Snort mailing list archives
Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 29 Jun 2010 10:19:20 -0400
On Jun 29, 2010, at 10:11 AM, infosec posts wrote:
I was using this URL in my update scripts: wget http://www.snort.org/pub-bin/oinkmaster.cgi/$oink_code/snortrules-snapshot-2853_s.tar.gz Now I'm getting this: http://www.snort.org/pub-bin/oinkmaster.cgi/$oink_code/snortrules-snapshot-2853_s.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2010-06-29 08:46:33 ERROR 403: Forbidden. Did the URL above get broken, too? Since that didn't work I tried: wget http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/$oink_code but that redirected to an SSL connection with Amazon, which isn't open on my firewall from the machine in question. So, I went to another machine and tried wget http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/$oink_code wget http://www.snort.org/reg-rules/snortrules-snapshot-2853_s.tar.gz/$oink_code Both of which are giving me 403: Forbidden. Are the 2.8.5.3 URLs no longer supported? Is the "15-minute rule" being imposed by oink code now instead of connecting IP? Is the '_s' filename still in use to distinguish subscriber packs from non-subscribers? (Note: Obviously, my actual oinkmaster code has been sanitized to '$oink_code' in everything above.)
There is no need for the _s anymore. http://vrt-sourcefire.blogspot.com/2010/06/important-rule-download-change.html I'll send this over to the web team. Joel ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Update your oinkmaster/pulled_pork conf files Mike Guiterman (Jun 28)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files infosec posts (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Fred Austin (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Mike Guiterman (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Todd Adamson (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files Joel Esler (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files infosec posts (Jun 29)