[Snort-users] still can't get 2.8.6 rules?

Joel Esler jesler at ...1935...
Tue May 25 15:20:56 EDT 2010


Okay, the lowdown is that the "oinkmaster" retrieval method will work after the 2860 30-day rollover.

The web retrieval method should also stop working with the next rule release.

i.e., everything should be back to "normal" soon.  Sorry for the confusion.

On May 25, 2010, at 2:18 PM, Will Metcalf wrote:

> Cool, thanks Joel!
> 
> Regards,
> 
> Will
> 
> On Tue, May 25, 2010 at 1:17 PM, Joel Esler <jesler at ...1935...> wrote:
>> Will,
>> 
>> I'll forward this to the web team so they can have a look.
>> 
>> --
>> Sent from my iPad
>> Joel Esler
>> 302-223-5974
>> Jabber:jesler at ...1935...
>> 
>> On May 25, 2010, at 1:57 PM, Will Metcalf <william.metcalf at ...11827...> wrote:
>> 
>>> The redirect is broken.  I reported this to Esler already but....
>>> 
>>> wget  http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2860_s.tar.gz
>>> --2010-05-25 12:48:53--
>>> http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2860_s.tar.gz
>>> Resolving www.snort.org... 68.177.102.20
>>> Connecting to www.snort.org|68.177.102.20|:80... connected.
>>> HTTP request sent, awaiting response... 302 Found
>>> Location: http://dl.snort.org/sub-rules/snortrules-snapshot-2860_s.tar.gz?oink_code=*oinkcode*
>>> [following]
>>> --2010-05-25 12:48:54--
>>> http://dl.snort.org/sub-rules/snortrules-snapshot-2860_s.tar.gz?oink_code=*oinkcode*
>>> Resolving dl.snort.org... 68.177.102.34
>>> Connecting to dl.snort.org|68.177.102.34|:80... connected.
>>> HTTP request sent, awaiting response... 403 Forbidden
>>> 2010-05-25 12:48:54 ERROR 403: Forbidden.
>>> 
>>> So even though I'm a registered user you are trying to redirect me to
>>> subscription rules. Going directly to the correct url works i.e.
>>> replacing /sub-rules/ with /reg-rules/...
>>> 
>>> wget http://dl.snort.org/reg-rules/snortrules-snapshot-2860_s.tar.gz?oink_code=*oinkcode*
>>> -O snortrules-snapshot-2860_s.tar.gz
>>> --2010-05-25 12:53:46--
>>> http://dl.snort.org/reg-rules/snortrules-snapshot-2860_s.tar.gz?oink_code=*oinkcode*
>>> Resolving dl.snort.org... 68.177.102.34
>>> Connecting to dl.snort.org|68.177.102.34|:80... connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 18810235 (18M) [application/octet-stream]
>>> Saving to: `snortrules-snapshot-2860_s.tar.gz'
>>> 
>>> 100%[===================================================================================================================================================================================================>]
>>> 18,810,235  1.01M/s   in 18s
>>> 
>>> 2010-05-25 12:54:04 (1006 KB/s) - `snortrules-snapshot-2860_s.tar.gz'
>>> saved [18810235/18810235]
>>> 
>>> Regards,
>>> 
>>> Will
>>> On Sun, May 23, 2010 at 6:41 PM, Nigel Houghton
>>> <nhoughton at ...1935...> wrote:
>>>> On Sun, May 23, 2010 at 7:29 PM, Jason Haar <Jason.Haar at ...294...> wrote:
>>>>> On 05/24/2010 11:14 AM, Nigel Houghton wrote:
>>>>>> Yes, Joel's email is correct. However, you are missing the _s on the
>>>>>> name of the rules file.
>>>>>> 
>>>>>> 
>>>>> 
>>>>> I tried that too - I get "You do not have permission to download this file".
>>>>> 
>>>>>> Also, the 2860 and 2853 rules haven't yet turned the 30 day corner for
>>>>>> registered users.
>>>>>> 
>>>>> That's the confusing part - I thought Joel's email said the rules were
>>>>> available in advance. (I'm registered - not subscribed)
>>>>> 
>>>>> To reiterate: 2860, 2853 give me "no such file", 2860_s gives me
>>>>> 'denied', and CURRENT works?
>>>>> 
>>>>> 
>>>>> --
>>>>> Cheers
>>>>> 
>>>>> Jason Haar
>>>>> Information Security Manager, Trimble Navigation Ltd.
>>>>> Phone: +64 3 9635 377 Fax: +64 3 9635 417
>>>>> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> Try logging in to snort.org and going here:
>>>> http://www.snort.org/snort-rules/#rules
>>>> 
>>>> See if you can download the rules from there.
>>>> 
>>>> --
>>>> Nigel Houghton
>>>> Head Mentalist
>>>> SF VRT
>>>> http://vrt-sourcefire.blogspot.com && http://labs.snort.org/
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> 
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> 
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 

--
Joel Esler
302-223-5974
Jabber: jesler at ...1935...





More information about the Snort-users mailing list