[Snort-users] pulledpork rule update 403 error

Jeffrey J. Nucciarone nucci at ...16523...
Wed Sep 4 11:15:54 EDT 2013


I'm running pulledpork 0.6.1 to obtain the new rules but I get the following
error:

 

Checking latest MD5 for snortrules-snapshot-2953.tar.gz....

        A 403 error occurred, please wait for the 15 minute timeout

        to expire before trying again or specify the -n runtime switch

        You may also wish to verfiy your oinkcode, tarball name, and other
configuration options

 

I tried to run a manual wget and it too failed:

 

Command:

 

wget https://www.snort.org/reg-rules/snortrules-snapshot-2953.tar.gz.md5/
<https://www.snort.org/reg-rules/snortrules-snapshot-2953.tar.gz.md5/%3cmy>
<my oinkcode here> -O /tmp/snortrules-snapshot-2953.tar.gz.md5

 

Result:

 

Resolving www.snort.org (www.snort.org)... 23.23.143.164

Connecting to www.snort.org (www.snort.org)|23.23.143.164|:443... connected.

HTTP request sent, awaiting response... 403 Forbidden

2013-09-04 15:11:51 ERROR 403: Forbidden.

 

A manual wget for the 2946 rules did work:

 

Comand:  wget
https://www.snort.org/reg-rules/snortrules-snapshot-2946.tar.gz.md5/
<https://www.snort.org/reg-rules/snortrules-snapshot-2946.tar.gz.md5/%3cmy>
<my oinkcode here> -O snortrules-snapshot-2946.tar.gz.md5

 

 

Result:

--2013-09-04 15:12:47--
https://www.snort.org/reg-rules/snortrules-snapshot-2946.tar.gz.md5/
<https://www.snort.org/reg-rules/snortrules-snapshot-2946.tar.gz.md5/%3cmyoi
nkcode> <myoinkcode here>

Resolving www.snort.org (www.snort.org)... 23.23.143.164

Connecting to www.snort.org (www.snort.org)|23.23.143.164|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 32 [text/plain]

Saving to: `snortrules-snapshot-2946.tar.gz.md5'

 

100%[======================================>] 32          --.-K/s   in 0s


 

2013-09-04 15:12:48 (22.4 MB/s) - `snortrules-snapshot-2946.tar.gz.md5'
saved [32/32]

 

Curious I opened a browser and tried to get the latest and greatest. I input
the URL (including my oinkcode) and saw the following:

 

Snort.org Rule Pack Download Error:

      --------------------------

      Subscription: false

      --------------------------

      No rule pack with this filename is available to you.

      --------------------------

 

Substituting the URL for the 2946 rules resulted in a download.

 

Would my oinkcode not be eligible for the latest rules? Do I need to update?
I don't have a paid subscription so are the new rules only for paid
subscribers?

 

Still kind of new to this..

 

Thanks,

 

--Jeff

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130904/a01b83f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4172 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130904/a01b83f8/attachment.bin>


More information about the Snort-users mailing list