[Snort-users] wget to snort.org fails; 301 redirect to 127.0.0.1

Tony Robinson deusexmachina667 at ...11827...
Fri Aug 15 12:28:00 EDT 2014


For the time being (Until Joel says this isn't an issue anymore) the
work-around is very simple:

wget --user-agent "you can put anything in here" snort.org

worked for me.


On Thu, Aug 14, 2014 at 4:36 PM, Joel Esler (jesler) <jesler at ...589...>
wrote:

>  Tony,
>
>  We’re looking into the issue.  We have a ticket open to see if we can
> resolve the issue.
>
>  --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Talos
>
>   On Aug 13, 2014, at 11:01 PM, Tony Robinson <deusexmachina667 at ...14459.....>
> wrote:
>
>  I can confirm that a wget to https://snort.org hangs indefinitely:
>
>  wget https://snort.org
> --2014-08-13 22:19:36--  https://snort.org/
> Resolving snort.org (snort.org)... 205.178.189.129
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:21:45--  (try: 2)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:23:54--  (try: 3)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:26:04--  (try: 4)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:28:16--  (try: 5)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:30:28--  (try: 6)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:32:41--  (try: 7)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:34:56--  (try: 8)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
> Connection timed out.
> Retrying.
>
> --2014-08-13 22:37:11--  (try: 9)  https://snort.org/
> Connecting to snort.org (snort.org)|205.178.189.129|:443... ^C
>
>  The hanging occurs regardless of whether or not I spoof the user-agent.
> I suspect you're correct in that the initial server that does the 301
> redirect has no listener on https (443/tcp). I CAN confirm that modifying
> the user-agent to something even dumber than my example above (e.g. wget
> --user-agent "wgetbypass" snort.org) works perfectly; follows 301,
> downloads index page as needed. I could just as easily modify my code to
> add a spoofed user-agent to wget, but I'd really like to hear from the
> snort.org crew why this is a thing and if I'm in violation of some user
> agreement/ToS if I bypass this.
>
>
> On Wed, Aug 13, 2014 at 10:51 PM, Jefferson Diego Gomes Rosa <
> jeffersondiego8 at ...11827...> wrote:
>
>> As you can see on "Moved Permanently", http://snort.org has just a
>> redirect to https://www.snort.org.
>>
>> https://snort.org hangs until timeout is reached because there is no
>> service really listening on 443 port of this address.
>>
>> I don't know why just wget's user-agent is redirected to localhost , but
>> you can still use wget directly with https://www.snort.org:
>>
>> wget -c https://www.snort.org
>>
>>
>> 2014-08-13 23:02 GMT-03:00 Tony Robinson <deusexmachina667 at ...11827...>:
>>
>>>  Title says it all. Anyone notice this recently?
>>>
>>> wget snort.org
>>> --2014-08-13 21:42:39--  http://snort.org/
>>> Resolving snort.org (snort.org)... 205.178.189.129
>>> Connecting to snort.org (snort.org)|205.178.189.129|:80... connected.
>>> HTTP request sent, awaiting response... 301 Moved Permanently
>>> Location: http://127.0.0.1 [following]
>>> --2014-08-13 21:42:39--  http://127.0.0.1/
>>> Connecting to 127.0.0.1:80...
>>>
>>> If I fake the user-agent with ANYTHING, it's successful:
>>>
>>> wget --user-agent "toteslegitnotafakeUA" snort.org
>>> --2014-08-13 21:49:23--  http://snort.org/
>>> Resolving snort.org (snort.org)... 205.178.189.129
>>> Connecting to snort.org (snort.org)|205.178.189.129|:80... connected.
>>> HTTP request sent, awaiting response... 301 Moved Permanently
>>> Location: http://www.snort.org [following]
>>> --2014-08-13 21:49:23--  http://www.snort.org/
>>> Resolving www.snort.org (www.snort.org)... 50.19.124.119,
>>> 54.225.152.149, 54.243.242.66
>>> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80...
>>> connected.
>>> HTTP request sent, awaiting response... 301 Moved Permanently
>>> Location: https://www.snort.org/ [following]
>>> --2014-08-13 21:49:24--  https://www.snort.org/
>>> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443...
>>> connected.
>>> HTTP request sent, awaiting response... 200 OK
>>> Length: 34907 (34K) [text/html]
>>> Saving to: `index.html'
>>>
>>> 100%[================================================================>]
>>> 34,907      --.-K/s   in 0.02s
>>>
>>> 2014-08-13 21:49:24 (1.76 MB/s) - `index.html' saved [34907/34907]
>>>
>>> Cursory glance I would guess .htaccess is blacklisting wget as a
>>> user-agent.
>>>
>>> Is there a reason for this? I use wget to pull the index page and
>>> determine the current version of snort to download from the page. I
>>> don't repeatedly do this, only when installing  Snort on a new
>>> machine.
>>>
>>> Too long;didn't read:
>>> wget to snort.org redirects to localhost.
>>> wget to snort.org with any other user-agent results in happy index.html
>>> wget to https://snort.org no user-agent modification hangs until
>>> timeout is reached.
>>>
>>> why is this a thing?
>>>
>>> --
>>> when does reality end? when does fantasy begin?
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>>
>> --
>>
>>
>>    *Best Regards,*
>>
>>
>>
>>   Jefferson “*Diede”* Diego
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> when does reality end? when does fantasy begin?
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>


-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140815/d94a6e6e/attachment.html>


More information about the Snort-users mailing list