Re: Snort Wget Failure (can't resolve www.snort.org)

[Joel Esler <jesler () sourcefire com>]

Definitely a DNS problem of some kind.  I can get to the rules fine using the same method from three different networks.

Joel

On Sep 23, 2011, at 4:53 AM, Todd Booth wrote:

> Hello,
>  
> I’ve configured snort, on my Vyatta network/security device but the initial downloading of rules fails.  I surfed the 
> net and see other users (without Vyatta) are having the same problems.
>  
> Here is the initial wget
>  
> wget http://www.snort.org/pub-bin/oinkmaster.cgi/<my snort oink code>/snortrules-snapshot-2905.tar.gz
>  
> Here is the error:
>  
> --2011-09-23 08:45:27--  http://www.snort.org/pub-bin/oinkmaster.cgi/<my snort oink 
> code>/snortrules-snapshot-2905.tar.gz
> Resolving www.snort.org... failed: Name or service not known.
> wget: unable to resolve host address `www.snort.org'
>  
> However if I ping www.snort.org from my Vyatta, I get the ip address resolved as 68.177.102.20
>  
> So in my new wget, I replaced www.snort.org with 68.177.102.20, as follows
>  
> vyatta@Vyatta1:~$ wget http://68.177.102.20/pub-bin/oinkmaster.cgi/<my oink code>/snortrules-snapshot-2905.tar.gz
> --2011-09-23 07:55:21--  http://68.177.102.20/pub-bin/oinkmaster.cgi/<my oink code>/snortrules-snapshot-2905.tar.gz
> Connecting to 68.177.102.20:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: 
> http://s3.amazonaws.com/snort-org/www/rules/20110823/snortrules-snapshot-2905.tar.gz?AWSAccessKeyId=<key>&Expires=1316764830&Signature=
> JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D [following]
> --2011-09-23 07:55:24--  http://s3.amazonaws.com/snort-org/www/rules/20110823/sn
> ortrules-snapshot-2905.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=131676
> 4830&Signature=JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D
> Resolving s3.amazonaws.com... failed: Name or service not known.
> wget: unable to resolve host address `s3.amazonaws.com'
>  
> So I do a wget to www.snort.org and I get referred to s3.amazonaws.com
>  
> However s3.amazonaws.com is also not resolved.  So I try ping and get the s3.amazonaw.com ip address address and plug 
> that in to the above 2ndwget
>  
> wget 
> http://72.21.211.173/snort-org/www/rules/20110823/snortrules-snapshot-2905.tar.gz?<key>&Expires=1316764830&Signature=JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D
>  
> Then I get the following error:
> HTTP request sent, awaiting response... 403 Forbidden
> 2011-09-23 08:50:47 ERROR 403: Forbidden.
>  
> Is this a problem with wget?  Or is this a problem with the configuration at www.snort.org?
>  
> Thanks and Regards,
> <image002.jpg><image003.png>
>  
> <image006.jpg>  Luleå Technology University
> Teacher, Research Engineer and Lecturer Todd Booth
>  
> Department: Computer Science, Electrical and Space Engineering, CSEE (SKE/SRT)
> Division:       Computer Science
> Specialty:     Computer and System Science / Information Security
> Courses:       A0004N Information Security and A7011N Internet Security
>  
> Direct: +46-910-585 324
> Mobile: +46-76-346 3459
> Email: Todd.Booth () LTU se
> Web: http://LTU.se
> LinkedIn: Todd.Booth () LTU se
>  
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!