Snort mailing list archives
Re: still having download problems
From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Thu, 1 Jul 2010 11:02:00 -0400
JJ, I just upgraded my LWP::Simple to 5.836 and still having this issue. I also ran update-ca-certificates to cover that base. Just curious, is this only happening on Debain and Debain-based distros? -Parker P.S. If I am still having an issue on this, I will setup a lab at home tonight to test this out on OS X, Debian, and if someone is having issues on another distro, let me know and I'll see if can't test it out there too. _____ From: JJC [mailto:cummingsj () gmail com] Sent: Thursday, July 01, 2010 10:51 AM To: John York Cc: snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] still having download problems Do you know what version of LWP::SImple you are using? On Thu, Jul 1, 2010 at 8:32 AM, John York <YorkJ () brcc edu<mailto:YorkJ () brcc edu>> wrote: I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box. I also tried to update the CA certs with apt-get, but they are already up to date. When I do a packet trace, I see the box go to Snort and ask for the rules. Snort replies that the rules have moved to s3.amazonaws.com<http://s3.amazonaws.com>. At that point, my box just gives up--I don't see any traffic where it even tries to connect with amazon. Any ideas? I tried manually changing pp so it asked for sub-rules instead of reg-rules, but both do the same thing. The pp debug output and https conversation are below, mangled to protect the oinkcode. Thanks John PP debug me@snort:~$ sudo apt-get install ca-certificates [sudo] password for me: Reading package lists... Done Building dependency tree Reading state information... Done ca-certificates is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. me@snort:~$ sudo ./ppgo http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / Pulled_Pork v0.4.2 `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings @_/ / 66\_ cummingsj () gmail com<mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Variable Debug: Config Path is: /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf Path to disablesid file: /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf Verbose Flag is Set Extra Verbose Flag is Set Config File Variable Debug /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf snort_path = /usr/local/bin/snort pid_path = /var/run/snortd.pid rule_path = /usr/local/etc/snort/rules/snort.rules ignore = deleted,experimental,local rule_file = snortrules-snapshot-2860.tar.gz sid_changelog = /var/log/sid_changes.log sid_msg = /usr/local/etc/snort/sid-msg.map config_path = /usr/local/etc/snort/snort.conf sostub_path = /usr/local/etc/snort/rules/so_rules.rules oinkcode = 7025mangle-mangle7813 temp_path = /tmp distro = Ubuntu-8.04 base_url = http://www.snort.org/ sorule_path = /usr/local/lib/snort_dynamicrules/ version = 0.4.2 disablesid = /usr/local/etc/snort/disablesid.conf local_rules = /usr/local/etc/snort/rules/local.rules Checking latest MD5.... Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5 most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf Rules tarball download.... Fetching rules file: snortrules-snapshot-2860.tar.gz Error 501 when fetching snortrules-snapshot-2860.tar.gz at /home/bryorkj/snortrules/pulledpork/pulledpork.pl<http://pulledpork.pl> line 264. going to get this url: http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP conversation GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP/1.1 TE: deflate,gzip;q=0.3 Connection: TE, close Host: www.snort.org<http://www.snort.org> User-Agent: LWP::Simple/5.820 HTTP/1.0 302 Moved Temporarily Date: Thu, 01 Jul 2010 13:57:15 GMT Server: Apache X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4 X-Runtime: 448 Cache-Control: no-cache Set-Cookie: _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc; path=/; HttpOnly Location: https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D Content-Length<https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D%0d%0aContent-Length>: 251 Status: 302 Content-Type: text/html; charset=utf-8 X-Cache: MISS from web610.br.vccs.edu<http://web610.br.vccs.edu> Via: 1.0 web610.br.vccs.edu:8080<http://web610.br.vccs.edu:8080> (http_scan/4.0.2.6.19) Connection: close <html><body>You are being <a href="https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D">redirected</a>.</body></html> ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first<http://sprint.com/first> -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- still having download problems John York (Jul 01)
- Re: still having download problems JJC (Jul 01)
- Re: still having download problems Crook, Parker (Jul 01)
- Re: still having download problems JJC (Jul 01)
- Re: still having download problems Joel Esler (Jul 01)
- Re: still having download problems JJC (Jul 01)
- Re: still having download problems John York (Jul 01)
- Re: still having download problems Crook, Parker (Jul 01)
- Re: still having download problems JJC (Jul 01)