[Snort-users] Extracting snortrules-2931.tar.gz

Joel Esler jesler at ...1935...
Wed Oct 10 11:58:12 EDT 2012


On Oct 10, 2012, at 11:55 AM, AllowOverride <allowoverride at ...11827...> wrote:

> yes joel i do. that is what have been saying... i pasted the link, but
> im not going to be a dick and make you look like a fool for not reading
> my emails, like some assholes are doing on here….

Everyone has a right to their opinion.  Even if it's wrong.

> here is the link again. I sign in, click the oinkcode link, it's right
> there. im just trying to save someone else a hassle or have to ask the
> list again, for which they will be called a moron for even asking,,, 

For the record, I don't think we've ever called anyone a moron.

> see my point....  that's the other point.
> 
> thanks
> 
> https://www.snort.org/
> 
> then:
> 
> https://www.snort.org/account/oinkcode
> 

That page says 2931 for me.  Did you refresh?  Can you log out, log back in?


> 
> 
> On Wed, 2012-10-10 at 11:50 -0400, Joel Esler wrote:
>> I don't know.  Do you see somewhere where it says 2900?  
>> 
>> 
>> On Oct 10, 2012, at 11:42 AM, AllowOverride <allowoverride at ...11827...> wrote:
>> 
>>> if it was fixed, then why did i complain more?
>>> 
>>> On Wed, 2012-10-10 at 09:44 -0400, Joel Esler wrote:
>>>> This has been fixe.
>>>> 
>>>> On Oct 9, 2012, at 9:17 PM, AllowOverride <allowoverride at ...11827...> wrote:
>>>> 
>>>>> thanks joel, i know i could have looked around more, but i figure
>>>>> consistency across the site should be mentioned. thanks
>>>>> 
>>>>> On Tue, 2012-10-09 at 20:56 -0400, Joel Esler wrote:
>>>>>> I'll get this fixed. 
>>>>>> 
>>>>>> Sent from my iPhone
>>>>>> 
>>>>>> On Oct 9, 2012, at 8:41 PM, AllowOverride <allowoverride at ...11827...> wrote:
>>>>>> 
>>>>>>> i am referring to this page:
>>>>>>> 
>>>>>>> https://www.snort.org/account/oinkcode
>>>>>>> 
>>>>>>> its NOT right there for you, it says 2900.
>>>>>>> i see what your are talking about, but others surely wont...
>>>>>>> 
>>>>>>> the process is, you read the config, you substitute what is displayed on
>>>>>>> that link. it wont work, UNLESS you know the file name, by clicking 
>>>>>>> a diff page on snort.org. sorry, but i didn't see that page until much
>>>>>>> later, the one you referred too. so when someone updates the page, i
>>>>>>> figure, incase someone takes the same path i do, and copies the link as
>>>>>>> is, with their oinkcode attached, which logically you would do at first
>>>>>>> glance, as you are using it for pulledpork.conf. this discussion is the
>>>>>>> result. 
>>>>>>> 
>>>>>>> i figure if they update the page you found first time, with 2931, so
>>>>>>> that we can cut paste it, to use with pp.pl, then there will be no
>>>>>>> problems. thats all, nothing more, 
>>>>>>> 
>>>>>>> On Tue, 2012-10-09 at 20:17 +0000, Jeremy Hoel wrote:
>>>>>>>> And like i said in the email before you responded, you can find the
>>>>>>>> file name right from the website.. when you click download rules.
>>>>>>>> http://snort.org/snort-rules/?
>>>>>>>> 
>>>>>>>> Snort v2.9
>>>>>>>> MD5 - 09 Oct, 2012
>>>>>>>> snortrules-snapshot-2931.tar.gz
>>>>>>>> MD5 - 09 Oct, 2012
>>>>>>>> snortrules-snapshot-2912.tar.gz
>>>>>>>> MD5 - 09 Oct, 2012
>>>>>>>> snortrules-snapshot-2923.tar.gz
>>>>>>>> MD5 - 09 Oct, 2012
>>>>>>>> snortrules-snapshot-2930.tar.gz
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> It's right there.. you just have to look at the page.  Reading is fundamental.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride at ...5119...827...> wrote:
>>>>>>>>> we dont know the file name!!! sheshh
>>>>>>>>> 
>>>>>>>>> On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:
>>>>>>>>>> The page shows:
>>>>>>>>>> 
>>>>>>>>>> wget http://www.snort.org/sub-rules/<filename>/<oinkcode here> \
>>>>>>>>>>          -O <output-filename>
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> It's pretty clear.  put the proper, correct, current filename where is
>>>>>>>>>> says filename and things work.  They shouldn't have to hold hands and
>>>>>>>>>> walk through the whole thing.
>>>>>>>>>> 
>>>>>>>>>> When you try and use examples you have to expect and realize that the
>>>>>>>>>> example might be out of date and maybe try and figure out what it
>>>>>>>>>> might take to make it work.
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride <allowoverride at ...979...11827...> wrote:
>>>>>>>>>>> when i say something doesnt work, i mean, it doesnt work:
>>>>>>>>>>> 
>>>>>>>>>>> wget
>>>>>>>>>>> http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09 12:44:42--  http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry
>>>>>>>>>>> Resolving www.snort.org... 23.23.170.170
>>>>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
>>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
>>>>>>>>>>> 2012-10-09 12:44:42 ERROR 403: Forbidden.
>>>>>>>>>>> 
>>>>>>>>>>> wget
>>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
>>>>>>>>>>> --2012-10-09 12:45:54--
>>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
>>>>>>>>>>> Resolving www.snort.org... 23.23.143.143
>>>>>>>>>>> Connecting to www.snort.org|23.23.143.143|:80... connected.
>>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
>>>>>>>>>>> 2012-10-09 12:45:56 ERROR 403: Forbidden.
>>>>>>>>>>> 
>>>>>>>>>>> and just for good measure
>>>>>>>>>>> 
>>>>>>>>>>> wget
>>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden
>>>>>>>>>>> --2012-10-09 12:47:03--
>>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again
>>>>>>>>>>> Resolving www.snort.org... 23.23.170.170
>>>>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
>>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
>>>>>>>>>>> 2012-10-09 12:47:04 ERROR 403: Forbidden.
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> now. the last one shouldn't work, becuz im not a register user
>>>>>>>>>>> the sub rules works if you know what you are doing...
>>>>>>>>>>> 
>>>>>>>>>>> If you include 2931 inplace of 2900 it will work, only if you are in the
>>>>>>>>>>> system for oinkcode. BUT, that is not what is autopopulated for you on
>>>>>>>>>>> the oinkcode page. it says, 2900. it wont work.
>>>>>>>>>>> 
>>>>>>>>>>> all i am saying fix is, change it to reflect the CURRENT version. thats
>>>>>>>>>>> all. not everyone will catch it, and ya know, end up asking the question
>>>>>>>>>>> here.
>>>>>>>>>>> 
>>>>>>>>>>> let's let the developers put the current version as well. takes what, 2
>>>>>>>>>>> seconds and saves users HOURS of wtf.. headaches...
>>>>>>>>>>> 
>>>>>>>>>>> thanks
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel wrote:
>>>>>>>>>>>> The link he was using worked fine for me. I tested the get and got the
>>>>>>>>>>>> rules with no no problem.. with the link he had. His problem is not
>>>>>>>>>>>> related to a bad link.
>>>>>>>>>>>> 
>>>>>>>>>>>> The examples show that you need a file name
>>>>>>>>>>>> (http://snort.org/snort-rules/cli) and when you go to the page before,
>>>>>>>>>>>> the main download page (http://snort.org/snort-rules/?), it shows the
>>>>>>>>>>>> file names. They are not trying to make this overly confusing and
>>>>>>>>>>>> hard.. but it does require some effort and understanding on the
>>>>>>>>>>>> installers part. Or, you could sign in and grab them from the gui, or
>>>>>>>>>>>> use pullpork.  3 different methods to get the rules..
>>>>>>>>>>>> 
>>>>>>>>>>>> The examples are generic enough that they don't have to change
>>>>>>>>>>>> whenever the rule file changes.  Lets let the developers work on
>>>>>>>>>>>> keeping the software fixed and nor worry about the web page not having
>>>>>>>>>>>> the most specific instructions.
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride at ...843.....11827...> wrote:
>>>>>>>>>>>>> jer,
>>>>>>>>>>>>> i tried the preferred method displayed on oinkcode page.
>>>>>>>>>>>>> it doesnt work for sub/reg unless you know to put 2931. also, other
>>>>>>>>>>>>> methods of wget'ing the url according to docs are supposed to work but
>>>>>>>>>>>>> do not, unless know the exact file name, and thats not always easy to
>>>>>>>>>>>>> find on the ftp site, or by other methods.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> just a heads up, that kept me off task for a few days trying to figure
>>>>>>>>>>>>> it out.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> suggestion... fix the examples on the oinkcode page.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:
>>>>>>>>>>>>>> The answer is in the text file that you sent back.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 2012-10-04 14:07:24 ERROR 403: Forbidden.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> so however you tried to get the file, it didn't work.  If you used
>>>>>>>>>>>>>> wget and an oink code then you need to check the code.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 at ...131...> wrote:
>>>>>>>>>>>>>>> Here is what i gath after running cat....
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> --2012-10-04 14:07:23--  http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
>>>>>>>>>>>>>>> Resolving www.snort.org... 23.23.170.170
>>>>>>>>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
>>>>>>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
>>>>>>>>>>>>>>> 2012-10-04 14:07:24 ERROR 403: Forbidden.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> What do u think?
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...> wrote:
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> From: Jeremy Hoel <jthoel at ...11827...>
>>>>>>>>>>>>>>>> Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
>>>>>>>>>>>>>>>> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
>>>>>>>>>>>>>>>> Cc: snort-users at lists.sourceforge.net
>>>>>>>>>>>>>>>> Date: Tuesday, October 9, 2012, 11:53 AM
>>>>>>>>>>>>>>>> to check the size of a file, go to
>>>>>>>>>>>>>>>> the directory where the file is and
>>>>>>>>>>>>>>>> run 'ls -al'.
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> But since 'file' said it's text and not a tar.gz or zip
>>>>>>>>>>>>>>>> file, then
>>>>>>>>>>>>>>>> that's the problem.  Your download is not correct.
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> go ahead and run 'cat snortrules-2931.tar.gz'
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 at ...131...>
>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>> I replied the email you sent earlier saying that i
>>>>>>>>>>>>>>>> didnt know how to check for te size of the file. But i did
>>>>>>>>>>>>>>>> rule the command u asked me here is the response
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> snortrules-2931.tar.gz: ASCII text
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>> --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...>
>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> From: Jeremy Hoel <jthoel at ...11827...>
>>>>>>>>>>>>>>>>>> Subject: Re: [Snort-users] Extracting
>>>>>>>>>>>>>>>> snortrules-2931.tar.gz
>>>>>>>>>>>>>>>>>> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
>>>>>>>>>>>>>>>>>> Cc: snort-users at lists.sourceforge.net
>>>>>>>>>>>>>>>>>> Date: Tuesday, October 9, 2012, 11:46 AM
>>>>>>>>>>>>>>>>>> You never got back to me about the
>>>>>>>>>>>>>>>>>> size of the file and if the file
>>>>>>>>>>>>>>>>>> was complete.
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> the error makes it sound like it's not a tar.gz
>>>>>>>>>>>>>>>> file.
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> you need to very you got the whole file and that
>>>>>>>>>>>>>>>> it's not
>>>>>>>>>>>>>>>>>> just a text error.
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> run 'file snortrules-2931.tar.gz' and see what it
>>>>>>>>>>>>>>>> says.
>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru
>>>>>>>>>>>>>>>> <fashman2k1 at ...131...>
>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>> Hello everyone,
>>>>>>>>>>>>>>>>>>> I am still having problems extracting
>>>>>>>>>>>>>>>>>> snortrules-2931.tar.gz
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> tar -xzvf snortrules-2931.tar.gz
>>>>>>>>>>>>>>>>>>>> I get this erro message
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> zip: stdin: not in gzip format
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> tar: Child returned status 1
>>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>>> tar: Error is not recoverable: exiting
>>>>>>>>>>>>>>>> now
>>>>>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>>>>>>>> Don't let slow site performance ruin your
>>>>>>>>>>>>>>>> business.
>>>>>>>>>>>>>>>>>> Deploy New Relic APM
>>>>>>>>>>>>>>>>>>> Deploy New Relic app performance management
>>>>>>>>>>>>>>>> and know
>>>>>>>>>>>>>>>>>> exactly
>>>>>>>>>>>>>>>>>>> what is happening inside your Ruby, Python,
>>>>>>>>>>>>>>>> PHP, Java,
>>>>>>>>>>>>>>>>>> and .NET app
>>>>>>>>>>>>>>>>>>> Try New Relic at no cost today and get our
>>>>>>>>>>>>>>>> sweet Data
>>>>>>>>>>>>>>>>>> Nerd shirt too!
>>>>>>>>>>>>>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>> Snort-users mailing list
>>>>>>>>>>>>>>>>>>> Snort-users at lists.sourceforge.net
>>>>>>>>>>>>>>>>>>> Go to this URL to change user options or
>>>>>>>>>>>>>>>> unsubscribe:
>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>>>>>>>>>>>>>> Snort-users list archive:
>>>>>>>>>>>>>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>>>> Please visit http://blog.snort.org to stay current on
>>>>>>>>>>>>>>>>>> all the latest Snort news!
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>>> Don't let slow site performance ruin your business. Deploy New Relic APM
>>>>>>>>>>>>>> Deploy New Relic app performance management and know exactly
>>>>>>>>>>>>>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
>>>>>>>>>>>>>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
>>>>>>>>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Snort-users mailing list
>>>>>>>>>>>>>> Snort-users at lists.sourceforge.net
>>>>>>>>>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>>>>>>>>> Snort-users list archive:
>>>>>>>>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>>>>> 
>>>>>>> 
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Don't let slow site performance ruin your business. Deploy New Relic APM
>>>>>>> Deploy New Relic app performance management and know exactly
>>>>>>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
>>>>>>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
>>>>>>> _______________________________________________
>>>>>>> Snort-users mailing list
>>>>>>> Snort-users at lists.sourceforge.net
>>>>>>> Go to this URL to change user options or unsubscribe:
>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>>>> Snort-users list archive:
>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>>> 
>>>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>>>> 
>>>> 
>>> 
>> 
> 





More information about the Snort-users mailing list