Snort mailing list archives
Re: Subscriber signatures fail to update
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Mon, 19 Oct 2020 12:35:48 +0000
I don’t see any attempts from that IP to hit Snort.org in the past 72 hours. So it looks like you are being blocked well before hitting our web server. Do you a proxy in the way?
On Oct 19, 2020, at 3:19 AM, VJM via Snort-sigs <snort-sigs () lists snort org> wrote: Thanks for your reply. My pfSense router gets a dynamic IPv4 address from the ISP. The current IP address is 103.208.71.114. A recent update failed today at 12:10 pm or 6:40 am GMT (my local time zone is GMT +5:30). This is the current log entry from the update attempt: Starting rules update... Time: 2020-10-19 12:10:31 Downloading Snort Subscriber rules md5 file snortrules-snapshot-29161.tar.gz.md5... Snort Subscriber rules md5 download failed. Server returned error code 0. Server error message was: Snort Subscriber rules will not be updated. Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5... Snort OpenAppID detectors md5 download failed. Server returned error code 0. Server error message was: Snort OpenAppID detectors will not be updated. Downloading Snort AppID Open Text Rules md5 file appid_rules.tar.gz.md5... Snort AppID Open Text Rules md5 download failed. Server returned error code 0. Server error message was: Snort AppID Open Text Rules will not be updated. Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5... Emerging Threats Open rules md5 download failed. Server returned error code 0. Server error message was: Emerging Threats Open rules will not be updated. The Rules update has finished. Time: 2020-10-19 12:14:32 Best regards, Viv From: Snort-sigs <snort-sigs-bounces () lists snort org> On Behalf Of Joel Esler (jesler) via Snort-sigs Sent: 19 October 2020 02:22 To: VJM <vivekjm () gmail com> Cc: snort-sigs () lists snort org Subject: Re: [Snort-sigs] Subscriber signatures fail to update Cans you give me the IP I should see at the server? Sent from my iPhoneOn Oct 17, 2020, at 09:29, VJM via Snort-sigs <snort-sigs () lists snort org <mailto:snort-sigs () lists snort org>> wrote: Hello, I use Snort on pfSense 2.4.5 and noticed the Snort subscriber updates fail to install. Snort has been set to update every 12 hours at 10 minutes past the hour. Is there a geo-block on the update server? My ISP is Tata-Sky based out of Mumbai, India. The log entries show “Server returned error code 0”: Starting rules update... Time: 2020-10-16 12:10:04 Downloading Snort Subscriber rules md5 file snortrules-snapshot-29161.tar.gz.md5... Snort Subscriber rules md5 download failed. Server returned error code 0. Server error message was: Snort Subscriber rules will not be updated. Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5... Snort OpenAppID detectors md5 download failed. Server returned error code 0. Server error message was: Snort OpenAppID detectors will not be updated. Downloading Snort AppID Open Text Rules md5 file appid_rules.tar.gz.md5... Snort AppID Open Text Rules md5 download failed. Server returned error code 0. Server error message was: Snort AppID Open Text Rules will not be updated. Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5... Emerging Threats Open rules md5 download failed. Server returned error code 0. Server error message was: Emerging Threats Open rules will not be updated. The Rules update has finished. Time: 2020-10-16 12:14:05 Any help will be appreciated. Best regards, Viv _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs <https://lists.snort.org/mailman/listinfo/snort-sigs> Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette> Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging <https://snort.org/downloads/#rule-downloads">emerging> threats</a>!_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Attachment:
smime.p7s
Description:
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Subscriber signatures fail to update VJM via Snort-sigs (Oct 17)
- Re: Subscriber signatures fail to update wkitty42--- via Snort-sigs (Oct 17)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 18)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 19)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 19)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 20)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 20)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 21)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 21)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 19)
- Re: Subscriber signatures fail to update bs0838982 via Snort-sigs (Oct 20)
- <Possible follow-ups>
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 18)