Snort mailing list archives

Re: Confusion around community endpoints / md5

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sat, 12 Dec 2015 02:13:25 +0000

It's on the website and has been there for months.  I apologize if I have not mentioned it on list.

--
Joel Esler
Manager, Talos Group
Sent from my iPhone

On Dec 11, 2015, at 7:16 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote:

Thanks Joel… sorry for the late response. I’ve upgraded to 2.9.7.5.

Is there any word on having an endpoint for getting the md5 for the community ruleset?

Thanks,
Aaron

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Tuesday, September 01, 2015 1:34 PM
To: Aaron Dressin
Cc: Kevin Miklavcic; snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net>
Subject: Re: [Snort-sigs] Confusion around community endpoints / md5

So for the 1st one —
We have a bug open with our team to square this away, there are a couple different factors here, and we’ll fix them 
both at the same time.  Sorry about any inconvenience.  Are you using pulledpork to download the ruleset?

2nd —
2.9.7.0 is EOL.  The newer rulesets MAY work on the older version, but it’s not supported, and you should upgrade your 
version of Snort.

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com

On Sep 1, 2015, at 4:18 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote:

Hello,

Sorry to bump this issue, however I am still unclear how to update my existing pulled pork configurations and scripts 
to get the correct ruleset. I am a registered user and my questions are:

1.       I use to be able to grab an md5 file for the exact version of the ruleset I was interested in, which allowed 
me to know if there were any updates. For the community ruleset, which I do also fetch, I no longer see an md5 file. 
Can someone point out how to check for a new community ruleset advisory using an md5 (I see the “All Md5s” link on the 
website, but this is an HTTP response… do I need to parse this response to check the md5 now?)
2.       I am on snort version 2.9.7.0, however I no longer see ruleset files for that version ( I only see 2962, 2973, 
and 2975). Can someone confirm that I should be pulling one of these for the 2970 version of snort?

Kind Regards,
Aaron

From: Kevin Miklavcic [mailto:kmiklavcic () sourcefire com]
Sent: Monday, August 03, 2015 9:39 AM
To: Aaron Dressin
Cc: snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net>
Subject: Re: [Snort-sigs] Confusion around community endpoints / md5

Hi Aaron,

I have confirmed the links you specified are obsolete and will no longer work in the not-so-distant future. Please 
reference the links on the current download page.

Thanks,
Kevin

On Sat, Aug 1, 2015 at 12:45 AM, Kevin Miklavcic <kmiklavcic () sourcefire com<mailto:kmiklavcic () sourcefire com>> 
wrote:
Hi Aaron,

The community rules link on the downloads page of snort.org<http://snort.org/> redirects to the latest copy of the 
ruleset ( https://www.snort.org/downloads/community/community-rules.tar.gz ). I'll inquire about the links you provided.

Cheers,
Kevin

On Fri, Jul 31, 2015 at 12:56 PM, Aaron Dressin <Aaron.Dressin () iboss com<mailto:Aaron.Dressin () iboss com>> wrote:
Hello,

Up until the 20th of this month, I was receiving correct updates for the community ruleset and matching md5 from 
respectively:

https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz.md5

Since the 20th, the md5 hasn’t changed and I am unclear what the correct rules and matching md5 url are.

Kind Regards,
Aaron


------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!


------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Re: Confusion around community endpoints / md5 Aaron Dressin (Dec 11)
- Re: Confusion around community endpoints / md5 Joel Esler (jesler) (Dec 11)