Snort mailing list archives
Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files
From: infosec posts <infosec.posts () gmail com>
Date: Tue, 29 Jun 2010 09:11:38 -0500
I was using this URL in my update scripts: wget http://www.snort.org/pub-bin/oinkmaster.cgi/$oink_code/snortrules-snapshot-2853_s.tar.gz Now I'm getting this: http://www.snort.org/pub-bin/oinkmaster.cgi/$oink_code/snortrules-snapshot-2853_s.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2010-06-29 08:46:33 ERROR 403: Forbidden. Did the URL above get broken, too? Since that didn't work I tried: wget http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/$oink_code but that redirected to an SSL connection with Amazon, which isn't open on my firewall from the machine in question. So, I went to another machine and tried wget http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/$oink_code wget http://www.snort.org/reg-rules/snortrules-snapshot-2853_s.tar.gz/$oink_code Both of which are giving me 403: Forbidden. Are the 2.8.5.3 URLs no longer supported? Is the "15-minute rule" being imposed by oink code now instead of connecting IP? Is the '_s' filename still in use to distinguish subscriber packs from non-subscribers? (Note: Obviously, my actual oinkmaster code has been sanitized to '$oink_code' in everything above.) On Mon, Jun 28, 2010 at 3:31 PM, Mike Guiterman <mguiterman () sourcefire com> wrote:
Hi everyone, This afternoon's upgrade of Snort.org is complete. One of the issues addressed was improving the reliability of the VRT rules download process. Over the past few months we've seen an increase in reports about failed downloads. Today's upgrade should resolve the problem. This change does affect users who have automated their rules update process. The download URL used oinkmaster and pulled_pork conf files has changed. The new URL has been updated on the "oinkcodes" page on Snort.org. An example of the change is below: Old download URL http://dl.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz?oink_code=<OINKCODE> Is now. http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/<OINKCODE> To continue receiving automated rules updates please update your conf. file with the new URL. Our apologies for the inconvenience. Regards, Mike -- Mike Guiterman Snort Community Manager Sourcefire, Inc. mguiterman () sourcefire com 410.423.1930 (office) 703.400.4091 (mobile) ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Update your oinkmaster/pulled_pork conf files Mike Guiterman (Jun 28)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files infosec posts (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Fred Austin (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Mike Guiterman (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Todd Adamson (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files Joel Esler (Jun 29)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_pork conf files infosec posts (Jun 29)