Snort mailing list archives

md5 on snort rules not matching (oinkmaster)

From: Lesley Leposo <leposo () unoasystems com>
Date: Mon, 19 Sep 2016 16:25:50 +0300


Hello,

kindly let me know what’s going on.
I’ve downloaded the following urls and the md5s are consistently not matching.
Also it would seem that the snapshots are all pointing to the same file

Any pointers?

Here are the oinkmaster urls
url = https://snort.org/downloads/registered/snortrules-snapshot-2976.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2976.tar.gz>
url = https://snort.org/downloads/registered/snortrules-snapshot-2982.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2982.tar.gz>
url = https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz>
url = https://snort.org/downloads/community/community-rules.tar.gz 
<https://snort.org/downloads/community/community-rules.tar.gz>

Here is the oinkmaster output depicting the error

$ oinkmaster.pl  -o /usr/local/etc/snort/rules/ -c -v -C /usr/local/etc/oinkmaster.conf
Loading /usr/local/etc/oinkmaster.conf
Adding file to ignore list: local.rules.
Adding file to ignore list: deleted.rules.
Adding file to ignore list: snort.conf.
Found gzip binary in /usr/bin
Found tar binary in /usr/bin
Downloading file from https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz>... 
--2016-09-19 14:18:14--  https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz>
Resolving snort.org <http://snort.org/> (snort.org <http://snort.org/>)... 104.16.66.75, 104.16.63.75, 104.16.62.75, ...
Connecting to snort.org <http://snort.org/> (snort.org <http://snort.org/>)|104.16.66.75|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://snort.org/ <https://snort.org/> [following]
--2016-09-19 14:18:15--  https://snort.org/ <https://snort.org/>
Reusing existing connection to snort.org <http://snort.org/>:443.
HTTP request sent, awaiting response... 200 OK
Length: 43611 (43K) [text/html]
Saving to: '/var/folders/6y/kwwww__d14q6w0h8th05vhrw0000gp/T/oinkmaster._sKOOq69Mu/url.DzhKeDdaib/snortrules.tar.gz'

/var/folders/6y/kwwww__d14q6w0h8th05vhrw000 
100%[========================================================================================>]  42.59K  77.6KB/s    in 
0.5s    

2016-09-19 14:18:16 (77.6 KB/s) - 
'/var/folders/6y/kwwww__d14q6w0h8th05vhrw0000gp/T/oinkmaster._sKOOq69Mu/url.DzhKeDdaib/snortrules.tar.gz' saved 
[43611/43611]

gzip: /var/folders/6y/kwwww__d14q6w0h8th05vhrw0000gp/T/oinkmaster._sKOOq69Mu/url.DzhKeDdaib/snortrules.tar.gz: not in 
gzip format

/opt/local/bin/oinkmaster.pl: Error: https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz: 
<https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz:> integrity check on gzip file failed (file 
transfer failed or file in URL not in gzip format?).

Oink, oink. Exiting...


here are the isolated downloads and md5s
$ curl https://snort.org/downloads/registered/snortrules-snapshot-2976.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2976.tar.gz> -o /tmp/snortrules-snapshot-2976.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    84    0    84    0     0     55      0 --:--:--  0:00:01 --:--:--    55
p

$ curl https://snort.org/downloads/registered/snortrules-snapshot-2982.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2982.tar.gz> -o /tmp/snortrules-snapshot-2982.tar.gz 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    84    0    84    0     0     56      0 --:--:--  0:00:01 --:--:--    56
$ curl https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz 
<https://snort.org/downloads/registered/snortrules-snapshot-2983.tar.gz> -o /tmp/snortrules-snapshot-2983.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    84    0    84    0     0     51      0 --:--:--  0:00:01 --:--:--    51
$ curl https://snort.org/downloads/community/community-rules.tar.gz 
<https://snort.org/downloads/community/community-rules.tar.gz> -o /tmp/community-rules.tar.gz 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   286    0   286    0     0    143      0 --:--:--  0:00:01 --:--:--   143

$ md5 /tmp/snortrules-snapshot-2976.tar.gz 
MD5 (/tmp/snortrules-snapshot-2976.tar.gz) = fece3271d650c597ffb3b8369cb893ed
$ md5 /tmp/snortrules-snapshot-2982.tar.gz 
MD5 (/tmp/snortrules-snapshot-2982.tar.gz) = fece3271d650c597ffb3b8369cb893ed
$ md5 /tmp/snortrules-snapshot-2983.tar.gz
MD5 (/tmp/snortrules-snapshot-2983.tar.gz) = fece3271d650c597ffb3b8369cb893ed
$ md5 /tmp/community-rules.tar.gz 
MD5 (/tmp/community-rules.tar.gz) = 821af6faea07c9b0f40f72dfb661f990

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

md5 on snort rules not matching (oinkmaster) Lesley Leposo (Sep 19)
- Re: md5 on snort rules not matching (oinkmaster) Joel Esler (jesler) (Sep 19)
  - Message not available
    - Re: md5 on snort rules not matching (oinkmaster) Joel Esler (jesler) (Sep 19)