Re: problem downloading vrt rules with oinkmaster

[Russell Fulton <r.fulton () auckland ac nz>]

Sigh...  you have run foul of the restrictions on downloading ruleset  
twice in too short a time frame (supposedly 15 minutes).  If you do  
this in a browser you will see the text sent with the 403 message,  
wget does not display this.

I've had problems with wget displaying the 403 even when there has  
been no download for a long time.  This does not happen with a normal  
browser.  I don't know what the problem is.

R


On 4/07/2009, at 2:47 AM, Terry wrote:

> Hello,
>
> I am using oinkmaster to maintain my rules.  I configured the file
> with my code and path.  I then ran it with these options:
> oinkmaster.pl -o /etc/snort/rules -b /etc/snort/rules.backup -c -v
>
> I assumed with the -c, it was just going to do a dry run.  It
> downloaded rules and exited with a bunch of information but this most
> importantly:
> Oinkmaster is running in careful mode - not updating anything.
>
> I then ran it again without the -c so it will actually download and
> update my rules but I get this error now:
>
> [root@omajelsflow01 ~]# oinkmaster.pl -o /etc/snort/rules -b
> /etc/snort/rules.backup
> Loading /etc/oinkmaster.conf
> Downloading file from
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2.8.tar.gz 
> ...
> /usr/local/bin/oinkmaster.pl: Error: could not download from
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2.8.tar.gz 
> .
> Output from wget follows:
>
> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2.8.tar.gzResolving
> www.snort.org... 68.177.102.20
> Connecting to www.snort.org|68.177.102.20|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=*oinkcode*
> [following]
> --09:42:58--  http://dl.snort.org/reg-rules/snortrules-snapshot-2.8.tar.gz?oink_code=*oinkcode*
> Resolving dl.snort.org... 68.177.102.34
> Connecting to dl.snort.org|68.177.102.34|:80... connected.
> HTTP request sent, awaiting response... 403 Forbidden
> 09:42:59 ERROR 403: Forbidden.
>
> Any ideas?  Thanks!
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users