Snort mailing list archives
oinkcode not working for VRT rules
From: Eric Warren via Snort-users <snort-users () lists snort org>
Date: Tue, 25 Jul 2017 15:45:18 +0000 (UTC)
Hi all, I hope my request will benefit many of us because the problem I am encountering seems to be common. And there also doesn't seem to be a be a conclusive answer at any official and unoffical forums/sites. I have been running Snort on Pfsense for five years with no problem whatsoever. A few weeks ago I upgraded to Pfsense 2.3.4 and Snort Version 2.9.9.0 GRE (Build 56). The other four rule sets that don't require an oinkcode download just fine. But, for the last two weeks the VRT rules fail to load. The logs from Snort read like this: There is a new set of Snort VRT rules posted. Downloading file 'snortrules-snapshot-2990.tar.gz'... Snort VRT rules file download failed. Server returned error 403. The error text was: 403 Forbidden The logs from Pfsense read like this: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2990.tar.gz... [Snort] Rules download error: OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 60 snort_check_for_rule_updates.php: [Snort] Will retry in 15 seconds... snort_check_for_rule_updates.php: File 'snortrules-snapshot-2990.tar.gz' download attempts: 2 ... snort_check_for_rule_updates.php: [Snort] Snort VRT rules file download failed... server returned error '403'... I have been troubleshooting for two weeks and have investigated and factored out the following suspected problems and/or issues as possible sources of trouble: 1) A member of the snort.org team assures me that my IP address is not being blocked/rejected/dropped 2) DNS is working just fine, I tried all different combinations of DNS settings on host Pfsense machine including dropping the loopback 127.0.0.1 address as suggested by one forum with the same failure result 3) no TCP ports are being blocked 4) my demarc (cable modem in this case) is set to pass all traffic 5) /tmp file on host Pfsense machine is not too small and was increased as suggested by Pfsense official forum 6) oinkcode was regenerated and copied carefully to no avail; even entered manually one time on the chance there is a formatting problem 7) no changes to the default settings of host Pfsense machine or Snort, no custom rules were made in either 8) I have tried regular and "forced" updates and at all different hours of the day and night as suggested by unofficial and official Pfsense forums 9) have logged into the host Pfsense machine from various remote machines with various operating systems and getting the same result By the way, I have discovered that the www is a mine field of malware and garbage websites promising "fixes" for those of us having this same problem. Search: "oinkcode not working for VRT rules" and you will see. Any help out there? I do not want to be a permanent resident in the Land of the Lost! Thanks. -eaw _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- oinkcode not working for VRT rules Eric Warren via Snort-users (Jul 25)
- Re: oinkcode not working for VRT rules wkitty42 (Jul 25)