Received: by 10.50.179.66 with SMTP id de2mr812238igc.4.1345211508738;
Fri, 17 Aug 2012 06:51:48 -0700 (PDT)
X-BeenThere: pulledpork-users@googlegroups.com
Received: by 10.231.3.207 with SMTP id 15ls4446642ibo.2.gmail; Fri, 17 Aug
2012 06:51:48 -0700 (PDT)
Received: by 10.43.131.7 with SMTP id ho7mr1913701icc.5.1345211508229;
Fri, 17 Aug 2012 06:51:48 -0700 (PDT)
Received: by 10.50.95.9 with SMTP id dg9msigb;
Fri, 17 Aug 2012 06:45:52 -0700 (PDT)
Received: by 10.236.173.202 with SMTP id v50mr1479135yhl.19.1345211151919;
Fri, 17 Aug 2012 06:45:51 -0700 (PDT)
Date: Fri, 17 Aug 2012 06:45:51 -0700 (PDT)
From: MichaelS <zipste...@gmail.com>
To: pulledpork-users@googlegroups.com
Message-Id: <d6089f94-7055-4913-8a52-6f68a830e119@googlegroups.com>
Subject: New install of PulledPork - Questions
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_2702_2306410.1345211151018"
------=_Part_2702_2306410.1345211151018
Content-Type: multipart/alternative;
boundary="----=_Part_2703_8476795.1345211151018"
------=_Part_2703_8476795.1345211151018
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
I have PulledPork running again, and I'm trying to assimilated it into my
guides. It's been several months since I pulled the SVN, and I just pulled
it again and the code is the same. Has development stopped on this project,
or am I grabbing the wrong code?
The reason I'm asking; The SVN states version 0.6.1 and this this pull is
0.6.0. Also, I ran PulledPork yesterday and it processed. I ran it again
today, It matched the MD5 codes for the 2 filese, said it wasn't
downloading, but it appears to be processing the rules again. I'm not sure
why PulledPork is processing the rules again?
I did removed several of the # marks from the snort.rules file. Shouldn't
PulledPork only be processing the sid.msg.map file if there are no new
files to download? It takes about 20 minutes when PulledPork runs each time.
This is what I got on the second run.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf
temp_path = c:\windows\temp
version = 0.6.0
rule_path = d:\winids\snort\rules\winids.rules
ignore = deleted.rules,experimental.rules,local.rules
rule_url = ARRAY(0x2648d4c)
snort_version = 2.9.3.0
sid_changelog = d:\winids\snort\log\sid_changes.log
sid_msg = d:\winids\snort\etc\sid-msg.map
local_rules = d:\winids\snort\rules\local.rules
docs = d:\winids\apache24\htdocs\base\signatures\
Use of uninitialized value $Snort_path in -B at
d:\winids\pulledpork\pulledpork.
pl line 1565.
'uname' is not recognized as an internal or external command,
operable program or batch file.
MISC (CLI and Autovar) Variable Debug:
Config Path is: d:\winids\pulledpork\etc\pulledpork.conf
Docs Reference Location is:
d:\winids\apache24\htdocs\base\signatures\
Disabled policy specified
local.rules path is: d:\winids\snort\rules\local.rules
Rules file is: d:\winids\snort\rules\winids.rules
sid changes will be logged to: d:\winids\snort\log\sid_changes.log
sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map
Snort Version is: 2.9.3.0
Text Rules only Flag is Set
Verbose Flag is Set
Base URL is:
https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz
|991158d6f0847841cffbe085a91b7c5775ba98cf
https://www.snort.org/reg-rules/|opens
ource.gz|991158d6f0847841cffbe085a91b7c5775ba98cf
Checking latest MD5 for snortrules-snapshot-2930.tar.gz....
Fetching md5sum for: snortrules-snapshot-2930.tar.gz.md5
** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2930.tar.gz.md5/99115
8d6f0847841cffbe085a91b7c5775ba98cf ==> 200 OK (2s)
most recent rules file digest: ff1d9500ebff89f1f6062e9a994a4a2c
current local rules file digest: ff1d9500ebff89f1f6062e9a994a4a2c
The MD5 for snortrules-snapshot-2930.tar.gz matched
ff1d9500ebff89f1f606
2e9a994a4a2c
so I'm not gonna download the rules file again suckas!
Prepping rules from snortrules-snapshot-2930.tar.gz for work....
extracting contents of
c:\windows\temp/snortrules-snapshot-2930.tar.gz..
.
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /tha_rules/VRT-misc.rules
Extracted: /tha_rules/VRT-indicator-compromise.rules
Extracted: /tha_rules/VRT-file-pdf.rules
Extracted: /tha_rules/VRT-content-replace.rules
Extracted: /tha_rules/VRT-file-identify.rules
Extracted: /tha_rules/VRT-specific-threats.rules
Extracted: /tha_rules/VRT-file-office.rules
Extracted: /tha_rules/VRT-rpc.rules
Extracted: /tha_rules/VRT-dns.rules
Extracted: /tha_rules/VRT-snmp.rules
Extracted: /tha_rules/VRT-policy-other.rules
Extracted: /tha_rules/VRT-web-coldfusion.rules
Extracted: /tha_rules/VRT-chat.rules
Extracted: /tha_rules/VRT-voip.rules
Extracted: /tha_rules/VRT-pop3.rules
Extracted: /tha_rules/VRT-preprocessor.rules
Extracted: /tha_rules/VRT-policy-social.rules
Extracted: /tha_rules/VRT-scada.rules
Extracted: /tha_rules/VRT-other-ids.rules
Extracted: /tha_rules/VRT-sql.rules
Extracted: /tha_rules/VRT-icmp.rules
Extracted: /tha_rules/VRT-pua-p2p.rules
Extracted: /tha_rules/VRT-info.rules
Extracted: /tha_rules/VRT-server-mail.rules
Extracted: /tha_rules/VRT-netbios.rules
Extracted: /tha_rules/VRT-smtp.rules
Extracted: /tha_rules/VRT-sensitive-data.rules
Extracted: /tha_rules/VRT-web-iis.rules
Extracted: /tha_rules/VRT-botnet-cnc.rules
Extracted: /tha_rules/VRT-pua-toolbars.rules
Extracted: /tha_rules/VRT-mysql.rules
Extracted: /tha_rules/VRT-virus.rules
Extracted: /tha_rules/VRT-web-misc.rules
Extracted: /tha_rules/VRT-tftp.rules
Extracted: /tha_rules/VRT-blacklist.rules
Extracted: /tha_rules/VRT-shellcode.rules
Extracted: /tha_rules/VRT-spyware-put.rules
Extracted: /tha_rules/VRT-exploit.rules
Extracted: /tha_rules/VRT-ddos.rules
Extracted: /tha_rules/VRT-attack-responses.rules
Extracted: /tha_rules/VRT-telnet.rules
Extracted: /tha_rules/VRT-icmp-info.rules
Extracted: /tha_rules/VRT-indicator-obfuscation.rules
Extracted: /tha_rules/VRT-x11.rules
Extracted: /tha_rules/VRT-p2p.rules
Extracted: /tha_rules/VRT-scan.rules
Extracted: /tha_rules/VRT-ftp.rules
Extracted: /tha_rules/VRT-web-php.rules
Extracted: /tha_rules/VRT-web-activex.rules
Extracted: /tha_rules/VRT-decoder.rules
Extracted: /tha_rules/VRT-web-frontpage.rules
Extracted: /tha_rules/VRT-rservices.rules
Extracted: /tha_rules/VRT-file-other.rules
Extracted: /tha_rules/VRT-backdoor.rules
Extracted: /tha_rules/VRT-multimedia.rules
Extracted: /tha_rules/VRT-web-client.rules
Extracted: /tha_rules/VRT-policy.rules
Extracted: /tha_rules/VRT-imap.rules
Extracted: /tha_rules/VRT-web-attacks.rules
Extracted: /tha_rules/VRT-nntp.rules
Extracted: /tha_rules/VRT-dos.rules
Extracted: /tha_rules/VRT-finger.rules
Extracted: /tha_rules/VRT-phishing-spam.rules
No such file in archive: 'doc/signatures/rules/VRT-License.txt' at
d:\winids\pulledpork\pulledpork.pl line 289
Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at
d:\winids\pulledpork\pulledpork.pl line 289
Extracted: /tha_rules/VRT-oracle.rules
Extracted: /tha_rules/VRT-policy-multimedia.rules
Extracted: /tha_rules/VRT-pop2.rules
Extracted: /tha_rules/VRT-bad-traffic.rules
Extracted: /tha_rules/VRT-web-cgi.rules
Checking latest MD5 for opensource.gz....
Fetching md5sum for: opensource.gz.md5
** GET
https://www.snort.org/reg-rules/opensource.gz.md5/991158d6f0847841cffbe08
5a91b7c5775ba98cf ==> 200 OK (1s)
most recent rules file digest: 09e69d53d4dac50ab24551f6e224b492
current local rules file digest: 09e69d53d4dac50ab24551f6e224b492
The MD5 for opensource.gz matched 09e69d53d4dac50ab24551f6e224b492
so I'm not gonna download the rules file again suckas!
Prepping rules from opensource.gz for work....
extracting contents of c:\windows\temp/opensource.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
After configuring and running PulledPork it grabbed the latest rules and
placed all the rules into the snort/rules/snort.rules file. It also placed
all the disabled (#) rules in there as well.
How does PulledPork deal with these (#) rules. On a brand new pull, say I
uncomment several of the '# alert' rules; What happens to these rules the
next time a rule update is performed by PulledPork?
There are 3 .rule files in the preproc_rules folder, and it appears they
are assimilated into the snort.rules file on the initial run. Is this the
best way to handle these preproc_rules? The Snort original install includes
the snort\preproc_rules folder and there are 3 .rules files inside that
folder. Should this folder be removed and allow PulledPork to assimilated
those 3 .rules files into the main snort.rules file when it runs, or should
they be moved out of the preproc_rules folder to the main snort\rules
folder, and place the 3 names into the ignore= line of the pulledpork.conf?
I'm unsure if the rules in the preproc_rules folder changes between Snort
versions?
Kindest regards,
Michael..
------=_Part_2703_8476795.1345211151018
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">I have PulledPork running again, and I'm trying to assimilated
it into my guides. It's been several months since I pulled the SVN, and I just
pulled it again and the code is the same. Has development stopped on this project,
or am I grabbing the wrong code?<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></p><font color="#000000" size="3" face="Times New Roman">
</font><div style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">The reason I'm asking; The SVN states version 0.6.1 and this this pull is 0.6.0. Also, I ran PulledPork yesterday
and it processed. I ran it again today, It matched the MD5 codes for the 2 filese, said it wasn't downloading, but it appears to be processing the rules
again.</font></font></font><font size="3"><font color="#000000"><font face="Calibri"> I'm not sure why PulledPork
is processing the rules again?</font></font></font></div><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">I did removed several of the # marks from the
snort.rules file. Shouldn't PulledPork only be processing the sid.msg.map file
if there are no new files to download? It takes about 20 minutes when
PulledPork runs each time.<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><div style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></div><div style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri">This is what I got on the second run.</font></o:p></div><div style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"></font></o:p> </div><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>temp_path =
c:\windows\temp<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>version =
0.6.0<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>rule_path =
d:\winids\snort\rules\winids.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>ignore =
deleted.rules,experimental.rules,local.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>rule_url =
ARRAY(0x2648d4c)<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;">
</span>snort_version = 2.9.3.0<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;">
</span>sid_changelog = d:\winids\snort\log\sid_changes.log<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>sid_msg =
d:\winids\snort\etc\sid-msg.map<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>local_rules
= d:\winids\snort\rules\local.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>docs =
d:\winids\apache24\htdocs\base\signatures\<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Use of uninitialized value $Snort_path in -B at
d:\winids\pulledpork\pulledpork.<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">pl line 1565.<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">'uname' is not recognized as an internal or external
command,<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">operable program or batch file.<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">MISC (CLI and Autovar) Variable Debug:<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Config Path
is: d:\winids\pulledpork\etc\pulledpork.conf<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Docs
Reference Location is: d:\winids\apache24\htdocs\base\signatures\<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Disabled
policy specified<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>local.rules
path is: d:\winids\snort\rules\local.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Rules file
is: d:\winids\snort\rules\winids.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>sid changes
will be logged to: d:\winids\snort\log\sid_changes.log<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>sid-msg.map
Output Path is: d:\winids\snort\etc\sid-msg.map<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Snort
Version is: 2.9.3.0<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Text Rules
only Flag is Set<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Verbose
Flag is Set<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Base URL
is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">|991158d6f0847841cffbe085a91b7c5775ba98cf
https://www.snort.org/reg-rules/|opens<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">ource.gz|991158d6f0847841cffbe085a91b7c5775ba98cf<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Checking latest MD5 for
snortrules-snapshot-2930.tar.gz....<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Fetching
md5sum for: snortrules-snapshot-2930.tar.gz.md5<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2930.tar.gz.md5/99115<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">8d6f0847841cffbe085a91b7c5775ba98cf ==> 200 OK (2s)<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>most recent
rules file digest: ff1d9500ebff89f1f6062e9a994a4a2c<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>current local rules file<span style="mso-spacerun: yes;"> </span>digest: ff1d9500ebff89f1f6062e9a994a4a2c<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>The MD5 for
snortrules-snapshot-2930.tar.gz matched ff1d9500ebff89f1f606<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">2e9a994a4a2c<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>so I'm not
gonna download the rules file again suckas!<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Prepping rules from snortrules-snapshot-2930.tar.gz for
work....<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>extracting
contents of c:\windows\temp/snortrules-snapshot-2930.tar.gz..<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">.<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Ignoring
plaintext rules: deleted.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Ignoring
plaintext rules: experimental.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>Ignoring plaintext rules: local.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-misc.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-indicator-compromise.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-file-pdf.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-content-replace.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>Extracted: /tha_rules/VRT-file-identify.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-specific-threats.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-file-office.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-rpc.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-dns.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-snmp.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-policy-other.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-coldfusion.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-chat.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-voip.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-pop3.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-preprocessor.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-policy-social.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-scada.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-other-ids.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-sql.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-icmp.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-pua-p2p.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-info.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-server-mail.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-netbios.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-smtp.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-sensitive-data.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-iis.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-botnet-cnc.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-pua-toolbars.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>Extracted: /tha_rules/VRT-mysql.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-virus.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-misc.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-tftp.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-blacklist.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-shellcode.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-spyware-put.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-exploit.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-ddos.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-attack-responses.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-telnet.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-icmp-info.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-indicator-obfuscation.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-x11.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-p2p.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-scan.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-ftp.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-php.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-activex.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-decoder.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-frontpage.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-rservices.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-file-other.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-backdoor.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-multimedia.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-client.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span>Extracted: /tha_rules/VRT-policy.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-imap.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-attacks.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-nntp.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-dos.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-finger.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-phishing-spam.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">No such file in archive:
'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl
line 289<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Could not find an entry for
'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl
line 289<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-oracle.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-policy-multimedia.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-pop2.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-bad-traffic.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Extracted:
/tha_rules/VRT-web-cgi.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Checking latest MD5 for opensource.gz....<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Fetching
md5sum for: opensource.gz.md5<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">** GET
https://www.snort.org/reg-rules/opensource.gz.md5/991158d6f0847841cffbe08<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">5a91b7c5775ba98cf ==> 200 OK (1s)<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>most recent
rules file digest: 09e69d53d4dac50ab24551f6e224b492<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>current
local rules file<span style="mso-spacerun: yes;"> </span>digest:
09e69d53d4dac50ab24551f6e224b492<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>The MD5 for
opensource.gz matched 09e69d53d4dac50ab24551f6e224b492<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>so I'm not
gonna download the rules file again suckas!<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">Prepping rules from opensource.gz for work....<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>extracting
contents of c:\windows\temp/opensource.gz...<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Ignoring
plaintext rules: deleted.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Ignoring
plaintext rules: experimental.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000"><span style="mso-spacerun: yes;"> </span>Ignoring
plaintext rules: local.rules<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000">After configuring <span style="mso-spacerun: yes;"> </span>and
running PulledPork it grabbed the latest rules and placed all the rules into
the snort/rules/snort.rules file. It also placed all the disabled (#) rules in
there as well.<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font face="Calibri"><font size="3"><font color="#000000">How does PulledPork deal with these (#) rules. On a brand
new pull, say I uncomment several of the '# alert' rules; What happens to these
rules the next time <span style="mso-spacerun: yes;"> </span>a rule update is performed
by PulledPork?<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><font size="3"><font color="#000000"><font face="Calibri">There are 3 .rule files in the preproc_rules folder, and
it appears they are assimilated into the snort.rules file on the initial run.
Is this the best way to handle these preproc_rules? The Snort original install
includes the snort\preproc_rules folder and there are 3 .rules files inside
that folder. Should this folder be removed and allow PulledPork to assimilated
those 3 .rules files into the main snort.rules file when it runs, or should
they be moved out of the preproc_rules folder to the main snort\rules folder,
and place the 3 names into the ignore= line of the pulledpork.conf? I'm unsure
if the rules in the preproc_rules folder changes between Snort versions?<o:p></o:p></font></font></font></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><a name="_MailAutoSig"><span style="mso-no-proof: yes;"><font size="3"><font color="#000000"><font face="Calibri">Kindest
regards,<o:p></o:p></font></font></font></span></a></p><font color="#000000" size="3" face="Times New Roman">
</font><p style="margin: 0in 0in 0pt;" class="MsoPlainText"><span style="mso-bookmark: _MailAutoSig;"><span style="mso-no-proof: yes;"><font size="3"><font color="#000000"><font face="Calibri">Michael..</font></font></font></span></span><o:p><font color="#000000" size="3" face="Calibri"> </font></o:p><font color="#000000" size="3" face="Times New Roman"></font></p>
------=_Part_2703_8476795.1345211151018--
------=_Part_2702_2306410.1345211151018--
Message from discussion New install of PulledPork - Questions
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |