Snort mailing list archives
Re: FW: Oinkmaster can't get rules
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 26 Jul 2010 07:05:58 -0400
Since 2861 is out now, the only two current rule packs are 2860 and 2861, 2.8.5.3 is non longer maintained. -- Sent from my iPad On Jul 26, 2010, at 2:28 AM, Jun Wan <junwei_wan () hotmail com> wrote:
Ok, I downloaded Pulled Pork v0.3.4, follow the "Readme", instead of using: ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \ -h /var/log/sid_changes.log -I security -H I used this on my Windows XP: C:\snort\pulledpork-0.3.4>pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m c:\snort\etc\sid-msg.map -h c:\snort\log\sid_changes.log -I sec urity -H And then I got this: http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / Pulled_Pork v0.3.4 `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5.... A 403 error occured, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor trules-snapshot-2.8.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 2 69. After 25 minutes, I tried again, same error. I would like to know what is wrong and any info and help would be appreciated. Many thanks in advance. Regards John From: junwei_wan () hotmail com To: snort-users () lists sourceforge net Date: Mon, 26 Jul 2010 03:55:34 +0000 Subject: Re: [Snort-users] Oinkmaster can't get rules Hi, I am unable to update the rules via Oinkmaster (it was okay before), My snort (2.8.5.3) is running on my Windows XP, I am getting an error: 404 forbidden message, please see the attached info. I will use Pulled Pork in the near future, but now I would like to fix this issue with rules update&Oinkmaster. Any information and help would be appreciated. Thanks Regards JohnFrom: jesler () sourcefire com Date: Tue, 13 Jul 2010 10:35:19 -0400 To: aco1967 () gmail com CC: jlay () slave-tothe-box net; snort-users () lists sourceforge net Subject: Re: [Snort-users] Oinkmaster can't get rules I don't know how to correct these problems on Windows. Maybe another Windows user can chime in here, but I haven't used Windows since about 2003. On Jul 13, 2010, at 10:31 AM, Alejandro Cabrera Obed wrote:Now I get this error message when downloading the rules with oinkmaster.pl: Loading Perl modules. Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... Proxy must be specified as absolute URI; '10.4.1.10:8080' is not at c:\oinkmaster-2.0\oinkmaster.pl line 936 What can I do ??? My HTTP_proxy variable is an environment variable set up in Windows... Special thanks 2010/7/12 Joel Esler <jesler () sourcefire com>:The --no-check-certificate problem is a result of having old CA Certificates on your box. Please read the snort-users archive, like this: http://marc.info/?l=snort-users&m=127791856110280&w=2 Joel On Jul 12, 2010, at 9:45 PM, Alejandro Cabrera Obed wrote:In my Windows I put these two environment variables: HTTP_proxy = http://10.10.2.1 HTTPS_proxy = https://10.10.12.1 (and later http://10.10.12.1) But I continue receiveing the error: oinkmaster.pl: Error: could not download from http://www.snort.org/pub-bin/oinkmaster.cgi /*my_oinkcode*/snortrules-snapshot-2853.tar.gz: 500 Can't connect to s3.amazonaws.com:443 (Bad hostname 's3.amazonaws.com') If I download the rules from my web browser I succeed !!! Any idea ??? Thanks again. 2010/7/12 James Lay <jlay () slave-tothe-box net>:From: Fábio Ferrão <ferrao04 () gmail com> Date: Thu, 8 Jul 2010 10:07:33 -0300 To: Snort <snort-users () lists sourceforge net> Subject: [Snort-users] Oinkmaster can't get rules <snip> [prompt]# /usr/local/bin/oinkmaster -o /usr/local/snort/rules/rules > /home/suporte/oinkmaster.update Loading /usr/local/etc/oinkmaster.conf Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... /usr/local/bin/oinkmaster: Error: could not download from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz. Output from wget follows: http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gzResolving www.snort.org... 68.177.102.20 Connecting to www.snort.org <http://www.snort.org> |68.177.102.20|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2010-07-06 13:18:43 ERROR 403: Forbidden. <snip> I am receiving exactly the same thing, even though I’ve modified my my oinkmaster.pl to reflect the —no-check-certificate. It seems like sometime a redirect doesn’t fire since I get to 68.177.102.20, and instead of the 302 redirect, simply a 403 and dumped. Anyone else besides myself and the OP seeing this? Thanks. James ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Alejandro Cabrera Obed aco1967 () gmail com www.alejandrocabrera.com.ar ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Alejandro Cabrera Obed aco1967 () gmail com www.alejandrocabrera.com.ar------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersFind it at CarPoint.com.au New, Used, Demo, Dealer or Private? Find it at CarPoint.com.au New, Used, Demo, Dealer or Private? <Oinkmaster.JPG> <ATT00001> <ATT00002> ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules), (continued)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Joel Esler (Jul 19)
- Re: oinkmaster vs pulledpork was (Oinkmaster can't get rules) Mike Lococo (Jul 20)
- RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 15)
- Re: RESOLVED Re: Oinkmaster can't get rules Joel Esler (Jul 15)
- Re: RESOLVED Re: Oinkmaster can't get rules Nigel Houghton (Jul 15)
- Re: RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 16)
- Re: Oinkmaster can't get rules Jun Wan (Jul 25)
- Re: Oinkmaster can t get rules waldo kitty (Jul 25)
- FW: Oinkmaster can't get rules Jun Wan (Jul 25)
- Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
- Re: FW: Oinkmaster can't get rules Nigel Houghton (Jul 26)
- Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
- Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
- Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
- Re: FW: Oinkmaster can't get rules JJC (Jul 26)
- Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)
- Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
- Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)
- Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
- Re: FW: Oinkmaster can t get rules Jun Wan (Jul 28)