[Snort-users] Error rules update

Michel Renard mich at ...16829...
Wed Apr 30 16:28:40 EDT 2014


hello


you have an idea for a tip tell me how it's done, from pulledpork


-----Message initial-----
De: Jeremy Hoel <jthoel at ...11827...>
Envoyé: mercredi 30 avril 2014 22:20
À: Michel Renard <mich at ...16829...>
Cc: Joel Esler (jesler) <jesler at ...589...>; snort-users at ...973...et
Sujet: Re: [Snort-users] Error rules update

2.9.6.1 is unavailable for registered users for 30 days after the release.  

Joel mentioned that a few days ago:

[Snort-sigs] vrt rules snapshot 2961 are unavailable for reg-users
"Correct.  2.9.6.1 will not be available to registered users for due to the 30 day rule currently in effect. "




On Wed, Apr 30, 2014 at 8:01 PM, Michel Renard <mich at ...16829... <mailto:mich at ...16829...> > wrote:
 
hello

either I'm stupid or I'm off base 

I updated with snort 

but I always have this error when updating rules 

thank you for your help
 
/usr/local/bin/pulledpork.pl <http://pulledpork.pl> -c /etc/snort/pulledpork.conf -T -l


    http://code.google.com/p/pulledpork/ <http://code.google.com/p/pulledpork/> 
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827... <mailto:cummingsj at ...11827...> 
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
    Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5 at /usr/local/bin/pulledpork.pl <http://pulledpork.pl> line 463
    main::md5file('<oinkcode>', 'snortrules-snapshot-2961.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl <http://pulledpork.pl> line 184



Michel
-----Message initial-----
De: Joel Esler (jesler) <jesler at ...589... <mailto:jesler at ...589...> >
Envoyé: mercredi 30 avril 2014 21:35
À: Jeremy Hoel <jthoel at ...11827... <mailto:jthoel at ...11827...> >
Cc: snort-users at lists.sourceforge.net <mailto:snort-users at ...5870....net> 
Sujet: Re: [Snort-users] Error rules update


Dear Basant,

In order to look into this issue, I am going to need yourSnort.org <http://Snort.org> username and email address.  Please feel free to email me directly with that information.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team


On Apr 30, 2014, at 2:53 PM, Jeremy Hoel <jthoel at ...11827... <mailto:jthoel at ...11827...> > wrote:

pulledpork uses by default the version of snort that you have installed.  newer versions of the rulesets won't run on your old install.

If you mean that you manually set the snort version in the pulledpork config and you are still getting the errors, do you have your oink code set properly and/or are you using a http proxy?




On Wed, Apr 30, 2014 at 6:24 PM, basant subba <basantsubba at ...11827... <mailto:basantsubba at ...11827...> > wrote:
It doesn't work for snortrules-snapshot-2946.tar.gz <http://snort.org/downloads/2866> , snortrules-snapshot-2956.tar.gz <http://snort.org/downloads/2866> and snortrules-snapshot-2960.tar.gz <http://snort.org/downloads/2866> which are all listed in Registered User list in Snort home-page. Getting the same error. How to get over this problem? Have been stuck up with this problem for quite sometime now.


On Wed, Apr 30, 2014 at 9:11 PM, waldo kitty <wkitty42 at ...14940... <mailto:wkitty42 at ...14940...> > wrote:
On 4/30/2014 11:00 AM, Michel Renard wrote:
> https://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz.md5 at

there's your problem right there... 2.9.3.1 is no longer supported as it is EoL
(End of Life)... it has been EoL since 2013 Sep 30...

http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html <http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html> 



--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs> 
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net> 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> 

Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs> 
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net> 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> 

Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs_______________________________________________ <http://p.sf.net/sfu/SauceLabs_______________________________________________> 
Snort-users mailing list
Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net> 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> 

Please visit http://blog.snort.org <http://blog.snort.org> to stay current on all the latest Snort news!


------------------------------------------------------------------------------

"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE

Instantly run your Selenium tests across 300+ browser/OS combos.  Get 

unparalleled scalability from the best Selenium testing platform available.

Simple to use. Nothing to install. Get started now for free."

http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs> 


_______________________________________________

Snort-users mailing list

Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net> 

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> 



Please visit http://blog.snort.org <http://blog.snort.org>  to stay current on all the latest Snort news!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140430/68276569/attachment.html>


More information about the Snort-users mailing list