[Snort-users] Error rules update

Jeremy Hoel jthoel at ...11827...
Wed Apr 30 16:19:20 EDT 2014


2.9.6.1 is unavailable for registered users for 30 days after the release.

Joel mentioned that a few days ago:

[Snort-sigs] vrt rules snapshot 2961 are unavailable for reg-users
"Correct.  2.9.6.1 will not be available to registered users for due to the
30 day rule currently in effect. "




On Wed, Apr 30, 2014 at 8:01 PM, Michel Renard <mich at ...16829...> wrote:

>  hello
>
> either I'm stupid or I'm off base
>
> I updated with snort
>
> but I always have this error when updating rules
>
> thank you for your help
>
> /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l
>
>
>     http://code.google.com/p/pulledpork/
>       _____ ____
>      `----,\    )
>       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>        `--==\\/
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>   @_/        /  66\_  cummingsj at ...11827...
>     |    \   \   _(")
>      \   /-| ||'--'  Rules give me wings!
>       \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
>     Error 500 when fetching
> https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5 at
> /usr/local/bin/pulledpork.pl line 463
>     main::md5file('<oinkcode>', 'snortrules-snapshot-2961.tar.gz',
> '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/
> pulledpork.pl line 184
>
>
>
> Michel
>
> -----Message initial-----
> *De:* Joel Esler (jesler) <jesler at ...589...>
> *Envoyé:* mercredi 30 avril 2014 21:35
> *À:* Jeremy Hoel <jthoel at ...11827...>
> *Cc:* snort-users at lists.sourceforge.net
> *Sujet:* Re: [Snort-users] Error rules update
>
>
>  Dear Basant,
>
> In order to look into this issue, I am going to need your Snort.orgusername and email address.  Please feel free to email me directly with
> that information.
>
>  --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Vulnerability Research Team
>
>
>  On Apr 30, 2014, at 2:53 PM, Jeremy Hoel <jthoel at ...11827...> wrote:
>
>  pulledpork uses by default the version of snort that you have installed.
>  newer versions of the rulesets won't run on your old install.
>
>  If you mean that you manually set the snort version in the pulledpork
> config and you are still getting the errors, do you have your oink code set
> properly and/or are you using a http proxy?
>
>
>
>
> On Wed, Apr 30, 2014 at 6:24 PM, basant subba <basantsubba at ...11827...>wrote:
>
>> It doesn't work for snortrules-snapshot-2946.tar.gz<http://snort.org/downloads/2866>,
>> snortrules-snapshot-2956.tar.gz <http://snort.org/downloads/2866> and
>> snortrules-snapshot-2960.tar.gz <http://snort.org/downloads/2866> which
>> are all listed in Registered User list in Snort home-page. Getting the same
>> error. How to get over this problem? Have been stuck up with this problem
>> for quite sometime now.
>>
>>
>> On Wed, Apr 30, 2014 at 9:11 PM, waldo kitty <wkitty42 at ...14940...>wrote:
>>
>>> On 4/30/2014 11:00 AM, Michel Renard wrote:
>>> > https://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz.md5 at
>>>
>>> there's your problem right there... 2.9.3.1 is no longer supported as it
>>> is EoL
>>> (End of Life)... it has been EoL since 2013 Sep 30...
>>>
>>> http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html
>>>
>>>
>>>
>>> --
>>> NOTE: No off-list assistance is given without prior approval.
>>>        Please keep mailing list traffic on the list unless
>>>        private contact is specifically requested and granted.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>>> unparalleled scalability from the best Selenium testing platform
>>> available.
>>> Simple to use. Nothing to install. Get started now for free."
>>> http://p.sf.net/sfu/SauceLabs
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>> unparalleled scalability from the best Selenium testing platform
>> available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
>
> http://p.sf.net/sfu/SauceLabs_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>  ------------------------------------------------------------------------------
>
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>
> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>
> unparalleled scalability from the best Selenium testing platform available.
>
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
>
> _______________________________________________
>
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140430/9c9e5652/attachment.html>


More information about the Snort-users mailing list