[Snort-sigs] still having download problems

Joel Esler jesler at ...435...
Thu Jul 1 11:27:40 EDT 2010


I am running on Fedora Core 9 on one of my boxes, and it works just fine.

FYI.

On Jul 1, 2010, at 11:03 AM, JJC wrote:

> Ok, well that rules those two out... yes, what distro are we all running that is having issues so that I can see if I can't reproduce!
> 
> On Thu, Jul 1, 2010 at 9:02 AM, Crook, Parker <Parker_Crook at ...2899...> wrote:
> JJ,
> 
>  
> I just upgraded my LWP::Simple to 5.836 and still having this issue.  I also ran update-ca-certificates to cover that base.  Just curious, is this only happening on Debain and Debain-based distros?
> 
>  
> -Parker
> 
>  
> P.S.  If I am still having an issue on this, I will setup a lab at home tonight to test this out on OS X, Debian, and if someone is having issues on another distro, let me know and I’ll see if can’t test it out there too.
> 
> From: JJC [mailto:cummingsj at ...2420...] 
> Sent: Thursday, July 01, 2010 10:51 AM
> To: John York
> Cc: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] still having download problems
> 
>  
> Do you know what version of LWP::SImple you are using?
> 
> On Thu, Jul 1, 2010 at 8:32 AM, John York <YorkJ at ...855...> wrote:
> 
> I've updated to pulledpork 0.4.2 on my Ubuntu 8.04 box.  I also tried to update the CA certs with apt-get, but they are already up to date.  When I do a packet trace, I see the box go to Snort and ask for the rules.  Snort replies that the rules have moved to s3.amazonaws.com.  At that point, my box just gives up--I don't see any traffic where it even tries to connect with amazon.  Any ideas?  I tried manually changing pp so it asked for sub-rules instead of reg-rules, but both do the same thing.  The pp debug output and https conversation are below, mangled to protect the oinkcode.
> 
> Thanks
> John
> 
> PP debug
> 
> me at ...3503...:~$ sudo apt-get install ca-certificates
> [sudo] password for me:
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> ca-certificates is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> 
> me at ...3503...:~$ sudo ./ppgo
> 
>  http://code.google.com/p/pulledpork/
>      _____ ____
>     `----,\    )
>      `--==\\  /    Pulled_Pork v0.4.2
>       `--==\\/
>     .-~~~~-.Y|\\_  Copyright (C) 2009-2010 JJ Cummings
>  @_/        /  66\_  cummingsj at ...2420...
>    |    \   \   _(")
>     \   /-| ||'--'  Rules give me wings!
>      \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Command Line Variable Debug:
>        Config Path is: /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
>        Path to disablesid file: /home/bryorkj/snortrules/pulledpork/etc/disablesid.conf
>        Verbose Flag is Set
>        Extra Verbose Flag is Set
> Config File Variable Debug /home/bryorkj/snortrules/pulledpork/etc/pulledpork.conf
>        snort_path = /usr/local/bin/snort
>        pid_path = /var/run/snortd.pid
>        rule_path = /usr/local/etc/snort/rules/snort.rules
>        ignore = deleted,experimental,local
>        rule_file = snortrules-snapshot-2860.tar.gz
>        sid_changelog = /var/log/sid_changes.log
>        sid_msg = /usr/local/etc/snort/sid-msg.map
>        config_path = /usr/local/etc/snort/snort.conf
>        sostub_path = /usr/local/etc/snort/rules/so_rules.rules
>        oinkcode = 7025mangle-mangle7813
>        temp_path = /tmp
>        distro = Ubuntu-8.04
>        base_url = http://www.snort.org/
>        sorule_path = /usr/local/lib/snort_dynamicrules/
>        version = 0.4.2
>        disablesid = /usr/local/etc/snort/disablesid.conf
>        local_rules = /usr/local/etc/snort/rules/local.rules
> Checking latest MD5....
>        Fetching md5sum for: snortrules-snapshot-2860.tar.gz.md5
>        most recent rules file digest: d8b7b694e4f21b7406e3c86a32b362bf
> Rules tarball download....
>        Fetching rules file: snortrules-snapshot-2860.tar.gz
>        Error 501 when fetching snortrules-snapshot-2860.tar.gz at /home/bryorkj/snortrules/pulledpork/pulledpork.pl line 264.
>        going to get this url:  http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813
> 
> 
> HTTP conversation
> 
> GET /sub-rules/snortrules-snapshot-2860.tar.gz/7025mangle-mangle7813 HTTP/1.1
> TE: deflate,gzip;q=0.3
> Connection: TE, close
> Host: www.snort.org
> User-Agent: LWP::Simple/5.820
> 
> HTTP/1.0 302 Moved Temporarily
> Date: Thu, 01 Jul 2010 13:57:15 GMT
> Server: Apache
> X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
> X-Runtime: 448
> Cache-Control: no-cache
> Set-Cookie: _radiant_session=BAh7BjoPmangle-mangleDhmNDA%3D--777377mangle-mangled8cc; path=/; HttpOnly
> Location: https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangleQ&Expires=1277992665&Signature=mangle-mangle3D
> Content-Length: 251
> Status: 302
> Content-Type: text/html; charset=utf-8
> X-Cache: MISS from web610.br.vccs.edu
> Via: 1.0 web610.br.vccs.edu:8080 (http_scan/4.0.2.6.19)
> Connection: close
> 
> <html><body>You are being <a href="https://s3.amazonaws.com/snort.org/rules/20100629/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKImangle-mangle&Expires=1277992665&Signature=7ZFmangle-mangle4%3D">redirected</a>.</body></html>
> 
> 
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
>  
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100701/17f76684/attachment.html>


More information about the Snort-sigs mailing list