[Snort-sigs] still having download problems

JJC cummingsj at ...2420...
Thu Jul 1 10:50:31 EDT 2010


Do you know what version of LWP::SImple you are using?

On Thu, Jul 1, 2010 at 8:32 AM, John York <YorkJ at ...855...> wrote:

> I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box.  I also tried to
> update the CA certs with apt-get, but they are already up to date.  When I
> do a packet trace, I see the box go to Snort and ask for the rules.  Snort
> replies that the rules have moved to s3.amazonaws.com.  At that point, my
> box just gives up--I don't see any traffic where it even tries to connect
> with amazon.  Any ideas?  I tried manually changing pp so it asked for
> sub-rules instead of reg-rules, but both do the same thing.  The pp debug
> output and https conversation are below, mangled to protect the oinkcode.
>
> Thanks
> John
>
> PP debug
>
> me at ...3503...:~$ sudo apt-get install ca-certificates
> [sudo] password for me:
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> ca-certificates is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
>
> me at ...3503...:~$ sudo ./ppgo
>
>  http://code.google.com/p/pulledpork/
>      _____ ____
>     `----,\    )
>      `--==\\  /    Pulled_Pork v0.4.2
>       `--==\\/
>     .-~~~~-.Y|\\_  Copyright (C) 2009-2010 JJ Cummings
>  @_/        /  66\_  cummingsj at ...2420...
>    |    \   \   _(")
>     \   /-| ||'--'  Rules give me wings!
>      \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Command Line Variable Debug:
>        Config Path is:
> /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
>        Path to disablesid file:
> /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf
>        Verbose Flag is Set
>        Extra Verbose Flag is Set
> Config File Variable Debug
> /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
>        snort_path = /usr/local/bin/snort
>        pid_path = /var/run/snortd.pid
>        rule_path = /usr/local/etc/snort/rules/snort.rules
>        ignore = deleted,experimental,local
>        rule_file = snortrules-snapshot-2860.tar.gz
>        sid_changelog = /var/log/sid_changes.log
>        sid_msg = /usr/local/etc/snort/sid-msg.map
>        config_path = /usr/local/etc/snort/snort.conf
>        sostub_path = /usr/local/etc/snort/rules/so_rules.rules
>        oinkcode = 7025mangle-mangle7813
>        temp_path = /tmp
>        distro = Ubuntu-8.04
>        base_url = http://www.snort.org/
>        sorule_path = /usr/local/lib/snort_dynamicrules/
>        version = 0.4.2
>        disablesid = /usr/local/etc/snort/disablesid.conf
>        local_rules = /usr/local/etc/snort/rules/local.rules
> Checking latest MD5....
>        Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5
>        most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf
> Rules tarball download....
>        Fetching rules file: snortrules-snapshot-2860.tar.gz
>        Error 501 when fetching snortrules-snapshot-2860.tar.gz at
> /home/bryorkj/snortrules/pulledpork/pulledpork.pl line 264.
>        going to get this url:
> http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813
>
>
> HTTP conversation
>
> GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813
> HTTP/1.1
> TE: deflate,gzip;q=0.3
> Connection: TE, close
> Host: www.snort.org
> User-Agent: LWP::Simple/5.820
>
> HTTP/1.0 302 Moved Temporarily
> Date: Thu, 01 Jul 2010 13:57:15 GMT
> Server: Apache
> X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
> X-Runtime: 448
> Cache-Control: no-cache
> Set-Cookie:
> _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc;
> path=/; HttpOnly
> Location:
> https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D
> Content-Length: 251
> Status: 302
> Content-Type: text/html; charset=utf-8
> X-Cache: MISS from web610.br.vccs.edu
> Via: 1.0 web610.br.vccs.edu:8080 (http_scan/4.0.2.6.19)
> Connection: close
>
> <html><body>You are being <a href="
> https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D
> ">redirected</a>.</body></html>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100701/e73de1cb/attachment.html>


More information about the Snort-sigs mailing list