Re: still having download problems

["Crook, Parker" <Parker_Crook () reyrey com>]

JJ,



I just upgraded my LWP::Simple to 5.836 and still having this issue.  I also ran update-ca-certificates to cover that 
base.  Just curious, is this only happening on Debain and Debain-based distros?



-Parker



P.S.  If I am still having an issue on this, I will setup a lab at home tonight to test this out on OS X, Debian, and 
if someone is having issues on another distro, let me know and I'll see if can't test it out there too.

  _____

From: JJC [mailto:cummingsj () gmail com]
Sent: Thursday, July 01, 2010 10:51 AM
To: John York
Cc: snort-sigs () lists sourceforge net
Subject: Re: [Snort-sigs] still having download problems



Do you know what version of LWP::SImple you are using?

On Thu, Jul 1, 2010 at 8:32 AM, John York <YorkJ () brcc edu<mailto:YorkJ () brcc edu>> wrote:

I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box.  I also tried to update the CA certs with apt-get, but they are 
already up to date.  When I do a packet trace, I see the box go to Snort and ask for the rules.  Snort replies that the 
rules have moved to s3.amazonaws.com<http://s3.amazonaws.com>.  At that point, my box just gives up--I don't see any 
traffic where it even tries to connect with amazon.  Any ideas?  I tried manually changing pp so it asked for sub-rules 
instead of reg-rules, but both do the same thing.  The pp debug output and https conversation are below, mangled to 
protect the oinkcode.

Thanks
John

PP debug

me@snort:~$ sudo apt-get install ca-certificates
[sudo] password for me:
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

me@snort:~$ sudo ./ppgo

 http://code.google.com/p/pulledpork/
     _____ ____
    `----,\    )
     `--==\\  /    Pulled_Pork v0.4.2
      `--==\\/
    .-~~~~-.Y|\\_  Copyright (C) 2009-2010 JJ Cummings
 @_/        /  66\_  cummingsj () gmail com<mailto:cummingsj () gmail com>
   |    \   \   _(")
    \   /-| ||'--'  Rules give me wings!
     \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Variable Debug:
       Config Path is: /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
       Path to disablesid file: /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf
       Verbose Flag is Set
       Extra Verbose Flag is Set
Config File Variable Debug /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
       snort_path = /usr/local/bin/snort
       pid_path = /var/run/snortd.pid
       rule_path = /usr/local/etc/snort/rules/snort.rules
       ignore = deleted,experimental,local
       rule_file = snortrules-snapshot-2860.tar.gz
       sid_changelog = /var/log/sid_changes.log
       sid_msg = /usr/local/etc/snort/sid-msg.map
       config_path = /usr/local/etc/snort/snort.conf
       sostub_path = /usr/local/etc/snort/rules/so_rules.rules
       oinkcode = 7025mangle-mangle7813
       temp_path = /tmp
       distro = Ubuntu-8.04
       base_url = http://www.snort.org/
       sorule_path = /usr/local/lib/snort_dynamicrules/
       version = 0.4.2
       disablesid = /usr/local/etc/snort/disablesid.conf
       local_rules = /usr/local/etc/snort/rules/local.rules
Checking latest MD5....
       Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5
       most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf
Rules tarball download....
       Fetching rules file: snortrules-snapshot-2860.tar.gz
       Error 501 when fetching snortrules-snapshot-2860.tar.gz at 
/home/bryorkj/snortrules/pulledpork/pulledpork.pl<http://pulledpork.pl> line 264.
       going to get this url:  http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813


HTTP conversation

GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: www.snort.org<http://www.snort.org>
User-Agent: LWP::Simple/5.820

HTTP/1.0 302 Moved Temporarily
Date: Thu, 01 Jul 2010 13:57:15 GMT
Server: Apache
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
X-Runtime: 448
Cache-Control: no-cache
Set-Cookie: _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc; path=/; HttpOnly
Location: 
https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D
Content-Length<https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D%0d%0aContent-Length>:
 251
Status: 302
Content-Type: text/html; charset=utf-8
X-Cache: MISS from web610.br.vccs.edu<http://web610.br.vccs.edu>
Via: 1.0 web610.br.vccs.edu:8080<http://web610.br.vccs.edu:8080> (http_scan/4.0.2.6.19)
Connection: close

<html><body>You are being <a 
href="https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&amp;Expires=1277992665&amp;Signature=7ZFmangle-mangle4%3D";>redirected</a>.</body></html>



------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first<http://sprint.com/first> -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs



------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs