[Snort-users] [Snort-sigs] Update your oinkmaster/pulled_pork conf files
infosec.posts at ...11827...
Tue Jun 29 10:11:38 EDT 2010
I was using this URL in my update scripts:
Now I'm getting this:
Resolving www.snort.org... 126.96.36.199
Connecting to www.snort.org|188.8.131.52|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2010-06-29 08:46:33 ERROR 403: Forbidden.
Did the URL above get broken, too?
Since that didn't work I tried:
but that redirected to an SSL connection with Amazon, which isn't open
on my firewall from the machine in question.
So, I went to another machine and tried
Both of which are giving me 403: Forbidden.
Are the 184.108.40.206 URLs no longer supported?
Is the "15-minute rule" being imposed by oink code now instead of connecting IP?
Is the '_s' filename still in use to distinguish subscriber packs from
(Note: Obviously, my actual oinkmaster code has been sanitized to
'$oink_code' in everything above.)
On Mon, Jun 28, 2010 at 3:31 PM, Mike Guiterman
<mguiterman at ...1935...> wrote:
> Hi everyone,
> This afternoon's upgrade of Snort.org is complete. One of the issues
> addressed was improving the reliability of the VRT rules download process.
> Over the past few months we've seen an increase in reports about failed
> downloads. Today's upgrade should resolve the problem.
> This change does affect users who have automated their rules update
> process. The download URL used oinkmaster and pulled_pork conf files has
> changed. The new URL has been updated on the "oinkcodes" page on
> Snort.org. An example of the change is below:
> Old download URL
> Is now.
> To continue receiving automated rules updates please update your conf. file
> with the new URL.
> Our apologies for the inconvenience.
> Mike Guiterman
> Snort Community Manager
> Sourcefire, Inc.
> mguiterman at ...1935...
> 410.423.1930 (office)
> 703.400.4091 (mobile)
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
More information about the Snort-users