blacklist| IPBLACKLIST|oinkcodexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" Can't connect to talosintelligence.com:443 LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version at /usr/share/perl5/LWP/Protocol/http.pm line 51.Unable to establish SSL connection. Upgrading openssl to ver. 1.0.2o didn't fix this. I'm researching if it's possible to upgrade libwww-perl from ver 6.03 on Ubuntu 12.04. Any other suggestions? As a workaround, I tried to download the blacklist to an intermediate, hosted server, from which I would then have downloaded to the sensor using pulledpork. When I ran the GET command on the hosted server, I got the message: "The owner of this website (talosintelligence.com) has banned your access based on your browser's signature (414c086aabdc2312-ua24)." Does this mean that the oinkcode is now permanently banned from downloading the blacklist, or was only this access blocked? Thanks.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Pulledpork error at blacklist download David Corsello (May 02)
- Re: Pulledpork error at blacklist download David Corsello (May 02)
- Re: Pulledpork error at blacklist download Joel Esler (jesler) via Snort-users (May 02)