<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
Steven,
<div>Please send me your <a href="http://snort.org">snort.org</a> login off list and Iíll take a look.</div>
<div><br>
</div>
<div><span style="font-family: 'Lucida Grande';">--</span><br>
<span style="font-family: 'Lucida Grande';"><b>Joel Esler</b></span><br>
<span style="font-family: 'Lucida Grande';">Open Source Manager</span><br>
<span style="font-family: 'Lucida Grande';">Threat Intelligence Team Lead</span><br>
<span style="font-family: 'Lucida Grande';">Vulnerability Research Team</span></div>
<div><font face="Lucida Grande"><br>
</font>
<div>
<div>On Apr 7, 2014, at 5:28 PM, Vona, Steven A CIV NSWCCD Philadelphia, 34117 <<a href="mailto:steven.vona@...7622...">steven.vona@...7622...</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">I have verified this by copying it into a browser window and it works fine.<br>
<br>
Thanks<br>
-steve<br>
<br>
-----Original Message-----<br>
From: Joe Evango [<a href="mailto:Joe.Evango@...16755...">mailto:Joe.Evango@...16755...</a>]
<br>
Sent: Monday, April 07, 2014 4:31 PM<br>
To: Vona, Steven A CIV NSWCCD Philadelphia, 34117<br>
Cc: <a href="mailto:snort-users@lists.sourceforge.net">snort-users@...8192...sourceforge.net</a><br>
Subject: RE: [Snort-users] Pulled Pork - 403 error for subscriber<br>
<br>
The site will return a 403 error if your oinkcode isn't entered correctly. Disregard if you have already verified this.<br>
<br>
-Joe<br>
<br>
-----Original Message-----<br>
From: Vona, Steven A CIV NSWCCD Philadelphia, 34117 [<a href="mailto:steven.vona@...7622...">mailto:steven.vona@...7622...</a>]
<br>
Sent: Monday, April 07, 2014 12:58 PM<br>
To: Teo En Ming<br>
Cc: <a href="mailto:snort-users@lists.sourceforge.net">snort-users@...8192...sourceforge.net</a><br>
Subject: Re: [Snort-users] Pulled Pork - 403 error for subscriber<br>
<br>
I am a registered user and I also have an oinkcode in order to download the VRT rules.  <br>
<br>
Am I misunderstanding you?<br>
<br>
Steve<br>
<br>
-----Original Message-----<br>
From: Teo En Ming [<a href="mailto:teo.en.ming@...11827...">mailto:teo.en.ming@...11827...</a>]
<br>
Sent: Monday, April 07, 2014 3:56 PM<br>
To: Vona, Steven A CIV NSWCCD Philadelphia, 34117<br>
Cc: <a href="mailto:snort-users@lists.sourceforge.net">snort-users@...8192...sourceforge.net</a>; Teo En Ming<br>
Subject: Re: [Snort-users] Pulled Pork - 403 error for subscriber<br>
<br>
Dear Steven,<br>
<br>
<br>
You need to be a registered user to download Snort rules (snortrules-snapshot-2960.tar.<br>
gz) and its md5 checksum file (snortrules-snapshot-2960.tar.<br>
gz.md5). You need to create an account at the Snort official website and log in to download all these files. A log in to the Snort server is required. That is why you are experiencing a 403 Forbidden error with pulled-pork. The pulled-pork perl script cannot
 log in to the Snort server with your username and password and the md5 checksum file may not be available on the Snort server.<br>
<br>
<br>
Teo En Ming<br>
<br>
. <br>
<br>
<br>
<br>
On Tue, Apr 8, 2014 at 3:34 AM, Vona, Steven A CIV NSWCCD Philadelphia, 34117 <<a href="mailto:steven.vona@...7622...">steven.vona@...7622...</a>> wrote:<br>
<br>
<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Hello,<br>
<span class="Apple-tab-span" style="white-space:pre"></span>I have a current subscription for the latest snort rules but seem to be having issues with pulled pork.  I was unable to get any help from the pulled pork user group and was hoping I can get some here.<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>I receive a 403 error everytime I try to run pulled pork.  Verbose output below (some information was changed for security reasons).<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -vv<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>   <a href="http://code.google.com/p/pulledpork/">http://code.google.com/p/pulledpork/</a><br>
<span class="Apple-tab-span" style="white-space:pre"></span>     _____ ____<br>
<span class="Apple-tab-span" style="white-space:pre"></span>    `----,\    )<br>
<span class="Apple-tab-span" style="white-space:pre"></span>     `--==\\  /    PulledPork v0.7.0 - Swine Flu!<br>
<span class="Apple-tab-span" style="white-space:pre"></span>      `--==\\/<br>
<span class="Apple-tab-span" style="white-space:pre"></span>    .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings<br>
<span class="Apple-tab-span" style="white-space:pre"></span> @_/        /  66\_  <a href="mailto:cummingsj@...11827...">cummingsj@...11827...</a><br>
<span class="Apple-tab-span" style="white-space:pre"></span>   |    \   \   _(")<br>
<span class="Apple-tab-span" style="white-space:pre"></span>    \   /-| ||'--'  Rules give me wings!<br>
<span class="Apple-tab-span" style="white-space:pre"></span>     \_\  \_\\<br>
<span class="Apple-tab-span" style="white-space:pre"></span>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>Config File Variable Debug /etc/snort/pulledpork.conf<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       snort_path = /usr/local/bin/snort<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       black_list = /etc/snort/rules/iplists/default.blacklist<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       IPRVersion = /etc/snort/rules/iplists<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       rule_path = /etc/snort/rules/snort.rules<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       ignore = deleted.rules,experimental.rules,local.rules<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       snort_control = /usr/local/bin/snort_control<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       rule_url = ARRAY(0x125f388)<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       sid_msg_version = 1<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       sid_changelog = /var/log/sid_changes.log<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       sid_msg = /etc/snort/sid-msg.map<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       config_path = /etc/snort/snort.conf<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       temp_path = /tmp<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       distro = RHEL-6-0<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       version = 0.7.0<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       sorule_path = /usr/local/lib/snort_dynamicrules/<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       out_path = /etc/snort/rules/<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       local_rules = /etc/snort/rules/local.rules<br>
<span class="Apple-tab-span" style="white-space:pre"></span>MISC (CLI and Autovar) Variable Debug:<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       arch Def is: x86-64<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Config Path is: /etc/snort/pulledpork.conf<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Distro Def is: RHEL-6-0<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Disabled policy specified<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       local.rules path is: /etc/snort/rules/local.rules<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Rules file is: /etc/snort/rules/snort.rules<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       sid changes will be logged to: /var/log/sid_changes.log<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       sid-msg.map Output Path is: /etc/snort/sid-msg.map<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Snort Version is: 2.9.6.0<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Snort Config File: /etc/snort/snort.conf<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Snort Path is: /usr/local/bin/snort<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       SO Output Path is: /usr/local/lib/snort_dynamicrules/<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Will process SO rules<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Extra Verbose Flag is Set<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Verbose Flag is Set<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Base URL is: <a href="http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|">
http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|</a><MY OINKCODE><br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>MY HTTPS PROXY = <a href="http://webcache.mydomain.com:80">
http://webcache.mydomain.com:80</a><br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>MY HTTP PROXY = <a href="http://webcache.mydomain.com:80">
http://webcache.mydomain.com:80</a><br>
<span class="Apple-tab-span" style="white-space:pre"></span>Checking latest MD5 for snortrules-snapshot-2960.tar.gz....<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Fetching md5sum for: snortrules-snapshot-2960.tar.gz.md5<br>
<span class="Apple-tab-span" style="white-space:pre"></span>** GET <a href="https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/">
https://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5/</a><MY OINKCODE> ==> 403 Access Denied<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       A 403 error occurred, please wait for the 15 minute timeout<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       to expire before trying again or specify the -n runtime switch<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       You may also wish to verfiy your oinkcode, tarball name, and other configuration options<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       Error 403 when fetching
<a href="http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5">http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz.md5</a> at /usr/local/bin/pulledpork.pl line 463<br>
<span class="Apple-tab-span" style="white-space:pre"></span>       main::md5file('<MY OINKCODE>', 'snortrules-snapshot-2960.tar.gz', '/tmp/', '<a href="http://www.snort.org/reg-rules/'">http://www.snort.org/reg-rules/'</a>) called at /usr/local/bin/pulledpork.pl
 line 1847<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>------------------------------------------------------------------------------<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Put Bad Developers to Shame<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Dominate Development with Jenkins Continuous Integration<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Continuously Automate Build, Test & Deployment<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Start a new project now. Try Jenkins in the cloud.<br>
<span class="Apple-tab-span" style="white-space:pre"></span><a href="http://p.sf.net/sfu/13600_Cloudbees">http://p.sf.net/sfu/13600_Cloudbees</a><br>
<span class="Apple-tab-span" style="white-space:pre"></span>_______________________________________________<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Snort-users mailing list<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Snort-users@lists.sourceforge.net<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Go to this URL to change user options or unsubscribe:<br>
<span class="Apple-tab-span" style="white-space:pre"></span>https://lists.sourceforge.net/lists/listinfo/snort-users<br>
<span class="Apple-tab-span" style="white-space:pre"></span>Snort-users list archive:<br>
<span class="Apple-tab-span" style="white-space:pre"></span>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<span class="Apple-tab-span" style="white-space:pre"></span>Please visit http://blog.snort.org to stay current on all the latest Snort news!<br>
<span class="Apple-tab-span" style="white-space:pre"></span><br>
<br>
<br>
------------------------------------------------------------------------------<br>
Put Bad Developers to Shame<br>
Dominate Development with Jenkins Continuous Integration<br>
Continuously Automate Build, Test & Deployment <br>
Start a new project now. Try Jenkins in the cloud.<br>
http://p.sf.net/sfu/13600_Cloudbees_______________________________________________<br>
Snort-users mailing list<br>
Snort-users@lists.sourceforge.net<br>
Go to this URL to change user options or unsubscribe:<br>
https://lists.sourceforge.net/lists/listinfo/snort-users<br>
Snort-users list archive:<br>
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users<br>
<br>
Please visit http://blog.snort.org to stay current on all the latest Snort news!</blockquote>
</div>
<br>
</div>
</body>
</html>