[Snort-users] Pulledpork error at blacklist download
snort-users at wintertreemedia.com
Wed May 2 14:17:02 EDT 2018
Please disregard this question. I was able to download a blacklist
manually for testing. I found that the latency is too high with this
machine, so we're going to need something with a faster processor that can
support a newer OS..
On Wed, May 2, 2018 at 1:13 PM, David Corsello <
snort-users at wintertreemedia.com> wrote:
> Much of this is related more to Linux than to Snort, but I'm hoping
> someone can offer help.
> I purchased a mini PC with decent specs to use as a Snort sensor. The one
> limitation that I missed prior to purchase is that the highest version of
> Ubuntu that it supports is 12.04.1. That OS is now installed. Snort
> 22.214.171.124 is installed and running. Pulledpork fails at the blacklist
> Pulledpork.conf contains the following:
> When run, it gives the following error:
> IP Blacklist download of https://talosintelligence.com/
> ** GET https://talosintelligence.com/documents/ip-blacklist ==> 500 Can't
> connect to talosintelligence.com:443
> Error downloading https://talosintelligence.com/documents/ip-blacklist:
> 500 Can't connect to talosintelligence.com:443 [ 500 ]
> GET from the command line gives the following error:
> root at IPS:~# GET "https://talosintelligence.com/documents/ip-blacklist|
> Can't connect to talosintelligence.com:443
> LWP::Protocol::https::Socket: SSL connect attempt failed with unknown
> errorerror:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
> protocol version at /usr/share/perl5/LWP/Protocol/http.pm line 51.Unable
> to establish SSL connection.
> Upgrading openssl to ver. 1.0.2o didn't fix this. I'm researching if it's
> possible to upgrade libwww-perl from ver 6.03 on Ubuntu 12.04.
> Any other suggestions?
> As a workaround, I tried to download the blacklist to an intermediate,
> hosted server, from which I would then have downloaded to the sensor using
> pulledpork. When I ran the GET command on the hosted server, I got the
> "The owner of this website (talosintelligence.com) has banned your access
> based on your browser's signature (414c086aabdc2312-ua24)."
> Does this mean that the oinkcode is now permanently banned from
> downloading the blacklist, or was only this access blocked?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users