[Snort-users] FW: Oinkmaster can't get rules

Jun Wan junwei_wan at ...125...
Mon Jul 26 21:43:51 EDT 2010


Hi JJC,

 

Thanks for the info, I did the following on my Windows XP:

 

C:\snort\pulledpork-0.3.4>pulledpork.pl -o c:\snort\rules -O a9xnnnxnnnxnxnnnxnnxnxnnnxnnxnxnxnxn....xnnnc -f snortrules-snap
shot-2.8.5.3.tar.gz -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m c:\snort\etc\sid-msg.map -h c:\snort\log\sid_changes.log -I security -H

 

Then I got the following:

 

Checking latest MD5....
        A 403 error occured, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2.8.5.3.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 269


Any info and help would be much appreciated.

 

Thanks 

 

Regards

 

John

 


Date: Mon, 26 Jul 2010 07:02:13 -0600
Subject: Re: [Snort-users] FW: Oinkmaster can't get rules
From: cummingsj at ...11827...
To: junwei_wan at ...125...
CC: snort-users at lists.sourceforge.net

You are attempting to retrieve an invalid tarball (snortrules-snapshot-2.8.tar.gz)..


you need to use one of the following at this time:
snortrules-snapshot-2853.tar.gz
snortrules-snapshot-2860.tar.gz
snortrules-snapshot-2861.tar.gz


Please take note also of what Nigel said, that the 2853 rules will remain for 90 days to give you time to upgrade!  And on another note, there is an updated version of pulledpork that has many bugfixes..


JJC










On Mon, Jul 26, 2010 at 12:28 AM, Jun Wan <junwei_wan at ...125...> wrote:


Ok, I downloaded Pulled Pork v0.3.4, follow the "Readme", instead of using: 
./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \
-h /var/log/sid_changes.log -I security -H
 
I used this on my Windows XP:

C:\snort\pulledpork-0.3.4>pulledpork.pl -c pulledpork.conf -i disablesid.conf -b
 dropsid.conf -m c:\snort\etc\sid-msg.map -h c:\snort\log\sid_changes.log -I sec
urity -H
 
And then I got this:
 
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / Pulled_Pork v0.3.4
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cummingsj at ...11827...
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5....
A 403 error occured, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2.8.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 2
69.
 
After 25 minutes, I tried again, same error.

I would like to know what is wrong and any info and help would be appreciated.
 
Many thanks in advance.
 
Regards
 
John  



From: junwei_wan at ...125...
To: snort-users at lists.sourceforge.net
Date: Mon, 26 Jul 2010 03:55:34 +0000



Subject: Re: [Snort-users] Oinkmaster can't get rules

Hi, I am unable to update the rules via Oinkmaster (it was okay before), My snort (2.8.5.3) is running on my Windows XP, I am getting an error: 404 forbidden message, please see the attached info.
 
I will use Pulled Pork in the near future, but now I would like to fix this issue with rules update&Oinkmaster.
 
Any information and help would be appreciated.
 
Thanks
 
Regards
 
John 
 
 		 	   		  
_________________________________________________________________
If It Exists, You'll Find it on SEEK. Australia's #1 job site
http://clk.atdmt.com/NMN/go/157639755/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100727/5255bd7e/attachment.html>


More information about the Snort-users mailing list