Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wget to snort.org fails; 301 redirect to 127.0.0.1

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 14 Aug 2014 20:36:04 +0000
Tony,

We’re looking into the issue.  We have a ticket open to see if we can resolve the issue.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos

On Aug 13, 2014, at 11:01 PM, Tony Robinson <deusexmachina667 () gmail com<mailto:deusexmachina667 () gmail com>> wrote:

I can confirm that a wget to https://snort.org<https://snort.org/> hangs indefinitely:

 wget https://snort.org<https://snort.org/>
--2014-08-13 22:19:36--  https://snort.org/
Resolving snort.org<http://snort.org/> (snort.org<http://snort.org/>)... 205.178.189.129
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:21:45--  (try: 2)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:23:54--  (try: 3)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:26:04--  (try: 4)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:28:16--  (try: 5)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:30:28--  (try: 6)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:32:41--  (try: 7)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:34:56--  (try: 8)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... failed: Connection 
timed out.
Retrying.

--2014-08-13 22:37:11--  (try: 9)  https://snort.org/
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:443... ^C

The hanging occurs regardless of whether or not I spoof the user-agent. I suspect you're correct in that the initial 
server that does the 301 redirect has no listener on https (443/tcp). I CAN confirm that modifying the user-agent to 
something even dumber than my example above (e.g. wget --user-agent "wgetbypass" snort.org<http://snort.org/>) works 
perfectly; follows 301, downloads index page as needed. I could just as easily modify my code to add a spoofed 
user-agent to wget, but I'd really like to hear from the snort.org<http://snort.org/> crew why this is a thing and if 
I'm in violation of some user agreement/ToS if I bypass this.


On Wed, Aug 13, 2014 at 10:51 PM, Jefferson Diego Gomes Rosa <jeffersondiego8 () gmail com<mailto:jeffersondiego8 () 
gmail com>> wrote:
As you can see on "Moved Permanently", http://snort.org<http://snort.org/> has just a redirect to 
https://www.snort.org<https://www.snort.org/>.

https://snort.org<https://snort.org/> hangs until timeout is reached because there is no service really listening on 
443 port of this address.

I don't know why just wget's user-agent is redirected to localhost , but you can still use wget directly with 
https://www.snort.org<https://www.snort.org/>:

wget -c https://www.snort.org<https://www.snort.org/>


2014-08-13 23:02 GMT-03:00 Tony Robinson <deusexmachina667 () gmail com<mailto:deusexmachina667 () gmail com>>:
Title says it all. Anyone notice this recently?

wget snort.org<http://snort.org/>
--2014-08-13 21:42:39--  http://snort.org/
Resolving snort.org<http://snort.org/> (snort.org<http://snort.org/>)... 205.178.189.129
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://127.0.0.1<http://127.0.0.1/> [following]
--2014-08-13 21:42:39--  http://127.0.0.1/
Connecting to 127.0.0.1:80...

If I fake the user-agent with ANYTHING, it's successful:

wget --user-agent "toteslegitnotafakeUA" snort.org<http://snort.org/>
--2014-08-13 21:49:23--  http://snort.org/
Resolving snort.org<http://snort.org/> (snort.org<http://snort.org/>)... 205.178.189.129
Connecting to snort.org<http://snort.org/> (snort.org<http://snort.org/>)|205.178.189.129|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.snort.org<http://www.snort.org/> [following]
--2014-08-13 21:49:23--  http://www.snort.org/
Resolving www.snort.org<http://www.snort.org/> (www.snort.org<http://www.snort.org/>)... 50.19.124.119,
54.225.152.149, 54.243.242.66
Connecting to www.snort.org<http://www.snort.org/> (www.snort.org<http://www.snort.org/>)|50.19.124.119|:80... 
connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.snort.org/ [following]
--2014-08-13 21:49:24--  https://www.snort.org/
Connecting to www.snort.org<http://www.snort.org/> (www.snort.org<http://www.snort.org/>)|50.19.124.119|:443... 
connected.
HTTP request sent, awaiting response... 200 OK
Length: 34907 (34K) [text/html]
Saving to: `index.html'

100%[================================================================>]
34,907      --.-K/s   in 0.02s

2014-08-13 21:49:24 (1.76 MB/s) - `index.html' saved [34907/34907]

Cursory glance I would guess .htaccess is blacklisting wget as a user-agent.

Is there a reason for this? I use wget to pull the index page and
determine the current version of snort to download from the page. I
don't repeatedly do this, only when installing  Snort on a new
machine.

Too long;didn't read:
wget to snort.org<http://snort.org/> redirects to localhost.
wget to snort.org<http://snort.org/> with any other user-agent results in happy index.html
wget to https://snort.org<https://snort.org/> no user-agent modification hangs until
timeout is reached.

why is this a thing?

--
when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!



--



Best Regards,







Jefferson “Diede” Diego


















--
when does reality end? when does fantasy begin?
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: