Snort mailing list archives
Re: Subscriber signatures fail to update
From: VJM via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 19 Oct 2020 19:44:44 +0530
My pfSense Netgate router gets a CG-NAT IP once authentication is complete via PPP. I can request the ISP for a v6
address which would likely be a public one. Anyway, I tried a manual update and it failed again. My IP address is
103.208.71.114. Can you please check the server log? Here’s the log extract at 19:27 IST / 13:57 GMT,
Starting rules update... Time: 2020-10-19 19:27:23
Downloading Snort Subscriber rules md5 file snortrules-snapshot-29161.tar.gz.md5...
Snort Subscriber rules md5 download failed.
Server returned error code 0.
Server error message was:
Snort Subscriber rules will not be updated.
Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
Snort OpenAppID detectors md5 download failed.
Server returned error code 0.
Server error message was:
Snort OpenAppID detectors will not be updated.
Downloading Snort AppID Open Text Rules md5 file appid_rules.tar.gz.md5...
Snort AppID Open Text Rules md5 download failed.
Server returned error code 0.
Server error message was:
Snort AppID Open Text Rules will not be updated.
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was:
Emerging Threats Open rules will not be updated.
The Rules update has finished. Time: 2020-10-19 19:31:24
Best regards,
Viv
From: Snort-sigs <snort-sigs-bounces () lists snort org> On Behalf Of Joel Esler (jesler) via Snort-sigs
Sent: 19 October 2020 18:06
To: VJM <vivekjm () gmail com>
Cc: snort-sigs () lists snort org
Subject: Re: [Snort-sigs] Subscriber signatures fail to update
I don’t see any attempts from that IP to hit Snort.org <http://Snort.org> in the past 72 hours. So it looks like you
are being blocked well before hitting our web server. Do you a proxy in the way?
On Oct 19, 2020, at 3:19 AM, VJM via Snort-sigs <snort-sigs () lists snort org <mailto:snort-sigs () lists snort org> >
wrote:
Thanks for your reply. My pfSense router gets a dynamic IPv4 address from the ISP. The current IP address is
103.208.71.114. A recent update failed today at 12:10 pm or 6:40 am GMT (my local time zone is GMT +5:30).
This is the current log entry from the update attempt:
Starting rules update... Time: 2020-10-19 12:10:31
Downloading Snort Subscriber rules md5 file snortrules-snapshot-29161.tar.gz.md5...
Snort Subscriber rules md5 download failed.
Server returned error code 0.
Server error message was:
Snort Subscriber rules will not be updated.
Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
Snort OpenAppID detectors md5 download failed.
Server returned error code 0.
Server error message was:
Snort OpenAppID detectors will not be updated.
Downloading Snort AppID Open Text Rules md5 file appid_rules.tar.gz.md5...
Snort AppID Open Text Rules md5 download failed.
Server returned error code 0.
Server error message was:
Snort AppID Open Text Rules will not be updated.
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was:
Emerging Threats Open rules will not be updated.
The Rules update has finished. Time: 2020-10-19 12:14:32
Best regards,
Viv
From: Snort-sigs <snort-sigs-bounces () lists snort org <mailto:snort-sigs-bounces () lists snort org> > On Behalf Of
Joel Esler (jesler) via Snort-sigs
Sent: 19 October 2020 02:22
To: VJM <vivekjm () gmail com <mailto:vivekjm () gmail com> >
Cc: snort-sigs () lists snort org <mailto:snort-sigs () lists snort org>
Subject: Re: [Snort-sigs] Subscriber signatures fail to update
Cans you give me the IP I should see at the server?
Sent from my iPhone
On Oct 17, 2020, at 09:29, VJM via Snort-sigs < <mailto:snort-sigs () lists snort org> snort-sigs () lists snort org>
wrote:
Hello,
I use Snort on pfSense 2.4.5 and noticed the Snort subscriber updates fail to install. Snort has been set to update
every 12 hours at 10 minutes past the hour. Is there a geo-block on the update server? My ISP is Tata-Sky based out of
Mumbai, India. The log entries show “Server returned error code 0”:
Starting rules update... Time: 2020-10-16 12:10:04
Downloading Snort Subscriber rules md5 file snortrules-snapshot-29161.tar.gz.md5...
Snort Subscriber rules md5 download failed.
Server returned error code 0.
Server error message was:
Snort Subscriber rules will not be updated.
Downloading Snort OpenAppID detectors md5 file snort-openappid.tar.gz.md5...
Snort OpenAppID detectors md5 download failed.
Server returned error code 0.
Server error message was:
Snort OpenAppID detectors will not be updated.
Downloading Snort AppID Open Text Rules md5 file appid_rules.tar.gz.md5...
Snort AppID Open Text Rules md5 download failed.
Server returned error code 0.
Server error message was:
Snort AppID Open Text Rules will not be updated.
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was:
Emerging Threats Open rules will not be updated.
The Rules update has finished. Time: 2020-10-16 12:14:05
Any help will be appreciated.
Best regards,
Viv
_______________________________________________
Snort-sigs mailing list
<mailto:Snort-sigs () lists snort org> Snort-sigs () lists snort org
<https://lists.snort.org/mailman/listinfo/snort-sigs> https://lists.snort.org/mailman/listinfo/snort-sigs
Please visit <http://blog.snort.org/> http://blog.snort.org for the latest news about Snort!
Please follow these rules: <https://snort.org/faq/what-is-the-mailing-list-etiquette>
https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org <http://Snort.org> to subscribe to the official Snort ruleset, make sure to stay up to date to
catch the most <a href=" <https://snort.org/downloads/#rule-downloads>
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org>
https://lists.snort.org/mailman/listinfo/snort-sigs
Please visit http://blog.snort.org for the latest news about Snort!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org <http://Snort.org> to subscribe to the official Snort ruleset, make sure to stay up to date to
catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Subscriber signatures fail to update VJM via Snort-sigs (Oct 17)
- Re: Subscriber signatures fail to update wkitty42--- via Snort-sigs (Oct 17)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 18)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 19)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 19)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 20)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 20)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 21)
- Re: Subscriber signatures fail to update Joel Esler (jesler) via Snort-sigs (Oct 21)
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 19)
- Re: Subscriber signatures fail to update bs0838982 via Snort-sigs (Oct 20)
- <Possible follow-ups>
- Re: Subscriber signatures fail to update VJM via Snort-sigs (Oct 18)