[Snort-sigs] [Snort-users] Update your oinkmaster/pulled_porkconf files

Todd Adamson radamson at ...908...
Wed Jun 30 11:39:21 EDT 2010


Ok, I'm confused.

I just ran my oinkmaster update, and I get the following:

C:\Snort\oinkmaster>c:\Perl\bin\perl.exe 
c:\snort\Oinkmaster\oinkmaster.pl -C 
c:\snort\Oinkmaster\weekend-oinkmaster.conf -o c:\snort\rules

Loading C:\snort\Oinkmaster\weekend-oinkmaster.conf

Downloading file from 
http://www.snort.org/pub-bin/oinkmaster.cgi/<oink_code_removed>/snortrules-snapshot-2860.tar.gz...

c:\snort\Oinkmaster\oinkmaster.pl: Error: could not download 
from 
http://www.snort.org/pub-bin/oinkmaster.cgi/<oink_code_removed>/snortrules-snapshot-2860.tar.gz: 
403 Forbidden

I haven't tried the other format, however by your latest 
statement I shouldn't have to change???

Am I missing something?  I could just be reading over an 
error somewhere after reading it over and over...

Todd

Mike Guiterman wrote:
> Hi all,
> 
> I just met with our web team.  The net is - I misread the impact of the 
> changes on Oinkmaster users and gave you all bad guidance.
> 
> The download URL in the Oikmaster conf. file should be:
> 
> *For snort 2.8.6.0 <http://2.8.6.0>:*
> 
>       url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2860.tar.gz
> 
> *For snort 2.8.5.3 <http://2.8.5.3>:*
> 
>       url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2853.tar.gz
> 
> The new links I gave yesterday are for those using their oinkcode to download rules without logging in or using oinkmaster.
> 
> My apologies for the issues this might have caused.  
> 
> Mike
> 
> On Wed, Jun 30, 2010 at 11:16 AM, Joel Esler <jesler at ...435... 
> <mailto:jesler at ...435...>> wrote:
> 
>     Just to let you guys know, we are working on this.  The main reason
>     we are doing this is to lift the 15 minute restriction, lighten the
>     load on the webpage, etc. 
> 
>     Sent from my iPhone
> 
>     On Jun 30, 2010, at 11:03 AM, Fred Austin
>     <fred.austin at ...3499... <mailto:fred.austin at ...3499...>>
>     wrote:
> 
>>     Even using the "--no-check-certificate" for wget, the download is
>>     failing. I thought the correct URL to use is now:
>>     <http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/>http://www.snort.org/reg-rules/snortrules-snapshot-2853.tag.gz/<oinkcode>
>>
>>     based on the VRT blog from Monday.
>>
>>     Fred Austin
>>
>>     On Wed, Jun 30, 2010 at 8:05 AM, Weir, Jason <
>>     <mailto:jason.weir at ...3410...>jason.weir at ...3410...
>>     <mailto:jason.weir at ...3410...>> wrote:
>>
>>         Joel,
>>
>>         Still getting the below error, could this be a wget problem
>>         not handling
>>         the ssl connection correctly?  Anyone know how to use the
>>         `--no-check-certificate' option with oinkmaster?
>>
>>         ------------------------------------------------------------------------
>>         --------------------------------------
>>
>>         Downloading file from
>>         <http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz.>http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>>         ot-2853.tar.gz...
>>
>>         /usr/local/bin/oinkmaster.pl <http://oinkmaster.pl>: Error:
>>         could not download from
>>         <http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>>         ot-2853.tar.gz.
>>
>>         Output from wget follows:
>>
>>         <http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh%0Aot-2853.tar.gz>http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapsh
>>         ot-2853.tar.gz
>>
>>         Resolving www.snort.org <http://www.snort.org>... 68.177.102.20
>>
>>         Connecting to <http://www.snort.org>www.snort.org
>>         <http://www.snort.org>|68.177.102.20|:80... connected.
>>
>>         HTTP request sent, awaiting response... 302 Found
>>
>>         Location:
>>         <https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28>https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
>>         53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
>>         re=px1MZAMmLNzKWMw93CljxWGLJco%3D
>>
>>         [following] --2010-06-30 07:01:08--
>>         <https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28>https://s3.amazonaws.com/snort.org/rules/20100525/snortrules-snapshot-28
>>         53.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1277895698&Signatu
>>         re=px1MZAMmLNzKWMw93CljxWGLJco%3D
>>
>>         Resolving s3.amazonaws.com <http://s3.amazonaws.com>...
>>         72.21.202.164
>>
>>         Connecting to <http://s3.amazonaws.com>s3.amazonaws.com
>>         <http://s3.amazonaws.com>|72.21.202.164|:443... connected.
>>
>>         ERROR: cannot verify <http://s3.amazonaws.com>s3.amazonaws.com
>>         <http://s3.amazonaws.com>'s certificate, issued by
>>         `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of
>>         use at
>>         <https://www.verisign.com/rpa>https://www.verisign.com/rpa
>>         (c)09/CN=VeriSign Class 3 Secure Server CA
>>         - G2':
>>
>>         Unable to locally verify the issuer's authority.
>>
>>         To connect to <http://s3.amazonaws.com>s3.amazonaws.com
>>         <http://s3.amazonaws.com> insecurely, use
>>         `--no-check-certificate'.
>>         Unable to establish SSL connection.
>>
>>         ------------------------------------------------------------------------
>>         --------------------------------------
>>
>>         -Jason
>>
>>         -----Original Message-----
>>         From: Joel Esler [mailto:
>>         <mailto:jesler at ...435...>jesler at ...435...
>>         <mailto:jesler at ...435...>]
>>         Sent: Tuesday, June 29, 2010 3:03 PM
>>         To: Weir, Jason
>>         Cc: infosec posts;
>>         <mailto:snort-sigs at lists.sourceforge.net>snort-sigs at lists.sourceforge.net
>>         <mailto:snort-sigs at lists.sourceforge.net>; Snort Users List
>>         Subject: Re: [Snort-sigs] [Snort-users] Update your
>>         oinkmaster/pulled_porkconf files
>>
>>
>>         On Jun 29, 2010, at 10:41 AM, Weir, Jason wrote:
>>         > Me too - common guys this isn't that complicated
>>         >
>>         > Oinkmaster output below
>>
>>         Okay, I know our web team made some changes after these series of
>>         emails.  If you are still having problems, please let us know.
>>
>>         Joel
>>
>>
>>         _____________________________________________________________________________________________
>>
>>         Please visit <http://www.nhrs.org>www.nhrs.org
>>         <http://www.nhrs.org> to subscribe to NHRS email announcements
>>         and updates.
>>         ------------------------------------------------------------------------------
>>         This SF.net <http://SF.net> email is sponsored by Sprint
>>         What will you do first with EVO, the first 4G phone?
>>         Visit <http://sprint.com/first>sprint.com/first
>>         <http://sprint.com/first> --
>>         <http://p.sf.net/sfu/sprint-com-first>http://p.sf.net/sfu/sprint-com-first
>>         _______________________________________________
>>         Snort-sigs mailing list
>>         <mailto:Snort-sigs at lists.sourceforge.net>Snort-sigs at lists.sourceforge.net
>>         <mailto:Snort-sigs at lists.sourceforge.net>
>>         <https://lists.sourceforge.net/lists/listinfo/snort-sigs>https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>>
>>
>>
>>     -- 
>>     This email and any files transmitted with it are solely intended
>>     for the use of the named recipient(s) and may contain information
>>     that is privileged and confidential. If you receive this email in
>>     error, please immediately notify the sender and delete this
>>     message in all its forms.  E-mail transmission cannot be
>>     guaranteed to be secure or error-free as information could be
>>     intercepted, corrupted, lost, destroyed, arrive late or
>>     incomplete, or contain viruses.  Therefore N-Dimension Solutions
>>     Inc. does not accept liability for any errors or omission in the
>>     contents of the message which arise as a result of e-mail
>>     transmission.
> 
>     ------------------------------------------------------------------------------
>     This SF.net email is sponsored by Sprint
>     What will you do first with EVO, the first 4G phone?
>     Visit sprint.com/first <http://sprint.com/first> --
>     http://p.sf.net/sfu/sprint-com-first
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list