Snort mailing list archives
Re: [Snort-users] Update your oinkmaster/pulled_porkconf files
From: Fred Austin <fred.austin () n-dimension com>
Date: Wed, 30 Jun 2010 13:02:09 -0400
That was a typo in the email. But according to Mike Guiterman's email the URL should be the old URL with the new file name: http://ww.snort.org/pub-bin/oinkmaster.cgi/ <oinkcode> /snortrules-snapshot-2853.tar.gz I have tried that, including specifying --no-check-certificate for wget, but I am still getting a 403 Forbidden error. Will keep testing. Fred Austin On Wed, Jun 30, 2010 at 12:45 PM, infosec posts <infosec.posts () gmail com>wrote:
Fred, Not sure if the typo is just in this email or if it's also in your config, but the filename you show is "tag.gz" not "tar.gz" FWIW, I was able to wget http://www.snort.org/reg-rules/snortrules-snapshot-2853_s.tar.gz/ <oinkcode> this morning, but I had to add a -O to specify the output filename so my script wouldn't break. On Wed, Jun 30, 2010 at 10:03 AM, Fred Austin <fred.austin () n-dimension com> wrote:Even using the "--no-check-certificate" for wget, the download isfailing. Ithought the correct URL to use is now: http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/<oinkcode>based on the VRT blog from Monday. Fred Austin On Wed, Jun 30, 2010 at 8:05 AM, Weir, Jason <jason.weir () nhrs org>wrote:Joel, Still getting the below error, could this be a wget problem not handling the ssl connection correctly? Anyone know how to use the `--no-check-certificate' option with oinkmaster? ------------------------------------------------------------------------ -------------------------------------- Downloading file fromhttp://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz... /usr/local/bin/oinkmaster.pl: Error: could not download fromhttp://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz. Output from wget follows:http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2853.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 302 Found Location:https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-2853.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu re=px1MZAMmLNzKWMw93CljxWGLJco%3D [following] --2010-06-30 07:01:08--https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-2853.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu re=px1MZAMmLNzKWMw93CljxWGLJco%3D Resolving s3.amazonaws.com... 72.21.202.164 Connecting to s3.amazonaws.com|72.21.202.164|:443... connected. ERROR: cannot verify s3.amazonaws.com's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2': Unable to locally verify the issuer's authority. To connect to s3.amazonaws.com insecurely, use`--no-check-certificate'.Unable to establish SSL connection. ------------------------------------------------------------------------ -------------------------------------- -Jason -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, June 29, 2010 3:03 PM To: Weir, Jason Cc: infosec posts; snort-sigs () lists sourceforge net; Snort Users List Subject: Re: [Snort-sigs] [Snort-users] Update your oinkmaster/pulled_porkconf files On Jun 29, 2010, at 10:41 AM, Weir, Jason wrote:Me too - common guys this isn't that complicated Oinkmaster output belowOkay, I know our web team made some changes after these series of emails. If you are still having problems, please let us know. Joel_____________________________________________________________________________________________Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.------------------------------------------------------------------------------This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs-- This email and any files transmitted with it are solely intended for theuseof the named recipient(s) and may contain information that is privilegedandconfidential. If you receive this email in error, please immediatelynotifythe sender and delete this message in all its forms. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore N-Dimension Solutions Inc. does not accept liability for any errors or omission in the contents of the message which arise as a result of e-mail transmission.------------------------------------------------------------------------------This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
-- This email and any files transmitted with it are solely intended for the use of the named recipient(s) and may contain information that is privileged and confidential. If you receive this email in error, please immediately notify the sender and delete this message in all its forms. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore N-Dimension Solutions Inc. does not accept liability for any errors or omission in the contents of the message which arise as a result of e-mail transmission.
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files, (continued)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 29)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Fred Austin (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Mike Guiterman (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Todd Adamson (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: Update your oinkmaster/pulled_porkconf files Weir, Jason (Jun 30)
- Re: Update your oinkmaster/pulled_porkconf files Joel Esler (Jun 30)
- Re: [Snort-sigs] Update your oinkmaster/pulled_porkconf files infosec posts (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files Fred Austin (Jun 30)
- Re: [Snort-users] Update your oinkmaster/pulled_porkconf files dokas (Jun 30)