Snort mailing list archives

Snort Wget Failure (can't resolve www.snort.org)

From: Todd Booth <todd.booth () ltu se>
Date: Fri, 23 Sep 2011 10:53:10 +0200



Hello,

 

Ive configured snort, on my Vyatta network/security device but the initial
downloading of rules fails.  I surfed the net and see other users (without
Vyatta) are having the same problems.

 

Here is the initial wget

 

wget http://www.snort.org/pub-bin/oinkmaster.cgi/
<http://www.snort.org/pub-bin/oinkmaster.cgi/%3cmy%20snort%20oink%20code%3e/
snortrules-snapshot-2905.tar.gz> <my snort oink
code>/snortrules-snapshot-2905.tar.gz

 

Here is the error:

 

--2011-09-23 08:45:27--  http://www.snort.org/pub-bin/oinkmaster.cgi/
<http://www.snort.org/pub-bin/oinkmaster.cgi/%3cmy> <my snort oink
code>/snortrules-snapshot-2905.tar.gz

Resolving www.snort.org... failed: Name or service not known.

wget: unable to resolve host address `www.snort.org'

 

However if I ping www.snort.org from my Vyatta, I get the ip address
resolved as 68.177.102.20

 

So in my new wget, I replaced www.snort.org with 68.177.102.20, as follows

 

vyatta@Vyatta1:~$ wget http://68.177.102.20/pub-bin/oinkmaster.cgi/
<http://68.177.102.20/pub-bin/oinkmaster.cgi/%3cmy> <my oink
code>/snortrules-snapshot-2905.tar.gz

--2011-09-23 07:55:21--  http://68.177.102.20/pub-bin/oinkmaster.cgi/
<http://68.177.102.20/pub-bin/oinkmaster.cgi/%3cmy> <my oink
code>/snortrules-snapshot-2905.tar.gz

Connecting to 68.177.102.20:80... connected.

HTTP request sent, awaiting response... 302 Found

Location:
http://s3.amazonaws.com/snort-org/www/rules/20110823/snortrules-snapshot-290
5.tar.gz?AWSAccessKeyId=<key>&Expires=1316764830&Signature=

JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D [following]

--2011-09-23 07:55:24--
http://s3.amazonaws.com/snort-org/www/rules/20110823/sn

ortrules-snapshot-2905.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=13
1676

4830&Signature=JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D

Resolving s3.amazonaws.com... failed: Name or service not known.

wget: unable to resolve host address `s3.amazonaws.com'

 

So I do a wget to www.snort.org and I get referred to s3.amazonaws.com

 

However s3.amazonaws.com is also not resolved.  So I try ping and get the
s3.amazonaw.com ip address address and plug that in to the above 2nd wget

 

wget
http://72.21.211.173/snort-org/www/rules/20110823/snortrules-snapshot-2905.t
ar.gz?<key>&Expires=1316764830&Signature=JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D

 

Then I get the following error:

HTTP request sent, awaiting response... 403 Forbidden

2011-09-23 08:50:47 ERROR 403: Forbidden.

 

Is this a problem with wget?  Or is this a problem with the configuration at
www.snort.org?

 

Thanks and Regards,

Description: Description: cid:image002.jpg@01CB97C3.BFF2AC00Description:
Description: Description: Description: cid:image002.png@01CB3D84.E32FF720

 

 <http://ltu.se/> Description: Description: Description: Description:
cid:image003.png@01CB3D84.E32FF720   <http://ltu.se/> Luleå Technology
University

Teacher, Research Engineer and Lecturer Todd Booth

 

 <http://www.ltu.se/org/srt?l=en> Department: Computer Science, Electrical
and Space Engineering, CSEE (SKE/SRT)

 <http://www.ltu.se/org/srt/Avdelningar/Datavetenskap?l=en> Division:
Computer Science

Specialty:     Computer and System Science /
<http://www.ltu.se/edu/program/FMISA?l=en> Information Security

Courses:        <http://www.ltu.se/edu/course/A00/A0004N?l=en> A0004N
Information Security and  <http://www.ltu.se/edu/course/A70/A7011N?l=en>
A7011N Internet Security

 

Direct: +46-910-585 324

Mobile: +46-76-346 3459

Email:  <mailto:Todd.Booth () LTU se> Todd.Booth () LTU se

Web:  <http://ltu.se/> http://LTU.se

LinkedIn:  <mailto:Todd.Booth () LTU se> Todd.Booth () LTU se

Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort Wget Failure (can't resolve www.snort.org) Todd Booth (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler (Oct 06)
- Re: Snort Wget Failure (can't resolve www.snort.org) Carney, Megan (Oct 06)
  - Re: Snort Wget Failure (can't resolve www.snort.org) Joel Esler (Oct 06)
    - Re: Snort Wget Failure (can't resolve www.snort.org) Negin Nickparsa (Oct 06)
    - Re: Snort Wget Failure (can't resolve www.snort.org) Brandon Hall (Oct 06)