[Snort-users] wget to snort.org fails; 301 redirect to 127.0.0.1

Tony Robinson deusexmachina667 at ...11827...
Fri Aug 15 15:20:57 EDT 2014


always the simple solution! thanks! I owe your team more beer.


On Fri, Aug 15, 2014 at 12:29 PM, Joel Esler (jesler) <jesler at ...589...>
wrote:

>  Or you could use www.snort.org, instead of the naked domain.
>
>  On Aug 15, 2014, at 12:28 PM, Tony Robinson <deusexmachina667 at ...14542....>
> wrote:
>
>  For the time being (Until Joel says this isn't an issue anymore) the
> work-around is very simple:
>
> wget --user-agent "you can put anything in here" snort.org
>
> worked for me.
>
>
> On Thu, Aug 14, 2014 at 4:36 PM, Joel Esler (jesler) <jesler at ...589...>
> wrote:
>
>> Tony,
>>
>>  We’re looking into the issue.  We have a ticket open to see if we can
>> resolve the issue.
>>
>>  --
>> *Joel Esler*
>> Open Source Manager
>> Threat Intelligence Team Lead
>> Talos
>>
>>   On Aug 13, 2014, at 11:01 PM, Tony Robinson <deusexmachina667 at ...13704......>
>> wrote:
>>
>>  I can confirm that a wget to https://snort.org hangs indefinitely:
>>
>>  wget https://snort.org
>> --2014-08-13 22:19:36--  https://snort.org/
>> Resolving snort.org (snort.org)... 205.178.189.129
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:21:45--  (try: 2)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:23:54--  (try: 3)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:26:04--  (try: 4)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:28:16--  (try: 5)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:30:28--  (try: 6)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:32:41--  (try: 7)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:34:56--  (try: 8)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... failed:
>> Connection timed out.
>> Retrying.
>>
>> --2014-08-13 22:37:11--  (try: 9)  https://snort.org/
>> Connecting to snort.org (snort.org)|205.178.189.129|:443... ^C
>>
>>  The hanging occurs regardless of whether or not I spoof the user-agent.
>> I suspect you're correct in that the initial server that does the 301
>> redirect has no listener on https (443/tcp). I CAN confirm that modifying
>> the user-agent to something even dumber than my example above (e.g. wget
>> --user-agent "wgetbypass" snort.org) works perfectly; follows 301,
>> downloads index page as needed. I could just as easily modify my code to
>> add a spoofed user-agent to wget, but I'd really like to hear from the
>> snort.org crew why this is a thing and if I'm in violation of some user
>> agreement/ToS if I bypass this.
>>
>>
>> On Wed, Aug 13, 2014 at 10:51 PM, Jefferson Diego Gomes Rosa <
>> jeffersondiego8 at ...11827...> wrote:
>>
>>> As you can see on "Moved Permanently", http://snort.org has just a
>>> redirect to https://www.snort.org.
>>>
>>> https://snort.org hangs until timeout is reached because there is no
>>> service really listening on 443 port of this address.
>>>
>>> I don't know why just wget's user-agent is redirected to localhost , but
>>> you can still use wget directly with https://www.snort.org:
>>>
>>> wget -c https://www.snort.org
>>>
>>>
>>> 2014-08-13 23:02 GMT-03:00 Tony Robinson <deusexmachina667 at ...11827...>:
>>>
>>>>  Title says it all. Anyone notice this recently?
>>>>
>>>> wget snort.org
>>>> --2014-08-13 21:42:39--  http://snort.org/
>>>> Resolving snort.org (snort.org)... 205.178.189.129
>>>> Connecting to snort.org (snort.org)|205.178.189.129|:80... connected.
>>>> HTTP request sent, awaiting response... 301 Moved Permanently
>>>> Location: http://127.0.0.1 [following]
>>>> --2014-08-13 21:42:39--  http://127.0.0.1/
>>>> Connecting to 127.0.0.1:80...
>>>>
>>>> If I fake the user-agent with ANYTHING, it's successful:
>>>>
>>>> wget --user-agent "toteslegitnotafakeUA" snort.org
>>>> --2014-08-13 21:49:23--  http://snort.org/
>>>> Resolving snort.org (snort.org)... 205.178.189.129
>>>> Connecting to snort.org (snort.org)|205.178.189.129|:80... connected.
>>>> HTTP request sent, awaiting response... 301 Moved Permanently
>>>> Location: http://www.snort.org [following]
>>>> --2014-08-13 21:49:23--  http://www.snort.org/
>>>> Resolving www.snort.org (www.snort.org)... 50.19.124.119,
>>>> 54.225.152.149, 54.243.242.66
>>>> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:80...
>>>> connected.
>>>> HTTP request sent, awaiting response... 301 Moved Permanently
>>>> Location: https://www.snort.org/ [following]
>>>> --2014-08-13 21:49:24--  https://www.snort.org/
>>>> Connecting to www.snort.org (www.snort.org)|50.19.124.119|:443...
>>>> connected.
>>>> HTTP request sent, awaiting response... 200 OK
>>>> Length: 34907 (34K) [text/html]
>>>> Saving to: `index.html'
>>>>
>>>> 100%[================================================================>]
>>>> 34,907      --.-K/s   in 0.02s
>>>>
>>>> 2014-08-13 21:49:24 (1.76 MB/s) - `index.html' saved [34907/34907]
>>>>
>>>> Cursory glance I would guess .htaccess is blacklisting wget as a
>>>> user-agent.
>>>>
>>>> Is there a reason for this? I use wget to pull the index page and
>>>> determine the current version of snort to download from the page. I
>>>> don't repeatedly do this, only when installing  Snort on a new
>>>> machine.
>>>>
>>>> Too long;didn't read:
>>>> wget to snort.org redirects to localhost.
>>>> wget to snort.org with any other user-agent results in happy index.html
>>>> wget to https://snort.org no user-agent modification hangs until
>>>> timeout is reached.
>>>>
>>>> why is this a thing?
>>>>
>>>> --
>>>> when does reality end? when does fantasy begin?
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>>    *Best Regards,*
>>>
>>>
>>>
>>>   Jefferson “*Diede”* Diego
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> when does reality end? when does fantasy begin?
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>
>
> --
> when does reality end? when does fantasy begin?
>
>
>


-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140815/b1afcd25/attachment.html>


More information about the Snort-users mailing list