[Snort-users] Snort IP blacklist issue

ha dinhphu hadinhphu at ...11827...
Fri Aug 14 12:21:26 EDT 2015


Hello Joel

I did as you said. Downloaded a new copy from github and replace my current
set up of pulledpork on my box. I followed the instruction from the site("
http://sublimerobots.com/2014/12/installing-snort-part-5/")
However, the result is like this:

Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
    They Match
    Done!
Checking latest MD5 for community-rules.tar.gz....
    They Match
    Done!
IP Blacklist download of
http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf..
..
Reading IP List...
Couldn't read /tmp/296.170136981772-black_list.rules - No such file or
directory
 at /usr/local/bin/pulledpork.pl line 540.
    main::read_iplist('HASH(0x15bd080)',
'/tmp/296.170136981772-black_list.rules') called at /usr/local/bin/
pulledpork.pl line 431
    main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', '
http://talosintel.com/files/additional_resources/ips_blacklis...') called
at /usr/local/bin/pulledpork.pl line 1946

On Fri, Aug 14, 2015 at 10:04 AM, Joel Esler (jesler) <jesler at ...589...>
wrote:

> You might want to update your copy of pulledpork to the latest version in
> git.  We’re moving the blacklist off of labs.snort.org
>
> --
> *Joel Esler*
> Manager, Threat Intelligence Team & Open Source
> Talos Group
> http://www.talosintel.com
>
> On Aug 14, 2015, at 10:25 AM, ha dinhphu <hadinhphu at ...11827...> wrote:
>
> Good morning,
>
> I followed the post on this webpage to install Snort on my linux box.
>
> http://sublimerobots.com/2014/12/installing-snort-part-1/
>
> However, on step 5, installing PulledPork for snort.
>
> http://sublimerobots.com/2014/12/installing-snort-part-5/
>
> I got the following error while I tried to run this command: "sudo
> /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l"
>
> --------------------------
> Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
> Rules tarball download of snortrules-snapshot-2975.tar.gz....
>     They Match
>     Done!
> Checking latest MD5 for community-rules.tar.gz....
> Rules tarball download of community-rules.tar.gz....
>     They Match
>     Done!
> IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
> Reading IP List...
> Couldn't read /tmp/621.416477111296-black_list.rules - No such file or
> directory
>  at /usr/local/bin/pulledpork.pl line 487.
>     main::read_iplist('HASH(0x1dd8148)',
> '/tmp/621.416477111296-black_list.rules') called at /usr/local/bin/
> pulledpork.pl line 378
>     main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', '
> http://labs.snort.org/feeds/ip-filter.blf') called at /usr/local/bin/
> pulledpork.pl line 1856
> ------------------------------
> I searched the internet for solution but did not find any. Any help would
> be greatly appreciated!
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150814/a43b6025/attachment.html>


More information about the Snort-users mailing list