[Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

Eoin Miller eoin.miller at ...14586...
Fri May 29 13:42:51 EDT 2009


I think this just MD5 sum's the file after download? How about something
built into Snort for auto rule updating that would check a page like
http://dl.snort.org/sub-rules/snortrules-snapshot-CURRENT_s.tar.gz.md5
against the last downloaded MD5. If it doesn't match, go ahead and
download the rules then and only then. This should reduce the bandwidth
load of people just constantly grabbing the 90mb rules file over and
over. Tenable does something similiar with their NASL feed system.

--
Eoin Miller


Joel Esler wrote:
> On Fri, May 29, 2009 at 12:56 PM, Jeff Dell <jdell at ...1095...
> <mailto:jdell at ...1095...>> wrote:
>
>     The problem with once a week is what happens if you check on
>     Monday at 8am and the rules are updated on Monday at 8:05? You
>     won’t get any updates for 2 weeks. It would be really great to
>     have something like a checksum that will be available to see if
>     there is a change in the rules file. This way users know exactly
>     when an update has occurred and even if they check it every 15
>     minutes they will be checking a tiny file as compared to 90megs+
>     file. Then incorporating this into your favorite update utility
>     will make updates very fast most of the time as there won’t be an
>     update to the file, and would severely lower the bandwidth that
>     snort.org <http://snort.org> needs.
>
>      
>
>
> A tool was recently written by one of our guys here at Sourcefire
> called "PulledPork". 
> http://code.google.com/p/pulledpork/
>
> This tool updates rules and does exactly that (Checks the checksum of
> the rules first).
>
>
> -- 
> joel esler | Sourcefire | gtalk: jesler at ...1935...
> <mailto:jesler at ...1935...> | 302-223-5974
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
> is a gathering of tech-side developers & brand creativity professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, & 
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 
> ------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list