[Snort-users] New to Snort; Unable to download VRT Certified Rules

Joel Esler jesler at ...1935...
Mon Feb 8 10:48:17 EST 2010


Just to let you guys know why this was done, we have some people that have automated cron jobs to download an entire new ruleset every 1 minute.  Some that have the cron every 5 minutes.  This was taxing the servers like crazy.

J

On Feb 8, 2010, at 10:21 AM, Ryan Jordan wrote:

> Yes, snort.org blocks you from attempting to download the same file
> twice within 15 minutes. I think it also resets the timer each time
> you get the 403 Forbidden. Keep in mind that this is tracked by IP
> address, so if you go to a different machine behind your NAT it will
> give the same error.
> 
> On Mon, Feb 8, 2010 at 2:48 AM, Russell Fulton <r.fulton at ...3809...> wrote:
>> 
>> 
>> On 8/02/2010, at 6:17 PM, <ladytechieguruness at ...14763...> <ladytechieguruness at ...14763...> wrote:
>> 
>>> 
>>> Ray and others,
>>> 
>>> It WAS the "registered users release" I was attempting to download, NOT
>>> the subscribers. BOTH say "VRT Certified" and the "new" rules are new than
>>> what I assume are in the latest release of the Snort program itself. I hope
>>> that's clearer. Thanks.
>>> 
>> 
>> you may be running foul of the system that stops people from downloading the rules too often.  I had a system that did a HEAD on the file to see if it had changed and then downloaded it if it had.  The download always failed with a 403.
>> 
>> Leave it a while and see if the problem still persists.
>> 
>> Depending on your needs you should also look at the Emerging Threats rule sets -- find with google...
>> 
>> 
>> Russell
>> ------------------------------------------------------------------------------
>> The Planet: dedicated and managed hosting, cloud storage, colocation
>> Stay online with enterprise data centers and the best network in the business
>> Choose flexible plans and management services without long-term contracts
>> Personal 24x7 support from experience hosting pros just a phone call away.
>> http://p.sf.net/sfu/theplanet-com
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
> 
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Joel Esler
302-223-5974









More information about the Snort-users mailing list