Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-users] Update your oinkmaster/pulled_porkconf files

From: Todd Adamson <radamson () routers com>
Date: Wed, 30 Jun 2010 10:39:21 -0500
Ok, I'm confused.

I just ran my oinkmaster update, and I get the following:

C:\Snort\oinkmaster>c:\Perl\bin\perl.exe 
c:\snort\Oinkmaster\oinkmaster.pl -C 
c:\snort\Oinkmaster\weekend-oinkmaster.conf -o c:\snort\rules

Loading C:\snort\Oinkmaster\weekend-oinkmaster.conf

Downloading file from 
http://www.snort.org/pub-bin/oinkmaster.cgi/<oink_code_removed>/snortrules-snapshot-2860.tar.gz...

c:\snort\Oinkmaster\oinkmaster.pl: Error: could not download 
from 
http://www.snort.org/pub-bin/oinkmaster.cgi/<oink_code_removed>/snortrules-snapshot-2860.tar.gz: 
403 Forbidden

I haven't tried the other format, however by your latest 
statement I shouldn't have to change???

Am I missing something?  I could just be reading over an 
error somewhere after reading it over and over...

Todd

Mike Guiterman wrote:

Hi all,

I just met with our web team.  The net is - I misread the impact of the 
changes on Oinkmaster users and gave you all bad guidance.

The download URL in the Oikmaster conf. file should be:

*For snort 2.8.6.0 <http://2.8.6.0>:*

      url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2860.tar.gz

*For snort 2.8.5.3 <http://2.8.5.3>:*

      url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2853.tar.gz

The new links I gave yesterday are for those using their oinkcode to download rules without logging in or using 
oinkmaster.

My apologies for the issues this might have caused.  

Mike

On Wed, Jun 30, 2010 at 11:16 AM, Joel Esler <jesler () sourcefire com 
<mailto:jesler () sourcefire com>> wrote:

    Just to let you guys know, we are working on this.  The main reason
    we are doing this is to lift the 15 minute restriction, lighten the
    load on the webpage, etc. 

    Sent from my iPhone

    On Jun 30, 2010, at 11:03 AM, Fred Austin
    <fred.austin () n-dimension com <mailto:fred.austin () n-dimension com>>
    wrote:


    Even using the "--no-check-certificate" for wget, the download is
    failing. I thought the correct URL to use is now:
    
<http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/>http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/<oinkcode>

    based on the VRT blog from Monday.

    Fred Austin

    On Wed, Jun 30, 2010 at 8:05 AM, Weir, Jason <
    <mailto:jason.weir () nhrs org>jason.weir () nhrs org
    <mailto:jason.weir () nhrs org>> wrote:

        Joel,

        Still getting the below error, could this be a wget problem
        not handling
        the ssl connection correctly?  Anyone know how to use the
        `--no-check-certificate' option with oinkmaster?

        ------------------------------------------------------------------------
        --------------------------------------

        Downloading file from
        
<http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz.>http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
        ot-2853.tar.gz...

        /usr/local/bin/oinkmaster.pl <http://oinkmaster.pl>: Error:
        could not download from
        
<http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
        ot-2853.tar.gz.

        Output from wget follows:

        
<http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
        ot-2853.tar.gz

        Resolving www.snort.org <http://www.snort.org>... 68.177.102.20

        Connecting to <http://www.snort.org>www.snort.org
        <http://www.snort.org>|68.177.102.20|:80... connected.

        HTTP request sent, awaiting response... 302 Found

        Location:
        
<https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28>https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
        53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
        re=px1MZAMmLNzKWMw93CljxWGLJco%3D

        [following] --2010-06-30 07:01:08--
        
<https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28>https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
        53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
        re=px1MZAMmLNzKWMw93CljxWGLJco%3D

        Resolving s3.amazonaws.com <http://s3.amazonaws.com>...
        72.21.202.164

        Connecting to <http://s3.amazonaws.com>s3.amazonaws.com
        <http://s3.amazonaws.com>|72.21.202.164|:443... connected.

        ERROR: cannot verify <http://s3.amazonaws.com>s3.amazonaws.com
        <http://s3.amazonaws.com>'s certificate, issued by
        `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of
        use at
        <https://www.verisign.com/rpa>https://www.verisign.com/rpa
        (c)09/CN=VeriSign Class 3 Secure Server CA
        - G2':

        Unable to locally verify the issuer's authority.

        To connect to <http://s3.amazonaws.com>s3.amazonaws.com
        <http://s3.amazonaws.com> insecurely, use
        `--no-check-certificate'.
        Unable to establish SSL connection.

        ------------------------------------------------------------------------
        --------------------------------------

        -Jason

        -----Original Message-----
        From: Joel Esler [mailto:
        <mailto:jesler () sourcefire com>jesler () sourcefire com
        <mailto:jesler () sourcefire com>]
        Sent: Tuesday, June 29, 2010 3:03 PM
        To: Weir, Jason
        Cc: infosec posts;
        <mailto:snort-sigs () lists sourceforge net>snort-sigs () lists sourceforge net
        <mailto:snort-sigs () lists sourceforge net>; Snort Users List
        Subject: Re: [Snort-sigs] [Snort-users] Update your
        oinkmaster/pulled_porkconf files


        On Jun 29, 2010, at 10:41 AM, Weir, Jason wrote:
        > Me too - common guys this isn't that complicated
        >
        > Oinkmaster output below

        Okay, I know our web team made some changes after these series of
        emails.  If you are still having problems, please let us know.

        Joel


        _____________________________________________________________________________________________

        Please visit <http://www.nhrs.org>www.nhrs.org
        <http://www.nhrs.org> to subscribe to NHRS email announcements
        and updates.
        ------------------------------------------------------------------------------
        This SF.net <http://SF.net> email is sponsored by Sprint
        What will you do first with EVO, the first 4G phone?
        Visit <http://sprint.com/first>sprint.com/first
        <http://sprint.com/first> --
        <http://p.sf.net/sfu/sprint-com-first>http://p.sf.net/sfu/sprint-com-first
        _______________________________________________
        Snort-sigs mailing list
        <mailto:Snort-sigs () lists sourceforge net>Snort-sigs () lists sourceforge net
        <mailto:Snort-sigs () lists sourceforge net>
        
<https://lists.sourceforge.net/lists/listinfo/snort-sigs>https://lists.sourceforge.net/lists/listinfo/snort-sigs




    -- 
    This email and any files transmitted with it are solely intended
    for the use of the named recipient(s) and may contain information
    that is privileged and confidential. If you receive this email in
    error, please immediately notify the sender and delete this
    message in all its forms.  E-mail transmission cannot be
    guaranteed to be secure or error-free as information could be
    intercepted, corrupted, lost, destroyed, arrive late or
    incomplete, or contain viruses.  Therefore N-Dimension Solutions
    Inc. does not accept liability for any errors or omission in the
    contents of the message which arise as a result of e-mail
    transmission.


    ------------------------------------------------------------------------------
    This SF.net email is sponsored by Sprint
    What will you do first with EVO, the first 4G phone?
    Visit sprint.com/first <http://sprint.com/first> --
    http://p.sf.net/sfu/sprint-com-first
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    <mailto:Snort-users () lists sourceforge net>
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users






------------------------------------------------------------------------

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first


------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: