Re: HTTP 422 when trying to download rulesets with pulledpork

["Starner, Mark" <mark.starner () unisys com>]

Also, when I use the link provided on the new snort.org website, using wget
it fails also:

 

[root@ustr-siqx pulledpork]# wget
https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?<myoinkcode>

--2014-07-10 18:04:50--
https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?<myoinkcode>

Resolving www.snort.org... 50.19.124.119, 54.243.242.66, 54.225.152.149

Connecting to www.snort.org|50.19.124.119|:443... connected.

ERROR: cannot verify www.snort.org's certificate, issued by `/C=US/O=Thawte,
Inc./CN=Thawte SSL CA':

  Self-signed certificate encountered.

ERROR: certificate common name `snort.org' doesn't match requested host name
`www.snort.org'.

To connect to www.snort.org insecurely, use `--no-check-certificate'.

Unable to establish SSL connection.

 

When I use "-no-check-certificate" I get:

[root@ustr-siqx pulledpork]# wget --no-check-certificate
https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?<myoinkcode>

--2014-07-10 18:07:08--
https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?<myoinkcode>

Resolving www.snort.org... 50.19.124.119, 54.243.242.66, 54.225.152.149

Connecting to www.snort.org|50.19.124.119|:443... connected.

WARNING: cannot verify www.snort.org's certificate, issued by
`/C=US/O=Thawte, Inc./CN=Thawte SSL CA':

  Self-signed certificate encountered.

WARNING: certificate common name `snort.org' doesn't match requested host
name `www.snort.org'.

HTTP request sent, awaiting response... 422 Unprocessable Entity

2014-07-10 18:07:08 ERROR 422: Unprocessable Entity.

 

From: Starner, Mark 
Sent: Thursday, July 10, 2014 1:54 PM
To: snort-users mailinglist
Subject: RE: [Snort-users] HTTP 422 when trying to download rulesets with
pulledpork

 

I have tried various things in my pulledpork config file and nothing seems
to work.

 

I tried the old way (which Joel is looking into since it should work)

rule_url=https://www.snort.org/sub-rules/|snortrules-snapshot-2961.tar.gz|<o
inkcode>

 

But what should it look like for the new format when the final URL for the
subscriber rules needs to be:

https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?
<https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?%3coinkcode>
<oinkcode>

 

I have tried every combination I can think of and have not been able to
download the rules.

 

Thanks

Mark

 

 

 

From: Joel Esler (jesler) [mailto:jesler () cisco com] 
Sent: Thursday, July 10, 2014 8:53 AM
To: Shirkdog
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with
pulledpork

 

We still support the old one. We're looking into the issue. 

-- 

Joel Esler

Sent from my iPhone


On Jul 10, 2014, at 8:47, "Shirkdog" <shirkdog () gmail com> wrote:

I will work on updating the default for pulled pork, but use the following
URL, per the new website:

https://www.snort.org/rules/snortrules-snapshot-29xx-tar.gz?<oinkcode>

On Jul 10, 2014 8:40 AM, "Anshuman Anil Deshmukh" <anshuman () cybage com>
wrote:

Hi,

 

Even I am getting such error. in my case the only difference is that I am on
the older version. Is it something to do with the recent changes that
happened on the website?

 

Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|
<https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C> <my
oinkcode> https://www.snort.org/reg-rules/|opensource.gz|
<https://www.snort.org/reg-rules/%7Copensource.gz%7C> <my oinkcode>
https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
<https://rules.emergingthreats.net/%7Cemerging.rules.tar.gz%7Copen>
https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.
gz|Community
<https://s3.amazonaws.com/snort-org/www/rules/community/%7Ccommunity-rules.t
ar.gz%7CCommunity>
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
<http://labs.snort.org/feeds/ip-filter.blf%7CIPBLACKLIST%7Copen> 

Checking latest MD5 for snortrules-snapshot-2950.tar.gz....

                Fetching md5sum for: snortrules-snapshot-2950.tar.gz.md5

** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/<my
oinkcode> ==> 422 Unprocessable Entity (2s)

                Error 422 when fetching
https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5 at
pulledpork.pl line 463

                main::md5file('<my oinkcode>',
'snortrules-snapshot-2950.tar.gz', '/etc/snort/tmp/',
'https://www.snort.org/reg-rules/&apos;) called at pulledpork.pl line 1847

 

 

Regards,

Anshuman 

 

 

-----Original Message-----
From: Laszlo Toth [mailto:laszlo.toth () linguamatics com] 
Sent: Thursday, July 10, 2014 5:00 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] HTTP 422 when trying to download rulesets with
pulledpork

 

Hi,

 

I'm trying to download the registered rules with pulledpork but I'm getting
the following error message:

 

Rules tarball download of snortrules-snapshot-2961.tar.gz....

         Error 422 when fetching snortrules-snapshot-2961.tar.gz at
./pulledpork.pl line 408

         main::rulefetch('oinkcode', 'snortrules-snapshot-2961.tar.gz',

'/tmp/', 'https://www.snort.org/reg-rules/&apos;) called at ./pulledpork.pl line
1856

 

Pulledpork rule config:

rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcod
e <https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7Coinkcode>


 

 

I get the same HTTP response code when I try to manually download the rules
from
<https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz/oinkcode>
https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz/oinkcode

 

Am I missing something?

Thanks,

Laszlo

 

--

Laszlo Toth

Systems administrator

Linguamatics

324 Cambridge Science Park

Milton Road

Cambridge

CB4 0WG

UK

Telephone number:

+44 (0)1223 651910 <tel:%2B44%20%280%291223%20651910> 

 <http://www.linguamatics.com> www.linguamatics.com

 

 

----------------------------------------------------------------------------
--

Open source business process management suite built on Java and Eclipse Turn
processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows Winner of
BOSSIE, CODIE, OW2 and Gartner awards  <http://p.sf.net/sfu/Bonitasoft>
http://p.sf.net/sfu/Bonitasoft
_______________________________________________

Snort-users mailing list

 <mailto:Snort-users () lists sourceforge net>
Snort-users () lists sourceforge net

Go to this URL to change user options or unsubscribe:

 <https://lists.sourceforge.net/lists/listinfo/snort-users>
https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

 <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

 

Please visit  <http://blog.snort.org> http://blog.snort.org to stay current
on all the latest Snort news!

 




"Legal Disclaimer: This electronic message and all contents contain
information from Cybage Software Private Limited which may be privileged,
confidential, or otherwise protected from disclosure. The information is
intended to be for the addressee(s) only. If you are not an addressee, any
disclosure, copy, distribution, or use of the contents of this message is
strictly prohibited. If you have received this electronic message in error
please notify the sender by reply e-mail to and destroy the original message
and all copies. Cybage has taken every reasonable precaution to minimize the
risk of malicious content in the mail, but is not liable for any damage you
may sustain as a result of any malicious content in this e-mail. You should
carry out your own malicious content checks before opening the e-mail or
attachment." www.cybage.com


----------------------------------------------------------------------------
--
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!

----------------------------------------------------------------------------
--
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!

Attachment: smime.p7s
Description:

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!