[Snort-users] Pulled Pork - 403 error for subscriber

Joe Evango Joe.Evango at ...16755...
Mon Apr 7 16:31:18 EDT 2014

The site will return a 403 error if your oinkcode isn't entered correctly. Disregard if you have already verified this.


-----Original Message-----
From: Vona, Steven A CIV NSWCCD Philadelphia, 34117 [mailto:steven.vona at ...979...7622...] 
Sent: Monday, April 07, 2014 12:58 PM
To: Teo En Ming
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Pulled Pork - 403 error for subscriber

I am a registered user and I also have an oinkcode in order to download the VRT rules.  

Am I misunderstanding you?


-----Original Message-----
From: Teo En Ming [mailto:teo.en.ming at ...11827...] 
Sent: Monday, April 07, 2014 3:56 PM
To: Vona, Steven A CIV NSWCCD Philadelphia, 34117
Cc: snort-users at lists.sourceforge.net; Teo En Ming
Subject: Re: [Snort-users] Pulled Pork - 403 error for subscriber

Dear Steven,

You need to be a registered user to download Snort rules (snortrules-snapshot-2960.tar.
gz) and its md5 checksum file (snortrules-snapshot-2960.tar.
gz.md5). You need to create an account at the Snort official website and log in to download all these files. A log in to the Snort server is required. That is why you are experiencing a 403 Forbidden error with pulled-pork. The pulled-pork perl script cannot log in to the Snort server with your username and password and the md5 checksum file may not be available on the Snort server.

Teo En Ming


On Tue, Apr 8, 2014 at 3:34 AM, Vona, Steven A CIV NSWCCD Philadelphia, 34117 <steven.vona at ...7622...> wrote:

	I have a current subscription for the latest snort rules but seem to be having issues with pulled pork.  I was unable to get any help from the pulled pork user group and was hoping I can get some here.
	I receive a 403 error everytime I try to run pulled pork.  Verbose output below (some information was changed for security reasons).
	/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv
	      _____ ____
	     `----,\    )
	      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
	     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
	  @_/        /  66\_  cummingsj at ...11827...
	    |    \   \   _(")
	     \   /-| ||'--'  Rules give me wings!
	      \_\  \_\\
	Config File Variable Debug /etc/snort/pulledpork.conf
	        snort_path = /usr/local/bin/snort
	        black_list = /etc/snort/rules/iplists/default.blacklist
	        IPRVersion = /etc/snort/rules/iplists
	        rule_path = /etc/snort/rules/snort.rules
	        ignore = deleted.rules,experimental.rules,local.rules
	        snort_control = /usr/local/bin/snort_control
	        rule_url = ARRAY(0x125f388)
	        sid_msg_version = 1
	        sid_changelog = /var/log/sid_changes.log
	        sid_msg = /etc/snort/sid-msg.map
	        config_path = /etc/snort/snort.conf
	        temp_path = /tmp
	        distro = RHEL-6-0
	        version = 0.7.0
	        sorule_path = /usr/local/lib/snort_dynamicrules/
	        out_path = /etc/snort/rules/
	        local_rules = /etc/snort/rules/local.rules
	MISC (CLI and Autovar) Variable Debug:
	        arch Def is: x86-64
	        Config Path is: /etc/snort/pulledpork.conf
	        Distro Def is: RHEL-6-0
	        Disabled policy specified
	        local.rules path is: /etc/snort/rules/local.rules
	        Rules file is: /etc/snort/rules/snort.rules
	        sid changes will be logged to: /var/log/sid_changes.log
	        sid-msg.map Output Path is: /etc/snort/sid-msg.map
	        Snort Version is:
	        Snort Config File: /etc/snort/snort.conf
	        Snort Path is: /usr/local/bin/snort
	        SO Output Path is: /usr/local/lib/snort_dynamicrules/
	        Will process SO rules
	        Extra Verbose Flag is Set
	        Verbose Flag is Set
	        Base URL is: http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<MY OINKCODE>
	MY HTTPS PROXY = http://webcache.mydomain.com:80
	MY HTTP PROXY = http://webcache.mydomain.com:80
	Checking latest MD5 for snortrules-snapshot-2960.tar.gz....
	        Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5
	** GET https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/<MY OINKCODE> ==> 403 Access Denied
	        A 403 error occurred, please wait for the 15 minute timeout
	        to expire before trying again or specify the -n runtime switch
	        You may also wish to verfiy your oinkcode, tarball name, and other configuration options
	        Error 403 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463
	        main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847
	Put Bad Developers to Shame
	Dominate Development with Jenkins Continuous Integration
	Continuously Automate Build, Test & Deployment
	Start a new project now. Try Jenkins in the cloud.
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
	Snort-users list archive:
	Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list