Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files

[Mike Guiterman <mguiterman () sourcefire com>]

Hi all,

I just met with our web team.  The net is - I misread the impact of the
changes on Oinkmaster users and gave you all bad guidance.

The download URL in the Oikmaster conf. file should be:

*For snort 2.8.6.0:*

      url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2860.tar.gz

 *For snort 2.8.5.3:*

      url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2853.tar.gz

The new links I gave yesterday are for those using their oinkcode to
download rules without logging in or using oinkmaster.

My apologies for the issues this might have caused.

Mike



On Wed, Jun 30, 2010 at 11:16 AM, Joel Esler <jesler () sourcefire com> wrote:

> Just to let you guys know, we are working on this.  The main reason we are
> doing this is to lift the 15 minute restriction, lighten the load on the
> webpage, etc.
>
>
>
>
> Sent from my iPhone
>
> On Jun 30, 2010, at 11:03 AM, Fred Austin <fred.austin () n-dimension com>
> wrote:
>
> Even using the "--no-check-certificate" for wget, the download is failing.
> I thought the correct URL to use is now:
>
> <http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/>
> http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/<oinkcode>
>
> based on the VRT blog from Monday.
>
> Fred Austin
>
>
>
> On Wed, Jun 30, 2010 at 8:05 AM, Weir, Jason < <jason.weir () nhrs org>
> jason.weir () nhrs org> wrote:
>
> > Joel,
> >
> > Still getting the below error, could this be a wget problem not handling
> > the ssl connection correctly?  Anyone know how to use the
> > `--no-check-certificate' option with oinkmaster?
> >
> > ------------------------------------------------------------------------
> > --------------------------------------
> >
> > Downloading file from
> > <http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz.>
> > http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
> > ot-2853.tar.gz...
> >
> > /usr/local/bin/oinkmaster.pl: Error: could not download from
> > <http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>
> > http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
> > ot-2853.tar.gz.
> >
> > Output from wget follows:
> >
> > <http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>
> > http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
> > ot-2853.tar.gz
> >
> > Resolving www.snort.org... 68.177.102.20
> >
> > Connecting to <http://www.snort.org>www.snort.org|68.177.102.20|:80...
> > connected.
> >
> > HTTP request sent, awaiting response... 302 Found
> >
> > Location:
> > <https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28>
> > https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
> > 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
> > re=px1MZAMmLNzKWMw93CljxWGLJco%3D
> >
> > [following] --2010-06-30 07:01:08--
> > <https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28>
> > https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
> > 53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
> > re=px1MZAMmLNzKWMw93CljxWGLJco%3D
> >
> > Resolving s3.amazonaws.com... 72.21.202.164
> >
> > Connecting to <http://s3.amazonaws.com>s3.amazonaws.com|72.21.202.164|:443...
> > connected.
> >
> > ERROR: cannot verify <http://s3.amazonaws.com>s3.amazonaws.com's
> > certificate, issued by
> > `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
> >  <https://www.verisign.com/rpa>https://www.verisign.com/rpa(c)09/CN=VeriSign Class 3 Secure Server CA
> > - G2':
> >
> > Unable to locally verify the issuer's authority.
> >
> > To connect to <http://s3.amazonaws.com>s3.amazonaws.com insecurely, use
> > `--no-check-certificate'.
> > Unable to establish SSL connection.
> >
> > ------------------------------------------------------------------------
> > --------------------------------------
> >
> > -Jason
> >
> > -----Original Message-----
> > From: Joel Esler [mailto: <jesler () sourcefire com>jesler () sourcefire com]
> > Sent: Tuesday, June 29, 2010 3:03 PM
> > To: Weir, Jason
> > Cc: infosec posts; <snort-sigs () lists sourceforge net>
> > snort-sigs () lists sourceforge net; Snort Users List
> > Subject: Re: [Snort-sigs] [Snort-users] Update your
> > oinkmaster/pulled_porkconf files
> >
> >
> > On Jun 29, 2010, at 10:41 AM, Weir, Jason wrote:
> > > Me too - common guys this isn't that complicated
> > >
> > > Oinkmaster output below
> >
> > Okay, I know our web team made some changes after these series of
> > emails.  If you are still having problems, please let us know.
> >
> > Joel
> >
> >
> >
> > _____________________________________________________________________________________________
> >
> > Please visit <http://www.nhrs.org>www.nhrs.org to subscribe to NHRS email
> > announcements and updates.
> >
> > ------------------------------------------------------------------------------
> > This SF.net email is sponsored by Sprint
> > What will you do first with EVO, the first 4G phone?
> > Visit <http://sprint.com/first>sprint.com/first --
> > <http://p.sf.net/sfu/sprint-com-first>
> > http://p.sf.net/sfu/sprint-com-first
> > _______________________________________________
> > Snort-sigs mailing list
> >  <Snort-sigs () lists sourceforge net>Snort-sigs () lists sourceforge net
> >  <https://lists.sourceforge.net/lists/listinfo/snort-sigs>
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>
> --
> This email and any files transmitted with it are solely intended for the
> use of the named recipient(s) and may contain information that is privileged
> and confidential. If you receive this email in error, please immediately
> notify the sender and delete this message in all its forms.  E-mail
> transmission cannot be guaranteed to be secure or error-free as information
> could be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
> or contain viruses.  Therefore N-Dimension Solutions Inc. does not accept
> liability for any errors or omission in the contents of the message which
> arise as a result of e-mail transmission.
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users