Snort mailing list archives
Snort rules downloaded from Amazon AWS through plain http
From: Vladimir Rabotka <vladimir.rabotka () mcgill ca>
Date: Wed, 16 Jul 2014 18:53:17 +0000
Hi there, Has anybody else noticed that snort rules are now being downloaded from Amazon AWS through http ? We allow https but block outgoing http from out snort machine and last night pulledpork failed with a bizarre 500 error. Running pulledpork in verbose mode showed that the https call to snort.org is redirected to an Amazon AWS page that doesn't use SSL: Rules tarball download of snortrules-snapshot-2956.tar.gz.... Fetching rules file: snortrules-snapshot-2956.tar.gz ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/### ==> 302 Found ** GET http://s3.amazonaws.com/snort-org-site/production/release_files/files/000/000/189/original/snortrules-snapshot-2956.tar.gz?AWSAccessKeyId=### &Expires=###&Signature=### ==> 500 Can't connect to s3.amazonaws.com:80 (connect: Connection refused) A 500 error occurred, please verify that you have recently updated your root certificates! So anybody who intercepts the HTTP call can download the rules with somebody else's access key and keep the key for future use.
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rules downloaded from Amazon AWS through plain http Vladimir Rabotka (Jul 16)