[Snort-users] Snort IP blacklist issue

Joel Esler (jesler) jesler at ...589...
Fri Aug 14 11:04:16 EDT 2015

You might want to update your copy of pulledpork to the latest version in git.  We’re moving the blacklist off of labs.snort.org<http://labs.snort.org>

Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group

On Aug 14, 2015, at 10:25 AM, ha dinhphu <hadinhphu at ...11827...<mailto:hadinhphu at ...11827...>> wrote:

Good morning,

I followed the post on this webpage to install Snort on my linux box.


However, on step 5, installing PulledPork for snort.


I got the following error while I tried to run this command: "sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l"

Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
Rules tarball download of snortrules-snapshot-2975.tar.gz....
    They Match
Checking latest MD5 for community-rules.tar.gz....
Rules tarball download of community-rules.tar.gz....
    They Match
IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/621.416477111296-black_list.rules - No such file or directory
 at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 487.
    main::read_iplist('HASH(0x1dd8148)', '/tmp/621.416477111296-black_list.rules') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 378
    main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', 'http://labs.snort.org/feeds/ip-filter.blf') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1856
I searched the internet for solution but did not find any. Any help would be greatly appreciated!
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150814/27a63e57/attachment.html>

More information about the Snort-users mailing list