Snort mailing list archives
Re: PulledPork not processing
From: "Michael Steele" <michaels () winsnort com>
Date: Sun, 10 Feb 2013 18:13:40 -0500
I don't think so. I'm thinking this gets bypassed using the -T switch, but maybe not. Not sure how long it takes to extract the opensource.gz in UNIX using PP? In Windows it takes about 10 seconds to process the rules in PP, but 30+ minutes to extract the signatures. Best regards, Michael... From: Tony Robinson [mailto:deusexmachina667 () gmail com] Sent: Sunday, February 10, 2013 4:27 PM To: JJ Cummings Cc: Michael Steele; snort-users () lists sourceforge net Subject: Re: [Snort-users] PulledPork not processing meant to reply-all. think i might have just sent this to JJ by accident. Hey... I saw this line in your output above: Distro Def is: FreeBSD-8.1 Wondering if that might having something to do with it? Is there an option to define the distro for PP to windows? On Sun, Feb 10, 2013 at 11:51 AM, JJ Cummings <cummingsj () gmail com <mailto:cummingsj () gmail com> > wrote: Michael, Are you talking about the rule docs "the opensource.tgz" file? If so, these are not the rules and only need to be extracted if you are using them for reference. This can sometimes take a while to extract... However, as Joel said the actual rules operation should be quite fast. JJC Sent from the iRoad On Feb 10, 2013, at 9:20, "Joel Esler" <jesler () sourcefire com <mailto:jesler () sourcefire com> > wrote: *self contained - Joel Esler Mobile On Sun, Feb 10, 2013 at 10:38 AM, Joel Esler <jesler () sourcefire com <mailto:jesler () sourcefire com> > wrote: Wow. That's pretty slow. On Unix it takes about 10 seconds give or take. But no, Pulledpork is sell contained except for a few libraries and is meant to be that way. On Sun, Feb 10, 2013 at 9:57 AM, Michael Steele <michaels () winsnort com <mailto:michaels () winsnort com> > wrote: Problem solved. It appears that some of the Perl packages were corrupted. However; Does anyone have a work around for the installation of the Signatures. I don't know about UNIX, but on Windows it takes at least 30 minutes for Perl to extract. Is it possible for the pulledpork.pl <http://pulledpork.pl> file to extract with a native OS extraction tool? Best regards, Michael... From: Michael Steele [mailto:michaels () winsnort com <mailto:michaels () winsnort com> ] Sent: Saturday, February 09, 2013 1:49 PM To: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Subject: [Snort-users] PulledPork not processing This is the latest pull from the SVN. It appears PulledPork is trying to process the rules twice. In the temp folder I'm only getting a partial transfer of the rules and the MD5 file. C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl <http://pulledpork.pl> -c d:\winids\pulledpork\etc\pulledpork.conf -vv -T http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.6.2dev the Cigar Pig <////~ `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2012 JJ Cummings @_/ / 66\_ cummingsj () gmail com <mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf snort_path = /usr/local/bin/snort enablesid = d:\winids\pulledpork\etc\enablesid.conf modifysid = d:\winids\pulledpork\etc\modifysid.conf rule_path = d:\winids\snort\rules\snort.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x28e1e24) snort_version = 2.9.4.0 sid_msg_version = 1 sid_changelog = d:\winids\snort\log\sid_changes.log sid_msg = d:\winids\snort\etc\sid-msg.map docs = d:\winids\Apache24\htdocs\base\signatures\ ips_policy = security config_path = /usr/local/etc/snort/snort.conf temp_path = d:\winids\pulledpork\temp distro = FreeBSD-8.1 version = 0.6.1 sorule_path = /usr/local/lib/snort_dynamicrules/ disablesid = d:\winids\pulledpork\etc\disablesid.conf dropsid = d:\winids\pulledpork\etc\dropsid.conf local_rules = d:\winids\snort\rules\local.rules 'uname' is not recognized as an internal or external command, operable program or batch file. MISC (CLI and Autovar) Variable Debug: Config Path is: d:\winids\pulledpork\etc\pulledpork.conf Distro Def is: FreeBSD-8.1 Docs Reference Location is: d:\winids\Apache24\htdocs\base\signatures\ security policy specified local.rules path is: d:\winids\snort\rules\local.rules Rules file is: d:\winids\snort\rules\snort.rules Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf sid changes will be logged to: d:\winids\snort\log\sid_changes.log sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map Snort Version is: 2.9.4.0 Snort Config File: /usr/local/etc/snort/snort.conf Snort Path is: /usr/local/bin/snort Text Rules only Flag is Set Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841 cffbe085a91b7c5775ba98cf <https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C991158d6f08 47841cffbe085a91b7c5775ba98cf> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7 c5 <https://www.snort.org/reg-rules/%7Copensource.gz%7C991158d6f0847841cffbe085 a91b7c5> 775ba98cf Checking latest MD5 for snortrules-snapshot-2940.tar.gz.... Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/991158d6 f0847841cffbe085a91b7c5775ba98cf ==> 200 OK (3s) most recent rules file digest: ae46740e802f023be681d932ef71f407 Rules tarball download of snortrules-snapshot-2940.tar.gz.... Fetching rules file: snortrules-snapshot-2940.tar.gz ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f084 7841cffbe085a91b7c5775ba98cf ==> 302 Found (1s) ** GET https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-29 40.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ <https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2 940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435268&Signature= KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D> &Expires=1360435268&Signature=KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D ==> 200 OK (1s) storing file at: d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz current local rules file digest: eed12b6d1e99dd34dda723167ab18f8c The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file! Rules tarball download of snortrules-snapshot-2940.tar.gz.... Fetching rules file: snortrules-snapshot-2940.tar.gz ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f084 7841cffbe085a91b7c5775ba98cf ==> 302 Found ** GET https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-29 40.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ <https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2 940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435269&Signature= 2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D> &Expires=1360435269&Signature=2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D ==> 0 200 OK storing file at: d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz current local rules file digest: 6fb296525f90c700ff356264397e7977 The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file! Rules tarball download of snortrules-snapshot-2940.tar.gz.... Fetching rules file: snortrules-snapshot-2940.tar.gz ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f084 7841cffbe085a91b7c5775ba98cf ==> 403 Forbidden (1s) A 403 error occurred, please wait for the 15 minute timeout to expire before trying again or specify the -n runtime switch You may also wish to verfiy your oinkcode, tarball name, and other configuration options I can drop the rules, and open source file into the empty temp folder and try to process offline but I'm getting: C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl <http://pulledpork.pl> -c d:\winids\pulledpork\etc\pulledpork.conf -n -vv -T http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.6.2dev the Cigar Pig <////~ `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2012 JJ Cummings @_/ / 66\_ cummingsj () gmail com <mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf snort_path = /usr/local/bin/snort enablesid = d:\winids\pulledpork\etc\enablesid.conf modifysid = d:\winids\pulledpork\etc\modifysid.conf rule_path = d:\winids\snort\rules\snort.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x285929c) snort_version = 2.9.4.0 sid_msg_version = 1 sid_changelog = d:\winids\snort\log\sid_changes.log sid_msg = d:\winids\snort\etc\sid-msg.map docs = d:\winids\Apache24\htdocs\base\signatures\ ips_policy = security config_path = /usr/local/etc/snort/snort.conf temp_path = d:\winids\pulledpork\temp distro = FreeBSD-8.1 version = 0.6.1 sorule_path = /usr/local/lib/snort_dynamicrules/ disablesid = d:\winids\pulledpork\etc\disablesid.conf dropsid = d:\winids\pulledpork\etc\dropsid.conf local_rules = d:\winids\snort\rules\local.rules 'uname' is not recognized as an internal or external command, operable program or batch file. MISC (CLI and Autovar) Variable Debug: Config Path is: d:\winids\pulledpork\etc\pulledpork.conf Distro Def is: FreeBSD-8.1 Docs Reference Location is: d:\winids\Apache24\htdocs\base\signatures\ security policy specified local.rules path is: d:\winids\snort\rules\local.rules No Download Flag is Set Rules file is: d:\winids\snort\rules\snort.rules Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf sid changes will be logged to: d:\winids\snort\log\sid_changes.log sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map Snort Version is: 2.9.4.0 Snort Config File: /usr/local/etc/snort/snort.conf Snort Path is: /usr/local/bin/snort Text Rules only Flag is Set Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841 cffbe085a91b7c5775ba98cf <https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C991158d6f08 47841cffbe085a91b7c5775ba98cf> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7 c5 <https://www.snort.org/reg-rules/%7Copensource.gz%7C991158d6f0847841cffbe085 a91b7c5> 775ba98cf Prepping rules from snortrules-snapshot-2940.tar.gz for work.... extracting contents of d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz... Ignoring plaintext rules: deleted.rules Ignoring plaintext rules: experimental.rules Ignoring plaintext rules: local.rules Extracted: /tha_rules/VRT-server-other.rules Extracted: /tha_rules/VRT-pua-adware.rules Extracted: /tha_rules/VRT-misc.rules Extracted: /tha_rules/VRT-malware-backdoor.rules Extracted: /tha_rules/VRT-indicator-compromise.rules Extracted: /tha_rules/VRT-file-pdf.rules Extracted: /tha_rules/VRT-content-replace.rules Extracted: /tha_rules/VRT-file-identify.rules Extracted: /tha_rules/VRT-browser-webkit.rules Extracted: /tha_rules/VRT-specific-threats.rules Extracted: /tha_rules/VRT-file-office.rules Extracted: /tha_rules/VRT-rpc.rules Extracted: /tha_rules/VRT-dns.rules Extracted: /tha_rules/VRT-os-other.rules Extracted: /tha_rules/VRT-snmp.rules Extracted: /tha_rules/VRT-policy-other.rules Extracted: /tha_rules/VRT-web-coldfusion.rules Extracted: /tha_rules/VRT-protocol-voip.rules Extracted: /tha_rules/VRT-file-image.rules Extracted: /tha_rules/VRT-chat.rules Extracted: /tha_rules/VRT-voip.rules Extracted: /tha_rules/VRT-os-solaris.rules Extracted: /tha_rules/VRT-pop3.rules Extracted: /tha_rules/VRT-server-mssql.rules Extracted: /tha_rules/VRT-preprocessor.rules Extracted: /tha_rules/VRT-policy-social.rules Extracted: /tha_rules/VRT-protocol-ftp.rules Extracted: /tha_rules/VRT-server-webapp.rules Extracted: /tha_rules/VRT-server-oracle.rules Extracted: /tha_rules/VRT-scada.rules Extracted: /tha_rules/VRT-other-ids.rules Extracted: /tha_rules/VRT-server-apache.rules Extracted: /tha_rules/VRT-sql.rules Extracted: /tha_rules/VRT-icmp.rules Extracted: /tha_rules/VRT-file-multimedia.rules Extracted: /tha_rules/VRT-pua-p2p.rules Extracted: /tha_rules/VRT-info.rules Extracted: /tha_rules/VRT-pua-other.rules Extracted: /tha_rules/VRT-server-mail.rules Extracted: /tha_rules/VRT-netbios.rules Extracted: /tha_rules/VRT-smtp.rules Extracted: /tha_rules/VRT-protocol-icmp.rules Extracted: /tha_rules/VRT-sensitive-data.rules Extracted: /tha_rules/VRT-indicator-shellcode.rules Extracted: /tha_rules/VRT-web-iis.rules Extracted: /tha_rules/VRT-protocol-finger.rules Extracted: /tha_rules/VRT-botnet-cnc.rules Extracted: /tha_rules/VRT-pua-toolbars.rules Extracted: /tha_rules/VRT-mysql.rules Extracted: /tha_rules/VRT-virus.rules Extracted: /tha_rules/VRT-protocol-imap.rules Extracted: /tha_rules/VRT-malware-cnc.rules Extracted: /tha_rules/VRT-web-misc.rules Extracted: /tha_rules/VRT-tftp.rules Extracted: /tha_rules/VRT-blacklist.rules Extracted: /tha_rules/VRT-shellcode.rules Extracted: /tha_rules/VRT-spyware-put.rules Extracted: /tha_rules/VRT-exploit.rules Extracted: /tha_rules/VRT-protocol-services.rules Extracted: /tha_rules/VRT-browser-ie.rules Extracted: /tha_rules/VRT-os-windows.rules Extracted: /tha_rules/VRT-ddos.rules Extracted: /tha_rules/VRT-attack-responses.rules Extracted: /tha_rules/VRT-browser-firefox.rules Extracted: /tha_rules/VRT-browser-chrome.rules Extracted: /tha_rules/VRT-telnet.rules Extracted: /tha_rules/VRT-browser-other.rules Extracted: /tha_rules/VRT-icmp-info.rules Extracted: /tha_rules/VRT-os-linux.rules Extracted: /tha_rules/VRT-indicator-obfuscation.rules Extracted: /tha_rules/VRT-policy-spam.rules Extracted: /tha_rules/VRT-malware-tools.rules Extracted: /tha_rules/VRT-x11.rules Extracted: /tha_rules/VRT-p2p.rules Extracted: /tha_rules/VRT-scan.rules Extracted: /tha_rules/VRT-ftp.rules Extracted: /tha_rules/VRT-malware-other.rules Extracted: /tha_rules/VRT-web-php.rules Extracted: /tha_rules/VRT-web-activex.rules Extracted: /tha_rules/VRT-decoder.rules Extracted: /tha_rules/VRT-web-frontpage.rules Extracted: /tha_rules/VRT-rservices.rules Extracted: /tha_rules/VRT-file-executable.rules Extracted: /tha_rules/VRT-file-other.rules Extracted: /tha_rules/VRT-backdoor.rules Extracted: /tha_rules/VRT-multimedia.rules Extracted: /tha_rules/VRT-web-client.rules Extracted: /tha_rules/VRT-exploit-kit.rules Extracted: /tha_rules/VRT-protocol-pop.rules Extracted: /tha_rules/VRT-browser-plugins.rules Extracted: /tha_rules/VRT-policy.rules Extracted: /tha_rules/VRT-web-attacks.rules Extracted: /tha_rules/VRT-imap.rules Extracted: /tha_rules/VRT-file-flash.rules Extracted: /tha_rules/VRT-nntp.rules Extracted: /tha_rules/VRT-dos.rules Extracted: /tha_rules/VRT-finger.rules Extracted: /tha_rules/VRT-phishing-spam.rules No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl <http://pulledpork.pl> line 293. Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl <http://pulledpork.pl> line 293. Extracted: d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt Extracted: /tha_rules/VRT-server-mysql.rules Extracted: /tha_rules/VRT-oracle.rules Extracted: /tha_rules/VRT-server-iis.rules Extracted: /tha_rules/VRT-app-detect.rules Extracted: /tha_rules/VRT-policy-multimedia.rules Extracted: /tha_rules/VRT-pop2.rules Extracted: /tha_rules/VRT-bad-traffic.rules Extracted: /tha_rules/VRT-web-cgi.rules Prepping rules from snortrules-snapshot-2940.tar.gz for work.... extracting contents of d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz... Ignoring plaintext rules: deleted.rules Ignoring plaintext rules: experimental.rules Ignoring plaintext rules: local.rules Extracted: /tha_rules/VRT-server-other.rules Extracted: /tha_rules/VRT-pua-adware.rules Extracted: /tha_rules/VRT-misc.rules Extracted: /tha_rules/VRT-malware-backdoor.rules Extracted: /tha_rules/VRT-indicator-compromise.rules Extracted: /tha_rules/VRT-file-pdf.rules Extracted: /tha_rules/VRT-content-replace.rules Extracted: /tha_rules/VRT-file-identify.rules Extracted: /tha_rules/VRT-browser-webkit.rules Extracted: /tha_rules/VRT-specific-threats.rules Extracted: /tha_rules/VRT-file-office.rules Extracted: /tha_rules/VRT-rpc.rules Extracted: /tha_rules/VRT-dns.rules Extracted: /tha_rules/VRT-os-other.rules Extracted: /tha_rules/VRT-snmp.rules Extracted: /tha_rules/VRT-policy-other.rules Extracted: /tha_rules/VRT-web-coldfusion.rules Extracted: /tha_rules/VRT-protocol-voip.rules Extracted: /tha_rules/VRT-file-image.rules Extracted: /tha_rules/VRT-chat.rules Extracted: /tha_rules/VRT-voip.rules Extracted: /tha_rules/VRT-os-solaris.rules Extracted: /tha_rules/VRT-server-mssql.rules Extracted: /tha_rules/VRT-pop3.rules Extracted: /tha_rules/VRT-preprocessor.rules Extracted: /tha_rules/VRT-policy-social.rules Extracted: /tha_rules/VRT-protocol-ftp.rules Extracted: /tha_rules/VRT-server-webapp.rules Extracted: /tha_rules/VRT-server-oracle.rules Extracted: /tha_rules/VRT-scada.rules Extracted: /tha_rules/VRT-other-ids.rules Extracted: /tha_rules/VRT-server-apache.rules Extracted: /tha_rules/VRT-sql.rules Extracted: /tha_rules/VRT-icmp.rules Extracted: /tha_rules/VRT-file-multimedia.rules Extracted: /tha_rules/VRT-pua-p2p.rules Extracted: /tha_rules/VRT-info.rules Extracted: /tha_rules/VRT-pua-other.rules Extracted: /tha_rules/VRT-server-mail.rules Extracted: /tha_rules/VRT-netbios.rules Extracted: /tha_rules/VRT-smtp.rules Extracted: /tha_rules/VRT-protocol-icmp.rules Extracted: /tha_rules/VRT-sensitive-data.rules Extracted: /tha_rules/VRT-indicator-shellcode.rules Extracted: /tha_rules/VRT-web-iis.rules Extracted: /tha_rules/VRT-protocol-finger.rules Extracted: /tha_rules/VRT-botnet-cnc.rules Extracted: /tha_rules/VRT-pua-toolbars.rules Extracted: /tha_rules/VRT-mysql.rules Extracted: /tha_rules/VRT-virus.rules Extracted: /tha_rules/VRT-protocol-imap.rules Extracted: /tha_rules/VRT-malware-cnc.rules Extracted: /tha_rules/VRT-web-misc.rules Extracted: /tha_rules/VRT-tftp.rules Extracted: /tha_rules/VRT-shellcode.rules Extracted: /tha_rules/VRT-blacklist.rules Extracted: /tha_rules/VRT-spyware-put.rules Extracted: /tha_rules/VRT-exploit.rules Extracted: /tha_rules/VRT-protocol-services.rules Extracted: /tha_rules/VRT-browser-ie.rules Extracted: /tha_rules/VRT-os-windows.rules Extracted: /tha_rules/VRT-ddos.rules Extracted: /tha_rules/VRT-attack-responses.rules Extracted: /tha_rules/VRT-browser-firefox.rules Extracted: /tha_rules/VRT-browser-chrome.rules Extracted: /tha_rules/VRT-telnet.rules Extracted: /tha_rules/VRT-browser-other.rules Extracted: /tha_rules/VRT-icmp-info.rules Extracted: /tha_rules/VRT-os-linux.rules Extracted: /tha_rules/VRT-indicator-obfuscation.rules Extracted: /tha_rules/VRT-policy-spam.rules Extracted: /tha_rules/VRT-malware-tools.rules Extracted: /tha_rules/VRT-x11.rules Extracted: /tha_rules/VRT-p2p.rules Extracted: /tha_rules/VRT-scan.rules Extracted: /tha_rules/VRT-ftp.rules Extracted: /tha_rules/VRT-malware-other.rules Extracted: /tha_rules/VRT-web-php.rules Extracted: /tha_rules/VRT-web-activex.rules Extracted: /tha_rules/VRT-decoder.rules Extracted: /tha_rules/VRT-web-frontpage.rules Extracted: /tha_rules/VRT-rservices.rules Extracted: /tha_rules/VRT-file-executable.rules Extracted: /tha_rules/VRT-file-other.rules Extracted: /tha_rules/VRT-backdoor.rules Extracted: /tha_rules/VRT-multimedia.rules Extracted: /tha_rules/VRT-web-client.rules Extracted: /tha_rules/VRT-exploit-kit.rules Extracted: /tha_rules/VRT-protocol-pop.rules Extracted: /tha_rules/VRT-browser-plugins.rules Extracted: /tha_rules/VRT-policy.rules Extracted: /tha_rules/VRT-web-attacks.rules Extracted: /tha_rules/VRT-imap.rules Extracted: /tha_rules/VRT-file-flash.rules Extracted: /tha_rules/VRT-nntp.rules Extracted: /tha_rules/VRT-dos.rules Extracted: /tha_rules/VRT-finger.rules Extracted: /tha_rules/VRT-phishing-spam.rules No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl <http://pulledpork.pl> line 293. Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl <http://pulledpork.pl> line 293. Extracted: d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt Extracted: /tha_rules/VRT-server-mysql.rules Extracted: /tha_rules/VRT-oracle.rules Extracted: /tha_rules/VRT-server-iis.rules Extracted: /tha_rules/VRT-app-detect.rules Extracted: /tha_rules/VRT-policy-multimedia.rules Extracted: /tha_rules/VRT-pop2.rules Extracted: /tha_rules/VRT-bad-traffic.rules Extracted: /tha_rules/VRT-web-cgi.rules Cleanup.... removed 108 temporary snort files or directories from d:\winids\pulledpork\temp/tha_rules! Fly Piggy Fly! Best regards, Michael... ---------------------------------------------------------------------------- -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ---------------------------------------------------------------------------- -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ---------------------------------------------------------------------------- -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork not processing Michael Steele (Feb 09)
- Re: PulledPork not processing Michael Steele (Feb 10)
- Re: PulledPork not processing Joel Esler (Feb 10)
- Re: PulledPork not processing Joel Esler (Feb 10)
- Re: PulledPork not processing JJ Cummings (Feb 10)
- Re: PulledPork not processing Tony Robinson (Feb 10)
- Re: PulledPork not processing Michael Steele (Feb 10)
- Re: PulledPork not processing JJ Cummings (Feb 10)
- Re: PulledPork not processing Joel Esler (Feb 10)
- Re: PulledPork not processing Michael Steele (Feb 10)