[Snort-users] PulledPork not processing

Tony Robinson deusexmachina667 at ...11827...
Sun Feb 10 16:26:39 EST 2013


meant to reply-all. think i might have just sent this to JJ by accident.

Hey... I saw this line in your output above:

  Distro Def is: FreeBSD-8.1

Wondering if that might having something to do with it? Is there an option
to define the distro for PP to  windows?

On Sun, Feb 10, 2013 at 11:51 AM, JJ Cummings <cummingsj at ...11827...> wrote:

> Michael,
>
> Are you talking about the rule docs "the opensource.tgz" file?  If so,
> these are not the rules and only need to be extracted if you are using them
> for reference.  This can sometimes take a while to extract... However, as
> Joel said the actual rules operation should be quite fast.
>
> JJC
>
> Sent from the iRoad
>
> On Feb 10, 2013, at 9:20, "Joel Esler" <jesler at ...1935...> wrote:
>
> *self contained
>> Joel Esler
> Mobile
>
>
> On Sun, Feb 10, 2013 at 10:38 AM, Joel Esler <jesler at ...1935...>wrote:
>
>> Wow.  That's pretty slow.  On Unix it takes about 10 seconds give or
>> take.  But no, Pulledpork is sell contained except for a few libraries and
>> is meant to be that way.
>>
>>
>> On Sun, Feb 10, 2013 at 9:57 AM, Michael Steele <michaels at ...9077...>wrote:
>>
>>> Problem solved. It appears that some of the Perl packages were corrupted.
>>> ****
>>>
>>> ** **
>>>
>>> However; Does anyone have a work around for the installation of the
>>> Signatures. I don’t know about UNIX, but  on Windows it takes at least 30
>>> minutes for Perl to extract.****
>>>
>>> ** **
>>>
>>> Is it possible for the pulledpork.pl file to extract with a native OS
>>> extraction tool?****
>>>
>>> ** **
>>>
>>> Best regards,****
>>>
>>> Michael...****
>>>
>>> ** **
>>>
>>> *From:* Michael Steele [mailto:michaels at ...9077...]
>>> *Sent:* Saturday, February 09, 2013 1:49 PM
>>> *To:* snort-users at lists.sourceforge.net
>>> *Subject:* [Snort-users] PulledPork not processing****
>>>
>>> ** **
>>>
>>> This is the latest pull from the SVN.****
>>>
>>> ** **
>>>
>>> It appears PulledPork is trying to process the rules twice. In the temp
>>> folder I’m only getting a partial transfer of the rules and the MD5 file.
>>> ****
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c
>>> d:\winids\pulledpork\etc\pulledpork.conf -vv -T****
>>>
>>> ** **
>>>
>>>     http://code.google.com/p/pulledpork/****
>>>
>>>       _____ ____****
>>>
>>>      `----,\    )****
>>>
>>>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~****
>>>
>>>        `--==\\/****
>>>
>>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings****
>>>
>>>   @_/        /  66\_  cummingsj at ...11827...****
>>>
>>>     |    \   \   _(")****
>>>
>>>      \   /-| ||'--'  Rules give me wings!****
>>>
>>>       \_\  \_\\****
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>>>
>>> ** **
>>>
>>> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf****
>>>
>>>         snort_path = /usr/local/bin/snort****
>>>
>>>         enablesid = d:\winids\pulledpork\etc\enablesid.conf****
>>>
>>>         modifysid = d:\winids\pulledpork\etc\modifysid.conf****
>>>
>>>         rule_path = d:\winids\snort\rules\snort.rules****
>>>
>>>         ignore = deleted.rules,experimental.rules,local.rules****
>>>
>>>         rule_url = ARRAY(0x28e1e24)****
>>>
>>>         snort_version = 2.9.4.0****
>>>
>>>         sid_msg_version = 1****
>>>
>>>         sid_changelog = d:\winids\snort\log\sid_changes.log****
>>>
>>>         sid_msg = d:\winids\snort\etc\sid-msg.map****
>>>
>>>         docs = d:\winids\Apache24\htdocs\base\signatures\****
>>>
>>>         ips_policy = security****
>>>
>>>         config_path = /usr/local/etc/snort/snort.conf****
>>>
>>>         temp_path = d:\winids\pulledpork\temp****
>>>
>>>         distro = FreeBSD-8.1****
>>>
>>>         version = 0.6.1****
>>>
>>>         sorule_path = /usr/local/lib/snort_dynamicrules/****
>>>
>>>         disablesid = d:\winids\pulledpork\etc\disablesid.conf****
>>>
>>>         dropsid = d:\winids\pulledpork\etc\dropsid.conf****
>>>
>>>         local_rules = d:\winids\snort\rules\local.rules****
>>>
>>> 'uname' is not recognized as an internal or external command,****
>>>
>>> operable program or batch file.****
>>>
>>> MISC (CLI and Autovar) Variable Debug:****
>>>
>>>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf****
>>>
>>>         Distro Def is: FreeBSD-8.1****
>>>
>>>         Docs Reference Location is:
>>> d:\winids\Apache24\htdocs\base\signatures\****
>>>
>>>         security policy specified****
>>>
>>>         local.rules path is: d:\winids\snort\rules\local.rules****
>>>
>>>         Rules file is: d:\winids\snort\rules\snort.rules****
>>>
>>>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf
>>> ****
>>>
>>>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf****
>>>
>>>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf*
>>> ***
>>>
>>>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf*
>>> ***
>>>
>>>         sid changes will be logged to:
>>> d:\winids\snort\log\sid_changes.log****
>>>
>>>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map****
>>>
>>>         Snort Version is: 2.9.4.0****
>>>
>>>         Snort Config File: /usr/local/etc/snort/snort.conf****
>>>
>>>         Snort Path is: /usr/local/bin/snort****
>>>
>>>         Text Rules only Flag is Set****
>>>
>>>         Extra Verbose Flag is Set****
>>>
>>>         Verbose Flag is Set****
>>>
>>>         Base URL is:
>>> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
>>> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
>>> ****
>>>
>>> 775ba98cf****
>>>
>>> Checking latest MD5 for snortrules-snapshot-2940.tar.gz....****
>>>
>>>         Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5****
>>>
>>> ** GET
>>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/991158d6f0847841cffbe085a91b7c5775ba98cf==> 200 OK (3s)
>>> ****
>>>
>>>         most recent rules file digest: ae46740e802f023be681d932ef71f407*
>>> ***
>>>
>>> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>>>
>>>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>>>
>>> ** GET
>>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found (1s)
>>> ****
>>>
>>> ** GET
>>> https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435268&Signature=KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D==>
>>> ****
>>>
>>> 200 OK (1s)****
>>>
>>>         storing file at:
>>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz****
>>>
>>> ** **
>>>
>>>         current local rules file  digest:
>>> eed12b6d1e99dd34dda723167ab18f8c****
>>>
>>>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the
>>> latest digest... so I am gonna fetch the latest rules file!****
>>>
>>> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>>>
>>>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>>>
>>> ** GET
>>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found
>>> ****
>>>
>>> ** GET
>>> https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435269&Signature=2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D==>   0
>>> ****
>>>
>>> 200 OK****
>>>
>>>         storing file at:
>>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz****
>>>
>>> ** **
>>>
>>>         current local rules file  digest:
>>> 6fb296525f90c700ff356264397e7977****
>>>
>>>         The MD5 for snortrules-snapshot-2940.tar.gz did not match the
>>> latest digest... so I am gonna fetch the latest rules file!****
>>>
>>> Rules tarball download of snortrules-snapshot-2940.tar.gz....****
>>>
>>>         Fetching rules file: snortrules-snapshot-2940.tar.gz****
>>>
>>> ** GET
>>> https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 403 Forbidden (1s)
>>> ****
>>>
>>>         A 403 error occurred, please wait for the 15 minute timeout****
>>>
>>>         to expire before trying again or specify the -n runtime switch**
>>> **
>>>
>>>         You may also wish to verfiy your oinkcode, tarball name, and
>>> other configuration options****
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> I can drop the rules, and open source file into the empty temp folder
>>> and try to process offline but I’m getting:****
>>>
>>> ** **
>>>
>>> C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c
>>> d:\winids\pulledpork\etc\pulledpork.conf -n -vv -T****
>>>
>>> ** **
>>>
>>>     http://code.google.com/p/pulledpork/****
>>>
>>>       _____ ____****
>>>
>>>      `----,\    )****
>>>
>>>       `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~****
>>>
>>>        `--==\\/****
>>>
>>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings****
>>>
>>>   @_/        /  66\_  cummingsj at ...11827...****
>>>
>>>     |    \   \   _(")****
>>>
>>>      \   /-| ||'--'  Rules give me wings!****
>>>
>>>       \_\  \_\\****
>>>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~****
>>>
>>> ** **
>>>
>>> Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf****
>>>
>>>         snort_path = /usr/local/bin/snort****
>>>
>>>         enablesid = d:\winids\pulledpork\etc\enablesid.conf****
>>>
>>>         modifysid = d:\winids\pulledpork\etc\modifysid.conf****
>>>
>>>         rule_path = d:\winids\snort\rules\snort.rules****
>>>
>>>         ignore = deleted.rules,experimental.rules,local.rules****
>>>
>>>         rule_url = ARRAY(0x285929c)****
>>>
>>>         snort_version = 2.9.4.0****
>>>
>>>         sid_msg_version = 1****
>>>
>>>         sid_changelog = d:\winids\snort\log\sid_changes.log****
>>>
>>>         sid_msg = d:\winids\snort\etc\sid-msg.map****
>>>
>>>         docs = d:\winids\Apache24\htdocs\base\signatures\****
>>>
>>>         ips_policy = security****
>>>
>>>         config_path = /usr/local/etc/snort/snort.conf****
>>>
>>>         temp_path = d:\winids\pulledpork\temp****
>>>
>>>         distro = FreeBSD-8.1****
>>>
>>>         version = 0.6.1****
>>>
>>>         sorule_path = /usr/local/lib/snort_dynamicrules/****
>>>
>>>         disablesid = d:\winids\pulledpork\etc\disablesid.conf****
>>>
>>>         dropsid = d:\winids\pulledpork\etc\dropsid.conf****
>>>
>>>         local_rules = d:\winids\snort\rules\local.rules****
>>>
>>> 'uname' is not recognized as an internal or external command,****
>>>
>>> operable program or batch file.****
>>>
>>> MISC (CLI and Autovar) Variable Debug:****
>>>
>>>         Config Path is: d:\winids\pulledpork\etc\pulledpork.conf****
>>>
>>>         Distro Def is: FreeBSD-8.1****
>>>
>>>         Docs Reference Location is:
>>> d:\winids\Apache24\htdocs\base\signatures\****
>>>
>>>         security policy specified****
>>>
>>>         local.rules path is: d:\winids\snort\rules\local.rules****
>>>
>>>         No Download Flag is Set****
>>>
>>>         Rules file is: d:\winids\snort\rules\snort.rules****
>>>
>>>         Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf
>>> ****
>>>
>>>         Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf****
>>>
>>>         Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf*
>>> ***
>>>
>>>         Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf*
>>> ***
>>>
>>>         sid changes will be logged to:
>>> d:\winids\snort\log\sid_changes.log****
>>>
>>>         sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map****
>>>
>>>         Snort Version is: 2.9.4.0****
>>>
>>>         Snort Config File: /usr/local/etc/snort/snort.conf****
>>>
>>>         Snort Path is: /usr/local/bin/snort****
>>>
>>>         Text Rules only Flag is Set****
>>>
>>>         Extra Verbose Flag is Set****
>>>
>>>         Verbose Flag is Set****
>>>
>>>         Base URL is:
>>> https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
>>> https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5
>>> ****
>>>
>>> 775ba98cf****
>>>
>>> Prepping rules from snortrules-snapshot-2940.tar.gz for work....****
>>>
>>>         extracting contents of
>>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...****
>>>
>>>         Ignoring plaintext rules: deleted.rules****
>>>
>>>         Ignoring plaintext rules: experimental.rules****
>>>
>>>         Ignoring plaintext rules: local.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-adware.rules****
>>>
>>>         Extracted: /tha_rules/VRT-misc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-backdoor.rules****
>>>
>>>         Extracted: /tha_rules/VRT-indicator-compromise.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-pdf.rules****
>>>
>>>         Extracted: /tha_rules/VRT-content-replace.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-identify.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-webkit.rules****
>>>
>>>         Extracted: /tha_rules/VRT-specific-threats.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-office.rules****
>>>
>>>         Extracted: /tha_rules/VRT-rpc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-dns.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-snmp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-coldfusion.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-voip.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-image.rules****
>>>
>>>         Extracted: /tha_rules/VRT-chat.rules****
>>>
>>>         Extracted: /tha_rules/VRT-voip.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-solaris.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pop3.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-mssql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-preprocessor.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-social.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-ftp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-webapp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-oracle.rules****
>>>
>>>         Extracted: /tha_rules/VRT-scada.rules****
>>>
>>>         Extracted: /tha_rules/VRT-other-ids.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-apache.rules****
>>>
>>>         Extracted: /tha_rules/VRT-sql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-icmp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-multimedia.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-p2p.rules****
>>>
>>>         Extracted: /tha_rules/VRT-info.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-mail.rules****
>>>
>>>         Extracted: /tha_rules/VRT-netbios.rules****
>>>
>>>         Extracted: /tha_rules/VRT-smtp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-icmp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-sensitive-data.rules****
>>>
>>>         Extracted: /tha_rules/VRT-indicator-shellcode.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-iis.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-finger.rules****
>>>
>>>         Extracted: /tha_rules/VRT-botnet-cnc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-toolbars.rules****
>>>
>>>         Extracted: /tha_rules/VRT-mysql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-virus.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-imap.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-cnc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-misc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-tftp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-blacklist.rules****
>>>
>>>         Extracted: /tha_rules/VRT-shellcode.rules****
>>>
>>>         Extracted: /tha_rules/VRT-spyware-put.rules****
>>>
>>>         Extracted: /tha_rules/VRT-exploit.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-services.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-ie.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-windows.rules****
>>>
>>>         Extracted: /tha_rules/VRT-ddos.rules****
>>>
>>>         Extracted: /tha_rules/VRT-attack-responses.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-firefox.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-chrome.rules****
>>>
>>>         Extracted: /tha_rules/VRT-telnet.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-icmp-info.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-linux.rules****
>>>
>>>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-spam.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-tools.rules****
>>>
>>>         Extracted: /tha_rules/VRT-x11.rules****
>>>
>>>         Extracted: /tha_rules/VRT-p2p.rules****
>>>
>>>         Extracted: /tha_rules/VRT-scan.rules****
>>>
>>>         Extracted: /tha_rules/VRT-ftp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-php.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-activex.rules****
>>>
>>>         Extracted: /tha_rules/VRT-decoder.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-frontpage.rules****
>>>
>>>         Extracted: /tha_rules/VRT-rservices.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-executable.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-backdoor.rules****
>>>
>>>         Extracted: /tha_rules/VRT-multimedia.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-client.rules****
>>>
>>>         Extracted: /tha_rules/VRT-exploit-kit.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-pop.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-plugins.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-attacks.rules****
>>>
>>>         Extracted: /tha_rules/VRT-imap.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-flash.rules****
>>>
>>>         Extracted: /tha_rules/VRT-nntp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-dos.rules****
>>>
>>>         Extracted: /tha_rules/VRT-finger.rules****
>>>
>>>         Extracted: /tha_rules/VRT-phishing-spam.rules****
>>>
>>> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
>>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>>
>>> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
>>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>>
>>>         Extracted:
>>> d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt****
>>>
>>>         Extracted: /tha_rules/VRT-server-mysql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-oracle.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-iis.rules****
>>>
>>>         Extracted: /tha_rules/VRT-app-detect.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-multimedia.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pop2.rules****
>>>
>>>         Extracted: /tha_rules/VRT-bad-traffic.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-cgi.rules****
>>>
>>> Prepping rules from snortrules-snapshot-2940.tar.gz for work....****
>>>
>>>         extracting contents of
>>> d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...****
>>>
>>>         Ignoring plaintext rules: deleted.rules****
>>>
>>>         Ignoring plaintext rules: experimental.rules****
>>>
>>>         Ignoring plaintext rules: local.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-adware.rules****
>>>
>>>         Extracted: /tha_rules/VRT-misc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-backdoor.rules****
>>>
>>>         Extracted: /tha_rules/VRT-indicator-compromise.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-pdf.rules****
>>>
>>>         Extracted: /tha_rules/VRT-content-replace.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-identify.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-webkit.rules****
>>>
>>>         Extracted: /tha_rules/VRT-specific-threats.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-office.rules****
>>>
>>>         Extracted: /tha_rules/VRT-rpc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-dns.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-snmp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-coldfusion.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-voip.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-image.rules****
>>>
>>>         Extracted: /tha_rules/VRT-chat.rules****
>>>
>>>         Extracted: /tha_rules/VRT-voip.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-solaris.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-mssql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pop3.rules****
>>>
>>>         Extracted: /tha_rules/VRT-preprocessor.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-social.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-ftp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-webapp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-oracle.rules****
>>>
>>>         Extracted: /tha_rules/VRT-scada.rules****
>>>
>>>         Extracted: /tha_rules/VRT-other-ids.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-apache.rules****
>>>
>>>         Extracted: /tha_rules/VRT-sql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-icmp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-multimedia.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-p2p.rules****
>>>
>>>         Extracted: /tha_rules/VRT-info.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-mail.rules****
>>>
>>>         Extracted: /tha_rules/VRT-netbios.rules****
>>>
>>>         Extracted: /tha_rules/VRT-smtp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-icmp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-sensitive-data.rules****
>>>
>>>         Extracted: /tha_rules/VRT-indicator-shellcode.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-iis.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-finger.rules****
>>>
>>>         Extracted: /tha_rules/VRT-botnet-cnc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pua-toolbars.rules****
>>>
>>>         Extracted: /tha_rules/VRT-mysql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-virus.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-imap.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-cnc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-misc.rules****
>>>
>>>         Extracted: /tha_rules/VRT-tftp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-shellcode.rules****
>>>
>>>         Extracted: /tha_rules/VRT-blacklist.rules****
>>>
>>>         Extracted: /tha_rules/VRT-spyware-put.rules****
>>>
>>>         Extracted: /tha_rules/VRT-exploit.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-services.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-ie.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-windows.rules****
>>>
>>>         Extracted: /tha_rules/VRT-ddos.rules****
>>>
>>>         Extracted: /tha_rules/VRT-attack-responses.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-firefox.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-chrome.rules****
>>>
>>>         Extracted: /tha_rules/VRT-telnet.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-icmp-info.rules****
>>>
>>>         Extracted: /tha_rules/VRT-os-linux.rules****
>>>
>>>         Extracted: /tha_rules/VRT-indicator-obfuscation.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-spam.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-tools.rules****
>>>
>>>         Extracted: /tha_rules/VRT-x11.rules****
>>>
>>>         Extracted: /tha_rules/VRT-p2p.rules****
>>>
>>>         Extracted: /tha_rules/VRT-scan.rules****
>>>
>>>         Extracted: /tha_rules/VRT-ftp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-malware-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-php.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-activex.rules****
>>>
>>>         Extracted: /tha_rules/VRT-decoder.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-frontpage.rules****
>>>
>>>         Extracted: /tha_rules/VRT-rservices.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-executable.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-other.rules****
>>>
>>>         Extracted: /tha_rules/VRT-backdoor.rules****
>>>
>>>         Extracted: /tha_rules/VRT-multimedia.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-client.rules****
>>>
>>>         Extracted: /tha_rules/VRT-exploit-kit.rules****
>>>
>>>         Extracted: /tha_rules/VRT-protocol-pop.rules****
>>>
>>>         Extracted: /tha_rules/VRT-browser-plugins.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-attacks.rules****
>>>
>>>         Extracted: /tha_rules/VRT-imap.rules****
>>>
>>>         Extracted: /tha_rules/VRT-file-flash.rules****
>>>
>>>         Extracted: /tha_rules/VRT-nntp.rules****
>>>
>>>         Extracted: /tha_rules/VRT-dos.rules****
>>>
>>>         Extracted: /tha_rules/VRT-finger.rules****
>>>
>>>         Extracted: /tha_rules/VRT-phishing-spam.rules****
>>>
>>> No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
>>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>>
>>> Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
>>> d:\winids\pulledpork\pulledpork.pl line 293.****
>>>
>>>         Extracted:
>>> d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt****
>>>
>>>         Extracted: /tha_rules/VRT-server-mysql.rules****
>>>
>>>         Extracted: /tha_rules/VRT-oracle.rules****
>>>
>>>         Extracted: /tha_rules/VRT-server-iis.rules****
>>>
>>>         Extracted: /tha_rules/VRT-app-detect.rules****
>>>
>>>         Extracted: /tha_rules/VRT-policy-multimedia.rules****
>>>
>>>         Extracted: /tha_rules/VRT-pop2.rules****
>>>
>>>         Extracted: /tha_rules/VRT-bad-traffic.rules****
>>>
>>>         Extracted: /tha_rules/VRT-web-cgi.rules****
>>>
>>> Cleanup....****
>>>
>>>         removed 108 temporary snort files or directories from
>>> d:\winids\pulledpork\temp/tha_rules!****
>>>
>>> Fly Piggy Fly!****
>>>
>>> ** **
>>>
>>> Best regards,****
>>>
>>> Michael...****
>>>
>>> ** **
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Free Next-Gen Firewall Hardware Offer
>>> Buy your Sophos next-gen firewall before the end March 2013
>>> and get the hardware for free! Learn more.
>>> http://p.sf.net/sfu/sophos-d2d-feb
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>>
>> --
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire
>>
>>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130210/05703d2f/attachment.html>


More information about the Snort-users mailing list