Snort mailing list archives
Re: PulledPork 0.7.2 errors with ETPro rules
From: Andre DiMino <adimino () sempersecurus org>
Date: Mon, 23 Nov 2015 10:49:31 -0500
Yes, I've tried it with both, none, and either one enabled. It only fails if the ETPro fetch is enabled, even on its own. Thanks Will On Mon, Nov 23, 2015 at 10:26 AM, Will Metcalf <william.metcalf () gmail com> wrote:
Does it still bomb out if you just enable Pro rules? looks like maybe you have open and pro in the same config, think this will cause you to have dupe sigs etc... Regards, Will On Sun, Nov 22, 2015 at 2:42 PM, Andre DiMino <adimino () sempersecurus org> wrote:Yes, I experience the same results even with the "-d" switch. On Sun, Nov 22, 2015 at 11:49 AM, Y M <snort () outlook com> wrote:If using PulledPork with the "-d" (do not verify md5) flag, does it continue? Keep in mind that this will download the rules even if the md5 matched on previous runs. Was there any changes on the etpro urls/ file names recently? YM ------------------------------ *From:* Andre DiMino <adimino () sempersecurus org> *Sent:* Sunday, November 22, 2015 2:22 AM *To:* snort-users mailinglist *Subject:* [Snort-users] PulledPork 0.7.2 errors with ETPro rules I've recently noted PulledPork errors when it attempts to download ETPro rulesets. I've been speaking to the developer, and have posted an issue on PulledPork's Github. However I wanted to put this out there in case anyone else is experiencing similar issues. Running PulledPork with ETPro enabled causes the following: ++++++++++++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2975.tar.gz.... They Match Done! Rules tarball download of community-rules.tar.gz.... Checking latest MD5 for opensource.gz.... They Match Done! Checking latest MD5 for emerging.rules.tar.gz.... No Match Done Rules tarball download of emerging.rules.tar.gz.... They Match Done! Checking latest MD5 for etpro.rules.tar.gz.... Use of uninitialized value $md5 in scalar chomp at /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl line 522. Use of uninitialized value $md5 in pattern match (m//) at /home/snortscan/snort_src/pulledpork-read-only/pulledpork.pl line 524. No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done Rules tarball download of etpro.rules.tar.gz.... No Match Done ++++++++++++++++++++ This just loops until it crashes. If I comment out the ETPro ruleset download. everything completes successfully. -- Andre' M. DiMino DeepEnd Research http://www.deependresearch.org <http://deependresearch.org> http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV)-- Andre' M. DiMino DeepEnd Research http://www.deependresearch.org <http://deependresearch.org> http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV) ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Andre' M. DiMino DeepEnd Research http://www.deependresearch.org <http://deependresearch.org> http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork 0.7.2 errors with ETPro rules Andre DiMino (Nov 21)
- Re: PulledPork 0.7.2 errors with ETPro rules Y M (Nov 22)
- Re: PulledPork 0.7.2 errors with ETPro rules Shirkdog (Nov 22)
- Re: PulledPork 0.7.2 errors with ETPro rules Andre DiMino (Nov 22)
- Re: PulledPork 0.7.2 errors with ETPro rules Will Metcalf (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Andre DiMino (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Will Metcalf (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Shirkdog (Nov 23)
- Re: PulledPork 0.7.2 errors with ETPro rules Y M (Nov 22)