[Snort-users] Error rules update

Jeremy Hoel jthoel at ...11827...
Wed Apr 30 17:32:48 EDT 2014


You can not use the 2.9.6.1 ruleset unless you are paying for VRT rules.
 The registered community ruleset is 30 days behind.  The options are to
use the 2.9.6.0 ruleset until 2.9.6.1 comes out, or pay for VRT rules.




On Wed, Apr 30, 2014 at 8:28 PM, Michel Renard <mich at ...16829...> wrote:

>  hello
>
>
> you have an idea for a tip tell me how it's done, from pulledpork
>
>
> -----Message initial-----
> *De:* Jeremy Hoel <jthoel at ...11827...>
> *Envoyé:* mercredi 30 avril 2014 22:20
> *À:* Michel Renard <mich at ...16829...>
> *Cc:* Joel Esler (jesler) <jesler at ...589...>;
> snort-users at lists.sourceforge.net
>
> *Sujet:* Re: [Snort-users] Error rules update
>
> 2.9.6.1 is unavailable for registered users for 30 days after the release.
>
>
> Joel mentioned that a few days ago:
>
> [Snort-sigs] vrt rules snapshot 2961 are unavailable for reg-users
> "Correct.  2.9.6.1 will not be available to registered users for due to
> the 30 day rule currently in effect. "
>
>
>
>
> On Wed, Apr 30, 2014 at 8:01 PM, Michel Renard <mich at ...16829...> wrote:
>
>>  hello
>>
>> either I'm stupid or I'm off base
>>
>> I updated with snort
>>
>> but I always have this error when updating rules
>>
>> thank you for your help
>>
>> /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l
>>
>>
>>     http://code.google.com/p/pulledpork/
>>       _____ ____
>>      `----,\    )
>>       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>>        `--==\\/
>>      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>>   @_/        /  66\_  cummingsj at ...11827...
>>     |    \   \   _(")
>>      \   /-| ||'--'  Rules give me wings!
>>       \_\  \_\\
>>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
>>     Error 500 when fetching
>> https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5 at
>> /usr/local/bin/pulledpork.pl line 463
>>     main::md5file('<oinkcode>', 'snortrules-snapshot-2961.tar.gz',
>> '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/
>> pulledpork.pl line 184
>>
>>
>>
>> Michel
>>
>> -----Message initial-----
>> *De:* Joel Esler (jesler) <jesler at ...589...>
>> *Envoyé:* mercredi 30 avril 2014 21:35
>> *À:* Jeremy Hoel <jthoel at ...11827...>
>> *Cc:* snort-users at lists.sourceforge.net
>> *Sujet:* Re: [Snort-users] Error rules update
>>
>>
>>  Dear Basant,
>>
>> In order to look into this issue, I am going to need your Snort.orgusername and email address.  Please feel free to email me directly with
>> that information.
>>
>>  --
>> *Joel Esler*
>> Open Source Manager
>> Threat Intelligence Team Lead
>> Vulnerability Research Team
>>
>>
>>  On Apr 30, 2014, at 2:53 PM, Jeremy Hoel <jthoel at ...11827...> wrote:
>>
>>  pulledpork uses by default the version of snort that you have
>> installed.  newer versions of the rulesets won't run on your old install.
>>
>>  If you mean that you manually set the snort version in the pulledpork
>> config and you are still getting the errors, do you have your oink code set
>> properly and/or are you using a http proxy?
>>
>>
>>
>>
>> On Wed, Apr 30, 2014 at 6:24 PM, basant subba <basantsubba at ...11827...>wrote:
>>
>>> It doesn't work for snortrules-snapshot-2946.tar.gz<http://snort.org/downloads/2866>,
>>> snortrules-snapshot-2956.tar.gz <http://snort.org/downloads/2866> and
>>> snortrules-snapshot-2960.tar.gz <http://snort.org/downloads/2866> which
>>> are all listed in Registered User list in Snort home-page. Getting the same
>>> error. How to get over this problem? Have been stuck up with this problem
>>> for quite sometime now.
>>>
>>>
>>> On Wed, Apr 30, 2014 at 9:11 PM, waldo kitty <wkitty42 at ...14940...>wrote:
>>>
>>>> On 4/30/2014 11:00 AM, Michel Renard wrote:
>>>> > https://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz.md5at
>>>>
>>>> there's your problem right there... 2.9.3.1 is no longer supported as
>>>> it is EoL
>>>> (End of Life)... it has been EoL since 2013 Sep 30...
>>>>
>>>>
>>>> http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html
>>>>
>>>>
>>>>
>>>> --
>>>> NOTE: No off-list assistance is given without prior approval.
>>>>        Please keep mailing list traffic on the list unless
>>>>        private contact is specifically requested and granted.
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>>> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>>>> unparalleled scalability from the best Selenium testing platform
>>>> available.
>>>> Simple to use. Nothing to install. Get started now for free."
>>>> http://p.sf.net/sfu/SauceLabs
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>>> unparalleled scalability from the best Selenium testing platform
>>> available.
>>> Simple to use. Nothing to install. Get started now for free."
>>> http://p.sf.net/sfu/SauceLabs
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>> unparalleled scalability from the best Selenium testing platform
>> available.
>> Simple to use. Nothing to install. Get started now for free."
>>
>> http://p.sf.net/sfu/SauceLabs_______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>  ------------------------------------------------------------------------------
>>
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>>
>> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>>
>> unparalleled scalability from the best Selenium testing platform available.
>>
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>>
>> _______________________________________________
>>
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>>
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>>
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>
>>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140430/ff64752a/attachment.html>


More information about the Snort-users mailing list