Snort mailing list archives

Re: community-rules file with appended data at the end.

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 24 Feb 2016 22:02:17 +0000

Try this:

wget --no-check-certificate https://www.snort.org/downloads/community/community-rules.tar.gz -O community-rules.tar.gz

That being said..  it’s better if you use pulledpork to perform this entire function.

--
Joel Esler
Manager, Talos Group




On Feb 24, 2016, at 3:08 PM, Lamont, Brian A. <Brian.Lamont () gd-ms com<mailto:Brian.Lamont () gd-ms com>> wrote:

Hello,
When I use wget to grab the latest rules file, it comes through with lots of what appears to be certificate data 
appended to the end.   Does this come from Snort or a result from my end?

Command:
wget --no-check-certificate https://www.snort.org/downloads/community/community-rules.tar.gz

Rules file:
community-rules.tar.gz?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1456346542&Signature=k+r%2F1gXriBz3NU%2FEF4          
                      Mzy%2FoZHO8='


full wget output
--------------------------
[root@eadc-w-inf02 ~]# wget --no-check-certificate https://www.snort.org/downloads/community/community-rules.tar.gz
--2016-02-24 12:42:07--  https://www.snort.org/downloads/community/community-rules.tar.gz
Resolving www.snort.org<http://www.snort.org/>... 104.16.66.75, 104.16.65.75, 104.16.63.75, ...
Connecting to www.snort.org<http://www.snort.org/>|104.16.66.75|:443... connected.
WARNING: certificate common name `ssl383883.cloudflaressl.com<http://ssl383883.cloudflaressl.com/>' doesn't match 
requested host name `www.snort.org<http://www.snort.org/>'.
HTTP request sent, awaiting response... 302 Found
Location: 
https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/003/298/original/community-rules.tar.        
                        
gz?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1456346542&Signature=k%2Br%2F1gXriBz3NU%2FEF4Mzy%2FoZHO8%3D [following]
--2016-02-24 12:42:10--  
https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/003/298/original/commu                       
         
nity-rules.tar.gz?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1456346542&Signature=k%2Br%2F1gXriBz3NU%2FEF4Mzy%2FoZHO8%3D
Resolving s3.amazonaws.com<http://s3.amazonaws.com/>... 54.231.48.99
Connecting to s3.amazonaws.com<http://s3.amazonaws.com/>|54.231.48.99|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 267309 (261K) [application/x-tar]
Saving to: 
`community-rules.tar.gz?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1456346542&Signature=k+r%2F1gXriBz3NU%2FEF4         
                       Mzy%2FoZHO8='

100%[================================================================================>] 267,309      722K/s   in 0.4s

2016-02-24 12:42:11 (722 KB/s) - 
`community-rules.tar.gz?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1456346542&Signature=                               
 k+r%2F1gXriBz3NU%2FEF4Mzy%2FoZHO8=' saved [267309/267309]



Brian Lamont
Unix Systems Admin

<image001.jpg>
Desk:  480 586-9986
Cell:     480 209-8751
brian.lamont () gd-ms com<mailto:brian.lamont () gd-ms com>

This message and/or attachments may include information subject to GD Corporate Policies 07-103 and 07-105 and is 
intended to be accessed only by authorized recipients.  Use, storage and transmission are governed by General Dynamics 
and its policies. Contractual restrictions apply to third parties.  Recipients should refer to the policies or contract 
to determine proper handling.  Unauthorized review, use, disclosure or distribution is prohibited.  If you are not an 
intended recipient, please contact the sender and destroy all copies of the original message.


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

community-rules file with appended data at the end. Lamont, Brian A. (Feb 24)
- Re: community-rules file with appended data at the end. Joel Esler (jesler) (Feb 24)
- Re: community-rules file with appended data at the end. wkitty42 (Feb 24)
  - Re: community-rules file with appended data at the end. Lamont, Brian A. (Feb 24)