Re: Snort Wget Failure (can't resolve www.snort.org)

[Brandon Hall <bhall () firstheartland com>]

If you're having DNS issues, just add the www.snort.org IP address, which I resolve to be 68.177.102.20 in your hosts 
file.  If it still can't download then you know it's a firewall problem.

-----Original Message-----
From: Negin Nickparsa [mailto:nickparsa () gmail com] 
Sent: Thursday, October 06, 2011 1:46 PM
To: Joel Esler
Cc: Carney, Megan; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Wget Failure (can't resolve www.snort.org)

cURL is more successful than wget.

and wget -U firefox URL

is another solution that I searched it too.

i think nslookup fails in many areas(DNS problem),it is not wget problem,but i am not sure enough

copy and pasting URL on address bar of the browser will respond me successfully

I have eager to know where the problem is?
Wget?
DNS?
snort website?


On 10/6/11, Joel Esler <jesler () sourcefire com> wrote:
> For reference:
>
> We are officially recommending that people use PulledPork.  As it's A) 
> More updated with the VRT ruleset's features and B) Will take 
> advantage of future changes to the ruleset.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
>
> On Oct 6, 2011, at 12:12 PM, Carney, Megan wrote:
>
> > I haven't had this exact problem but I have had odd problems 
> > downloading the rulesets.
> >
> > I use oinkmaster to manage the rulesets and when I run the command to 
> > update the rules (/usr/sbin/oinkmaster -i -C /etc/oinkmaster.conf -C 
> > /etc/autodisable.conf -o /etc/snort/rules/ -b /etc/snort/backup/) I 
> > get this error:
> > /usr/sbin/oinkmaster: Error: incorrect URL:
> > "http://www.snort.org/sub-rules/snortrules-snapshot-2905.tar.gz/[reda
> > cted]/
> >
> > But if I visit that URL manually with wget the ruleset downloads just 
> > fine.
> >
> > Sorry I can't help with your specific problem. . .but I thought it 
> > might help if you knew you're not the only one having odd issues with 
> > downloading the rulesets.
> >
> > From: Todd Booth [mailto:todd.booth () ltu se]
> > Sent: Friday, September 23, 2011 3:53 AM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] Snort Wget Failure (can't resolve 
> > www.snort.org)
> >
> > Hello,
> >
> > I've configured snort, on my Vyatta network/security device but the 
> > initial downloading of rules fails.  I surfed the net and see other 
> > users (without Vyatta) are having the same problems.
> >
> > Here is the initial wget
> >
> > wget http://www.snort.org/pub-bin/oinkmaster.cgi/<my snort oink
> > code>/snortrules-snapshot-2905.tar.gz
> >
> > Here is the error:
> >
> > --2011-09-23 08:45:27--  
> > http://www.snort.org/pub-bin/oinkmaster.cgi/<my
> > snort oink code>/snortrules-snapshot-2905.tar.gz
> > Resolving www.snort.org... failed: Name or service not known.
> > wget: unable to resolve host address `www.snort.org'
> >
> > However if I ping www.snort.org from my Vyatta, I get the ip address 
> > resolved as 68.177.102.20
> >
> > So in my new wget, I replaced www.snort.org with 68.177.102.20, as 
> > follows
> >
> > vyatta@Vyatta1:~$ wget 
> > http://68.177.102.20/pub-bin/oinkmaster.cgi/<my
> > oink code>/snortrules-snapshot-2905.tar.gz
> > --2011-09-23 07:55:21--  
> > http://68.177.102.20/pub-bin/oinkmaster.cgi/<my
> > oink code>/snortrules-snapshot-2905.tar.gz
> > Connecting to 68.177.102.20:80... connected.
> > HTTP request sent, awaiting response... 302 Found
> > Location:
> > http://s3.amazonaws.com/snort-org/www/rules/20110823/snortrules-snaps
> > hot-2905.tar.gz?AWSAccessKeyId=<key>&Expires=1316764830&Signature=
> > JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D [following]
> > --2011-09-23 07:55:24--
> > http://s3.amazonaws.com/snort-org/www/rules/20110823/sn
> > ortrules-snapshot-2905.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Exp
> > ires=131676 4830&Signature=JUAQj%2Bn1Y65X3zmVFuq6ozSlPUo%3D
> > Resolving s3.amazonaws.com... failed: Name or service not known.
> > wget: unable to resolve host address `s3.amazonaws.com'
> >
> > So I do a wget to www.snort.org and I get referred to 
> > s3.amazonaws.com
> >
> > However s3.amazonaws.com is also not resolved.  So I try ping and get 
> > the s3.amazonaw.com ip address address and plug that in to the above 
> > 2nd wget
> >
> > wget
> > http://72.21.211.173/snort-org/www/rules/20110823/snortrules-snapshot
> > -2905.tar.gz?<key>&Expires=1316764830&Signature=JUAQj%2Bn1Y65X3zmVFuq
> > 6ozSlPUo%3D
> >
> > Then I get the following error:
> > HTTP request sent, awaiting response... 403 Forbidden
> > 2011-09-23 08:50:47 ERROR 403: Forbidden.
> >
> > Is this a problem with wget?  Or is this a problem with the 
> > configuration at www.snort.org?
> >
> > Thanks and Regards,
> > <image005.jpg><image007.png>
> >
> > <image008.jpg>  Luleå Technology University Teacher, Research 
> > Engineer and Lecturer Todd Booth
> >
> > Department: Computer Science, Electrical and Space Engineering, CSEE
> > (SKE/SRT)
> > Division:       Computer Science
> > Specialty:     Computer and System Science / Information Security
> > Courses:       A0004N Information Security and A7011N Internet Security
> >
> > Direct: +46-910-585 324
> > Mobile: +46-76-346 3459
> > Email: Todd.Booth () LTU se
> > Web: http://LTU.se
> > LinkedIn: Todd.Booth () LTU se
> >
> > ---------------------------------------------------------------------
> > --------- All the data continuously generated in your IT 
> > infrastructure contains a definitive record of customers, application 
> > performance, security threats, fraudulent activity and more. Splunk 
> > takes this data and makes sense of it. Business sense. IT sense. 
> > Common sense.
> > http://p.sf.net/sfu/splunk-d2dcopy1__________________________________
> > _____________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest 
> > Snort news!
>
>
> ----------------------------------------------------------------------
> -------- All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity and more. Splunk takes this data 
> and makes sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a definitive record of customers, application 
performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business 
sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!