Snort mailing list archives

Re: FW: Oinkmaster can't get rules

From: Jun Wan <junwei_wan () hotmail com>
Date: Tue, 27 Jul 2010 01:43:51 +0000


Hi JJC,

 

Thanks for the info, I did the following on my Windows XP:

 

C:\snort\pulledpork-0.3.4>pulledpork.pl -o c:\snort\rules -O a9xnnnxnnnxnxnnnxnnxnxnnnxnnxnxnxnxn....xnnnc -f 
snortrules-snap
shot-2.8.5.3.tar.gz -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m c:\snort\etc\sid-msg.map -h 
c:\snort\log\sid_changes.log -I security -H

 

Then I got the following:

 

Checking latest MD5....
        A 403 error occured, please wait for the 15 minute timeout
        to expire before trying again or specify the -n runtime switch
        Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2.8.5.3.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 269


Any info and help would be much appreciated.

 

Thanks 

 

Regards

 

John

 


Date: Mon, 26 Jul 2010 07:02:13 -0600
Subject: Re: [Snort-users] FW: Oinkmaster can't get rules
From: cummingsj () gmail com
To: junwei_wan () hotmail com
CC: snort-users () lists sourceforge net

You are attempting to retrieve an invalid tarball (snortrules-snapshot-2.8.tar.gz)..


you need to use one of the following at this time:
snortrules-snapshot-2853.tar.gz
snortrules-snapshot-2860.tar.gz
snortrules-snapshot-2861.tar.gz


Please take note also of what Nigel said, that the 2853 rules will remain for 90 days to give you time to upgrade!  And 
on another note, there is an updated version of pulledpork that has many bugfixes..


JJC










On Mon, Jul 26, 2010 at 12:28 AM, Jun Wan <junwei_wan () hotmail com> wrote:


Ok, I downloaded Pulled Pork v0.3.4, follow the "Readme", instead of using: 
./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \
-h /var/log/sid_changes.log -I security -H
 
I used this on my Windows XP:

C:\snort\pulledpork-0.3.4>pulledpork.pl -c pulledpork.conf -i disablesid.conf -b
 dropsid.conf -m c:\snort\etc\sid-msg.map -h c:\snort\log\sid_changes.log -I sec
urity -H
 
And then I got this:
 
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / Pulled_Pork v0.3.4
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2010 JJ Cummings
@_/ / 66\_ cummingsj () gmail com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5....
A 403 error occured, please wait for the 15 minute timeout
to expire before trying again or specify the -n runtime switch
Error 403 when fetching http://www.snort.org/pub-bin/oinkmaster.cgi/snor
trules-snapshot-2.8.tar.gz.md5 at C:\snort\pulledpork-0.3.4\pulledpork.pl line 2
69.
 
After 25 minutes, I tried again, same error.

I would like to know what is wrong and any info and help would be appreciated.
 
Many thanks in advance.
 
Regards
 
John  



From: junwei_wan () hotmail com
To: snort-users () lists sourceforge net
Date: Mon, 26 Jul 2010 03:55:34 +0000



Subject: Re: [Snort-users] Oinkmaster can't get rules

Hi, I am unable to update the rules via Oinkmaster (it was okay before), My snort (2.8.5.3) is running on my Windows 
XP, I am getting an error: 404 forbidden message, please see the attached info.
 
I will use Pulled Pork in the near future, but now I would like to fix this issue with rules update&Oinkmaster.
 
Any information and help would be appreciated.
 
Thanks
 
Regards
 
John 
 
                                          
_________________________________________________________________
If It Exists, You'll Find it on SEEK. Australia's #1 job site
http://clk.atdmt.com/NMN/go/157639755/direct/01/

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: RESOLVED Re: Oinkmaster can't get rules, (continued)
- - - Re: RESOLVED Re: Oinkmaster can't get rules James Lay (Jul 16)
    - Re: Oinkmaster can't get rules Jun Wan (Jul 25)
    - Re: Oinkmaster can t get rules waldo kitty (Jul 25)
    - FW: Oinkmaster can't get rules Jun Wan (Jul 25)
    - Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
    - Re: FW: Oinkmaster can't get rules Nigel Houghton (Jul 26)
    - Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
    - Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
    - Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
    - Re: FW: Oinkmaster can't get rules JJC (Jul 26)
    - Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)
    - Re: FW: Oinkmaster can't get rules Joel Esler (Jul 26)
    - Re: FW: Oinkmaster can't get rules Jun Wan (Jul 26)
    - Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)
    - Re: FW: Oinkmaster can t get rules Jun Wan (Jul 28)
    - Re: FW: Oinkmaster can t get rules JJC (Jul 28)
    - Re: FW: Oinkmaster can t get rules waldo kitty (Jul 26)