Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wget to snort.org fails; 301 redirect to 127.0.0.1

From: Tony Robinson <deusexmachina667 () gmail com>
Date: Wed, 13 Aug 2014 23:01:46 -0400
I can confirm that a wget to https://snort.org hangs indefinitely:

 wget https://snort.org
--2014-08-13 22:19:36--  https://snort.org/
Resolving snort.org (snort.org)... 205.178.189.129
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:21:45--  (try: 2)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:23:54--  (try: 3)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:26:04--  (try: 4)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:28:16--  (try: 5)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:30:28--  (try: 6)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:32:41--  (try: 7)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:34:56--  (try: 8)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
Connection timed out.
Retrying.

--2014-08-13 22:37:11--  (try: 9)  https://snort.org/
Connecting to snort.org (snort.org)|205.178.189.129|:443... ^C

The hanging occurs regardless of whether or not I spoof the user-agent. I
suspect you're correct in that the initial server that does the 301
redirect has no listener on https (443/tcp). I CAN confirm that modifying
the user-agent to something even dumber than my example above (e.g. wget
--user-agent "wgetbypass" snort.org) works perfectly; follows 301,
downloads index page as needed. I could just as easily modify my code to
add a spoofed user-agent to wget, but I'd really like to hear from the
snort.org crew why this is a thing and if I'm in violation of some user
agreement/ToS if I bypass this.


On Wed, Aug 13, 2014 at 10:51 PM, Jefferson Diego Gomes Rosa <
jeffersondiego8 () gmail com> wrote:


As you can see on "Moved Permanently", http://snort.org has just a
redirect to https://www.snort.org.

https://snort.org hangs until timeout is reached because there is no
service really listening on 443 port of this address.

I don't know why just wget's user-agent is redirected to localhost , but
you can still use wget directly with https://www.snort.org:

wget -c https://www.snort.org


2014-08-13 23:02 GMT-03:00 Tony Robinson <deusexmachina667 () gmail com>:


Title says it all. Anyone notice this recently?

wget snort.org
--2014-08-13 21:42:39--  http://snort.org/
Resolving snort.org (snort.org)... 205.178.189.129
Connecting to snort.org (snort.org)|205.178.189.129|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://127.0.0.1 [following]
--2014-08-13 21:42:39--  http://127.0.0.1/
Connecting to 127.0.0.1:80...

If I fake the user-agent with ANYTHING, it's successful:

wget --user-agent "toteslegitnotafakeUA" snort.org
--2014-08-13 21:49:23--  http://snort.org/
Resolving snort.org (snort.org)... 205.178.189.129
Connecting to snort.org (snort.org)|205.178.189.129|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.snort.org [following]
--2014-08-13 21:49:23--  http://www.snort.org/
Resolving www.snort.org (www.snort.org)... 50.19.124.119,
54.225.152.149, 54.243.242.66
Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80...
connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.snort.org/ [following]
--2014-08-13 21:49:24--  https://www.snort.org/
Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443...
connected.
HTTP request sent, awaiting response... 200 OK
Length: 34907 (34K) [text/html]
Saving to: `index.html'

100%[================================================================>]
34,907      --.-K/s   in 0.02s

2014-08-13 21:49:24 (1.76 MB/s) - `index.html' saved [34907/34907]

Cursory glance I would guess .htaccess is blacklisting wget as a
user-agent.

Is there a reason for this? I use wget to pull the index page and
determine the current version of snort to download from the page. I
don't repeatedly do this, only when installing  Snort on a new
machine.

Too long;didn't read:
wget to snort.org redirects to localhost.
wget to snort.org with any other user-agent results in happy index.html
wget to https://snort.org no user-agent modification hangs until
timeout is reached.

why is this a thing?

--
when does reality end? when does fantasy begin?


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!





--


   *Best Regards,*




  Jefferson “*Diede”* Diego















-- 
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: