Re: Pulled Pork 403 Error

[Joel Esler <jesler () sourcefire com>]

No, your code should be updated to simply point to the subscriber set. Let me ask our team. 

Thanks. 

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

On Jul 25, 2012, at 7:15 PM, Brandon Phelps <bphelps () gls com> wrote:

> On 7/25/2012 4:07 PM, Brandon Phelps wrote:
> > Greetings,
> >
> > I am attempting to configure pulled pork using the subscriber rules and am getting a 403 error, informing me to wait 
> > 15 minutes and try again.  I've
> > waited and waited and the issue persists.  When I get the error via pulled pork I can still access the tar.gz file 
> > fine from the website.  Has anyone
> > seen this problem before and know if I am doing something wrong?
> >
> > Below are my rule_url lines as well as the actual pulled pork output.  If I run pulled pork with the -n option it 
> > correctly uses a copy of the rules I
> > already downloaded from /tmp.  Any help would be appreciated!
> >
> > rule_url=https://www.snort.org/sub-rules/|snortrules-snapshot.tar.gz|a...e
> > rule_url=https://www.snort.org/sub-rules/|opensource.gz|a...e
> >
> > $ sudo /opt/pulledpork-0.6.1/pulledpork.pl -c /opt/pulledpork-0.6.1/etc/pulledpork.conf
> >
> >     http://code.google.com/p/pulledpork/
> >       _____ ____
> >      `----,\    )
> >       `--==\\  /    PulledPork v0.6.1 the Smoking Pig <////~
> >        `--==\\/
> >      .-~~~~-.Y|\\_  Copyright (C) 2009-2011 JJ Cummings
> >   @_/        /  66\_  cummingsj () gmail com
> >     |    \   \   _(")
> >      \   /-| ||'--'  Rules give me wings!
> >       \_\  \_\\
> >  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > Checking latest MD5 for snortrules-snapshot-2930.tar.gz....
> >    A 403 error occurred, please wait for the 15 minute timeout
> >    to expire before trying again or specify the -n runtime switch
> >    You may also wish to verfiy your oinkcode, tarball name, and other configuration options
> >    Error 403 when fetching https://www.snort.org/sub-rules/snortrules-snapshot-2930.tar.gz.md5 at 
> > /opt/pulledpork-0.6.1/pulledpork.pl line 453
> >    main::md5file('a...e', 'snortrules-snapshot-2930.tar.gz', '/tmp/', 'https://www.snort.org/sub-rules/&apos;) called at 
> > /opt/pulledpork-0.6.1/pulledpork.pl
> > line 1758
> >
> >
> > Thanks,
> > Brandon
>
> Actually, it seems I can *only* download the subscriber rules from the 
> website.  When I use wget from a console using the exact URL the My 
> Account -> Oinkcodes page gives, I also get a 403 error.
>
> I only purchased the subscription today, do I need to wait a certain 
> amount of time for my Oinkcode to work?  Or do I need to somehow 
> generate a new Oinkcode?  The oinkcode I have currently is from before I 
> purchased the subscription.
>
> Thanks,
> Brandon
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!