Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

369 views

Skip to first unread message

Joel Esler (jesler)

unread,

Jul 10, 2014, 2:20:33 PM7/10/14

Can you try:

https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz/<oinkcode>

On Jul 10, 2014, at 1:53 PM, Starner, Mark <mark.s...@unisys.com> wrote:

I have tried various things in my pulledpork config file and nothing seems to work.

I tried the old way (which Joel is looking into since it should work)

rule_url=https://www.snort.org/sub-rules/|snortrules-snapshot-2961.tar.gz|<oinkcode>

But what should it look like for the new format when the final URL for the subscriber rules needs to be:

https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz?<oinkcode>

I have tried every combination I can think of and have not been able to download the rules.

Thanks

Mark

From: Joel Esler (jesler) [mailto:jes...@cisco.com]
Sent: Thursday, July 10, 2014 8:53 AM
To: Shirkdog
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

We still support the old one. We're looking into the issue.

--

Joel Esler

Sent from my iPhone

On Jul 10, 2014, at 8:47, "Shirkdog" <shir...@gmail.com> wrote:

I will work on updating the default for pulled pork, but use the following URL, per the new website:

https://www.snort.org/rules/snortrules-snapshot-29xx-tar.gz?<oinkcode>

On Jul 10, 2014 8:40 AM, "Anshuman Anil Deshmukh" <ansh...@cybage.com> wrote:

Hi,

Even I am getting such error. in my case the only difference is that I am on the older version. Is it something to do with the recent changes that happened on the website?

Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<my oinkcode>https://www.snort.org/reg-rules/|opensource.gz|<my oinkcode>https://rules.emergingthreats.net/|emerging.rules.tar.gz|open https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open

Checking latest MD5 for snortrules-snapshot-2950.tar.gz....

                Fetching md5sum for: snortrules-snapshot-2950.tar.gz.md5

** GET https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/<my oinkcode> ==> 422 Unprocessable Entity (2s)

                Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5 at pulledpork.pl line 463

                main::md5file('<my oinkcode>', 'snortrules-snapshot-2950.tar.gz', '/etc/snort/tmp/', 'https://www.snort.org/reg-rules/') called at pulledpork.pl line 1847

Regards,

Anshuman

-----Original Message-----
From: Laszlo Toth [mailto:laszl...@linguamatics.com]
Sent: Thursday, July 10, 2014 5:00 PM
To: snort...@lists.sourceforge.net
Subject: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

Hi,

I'm trying to download the registered rules with pulledpork but I'm getting the following error message:

Rules tarball download of snortrules-snapshot-2961.tar.gz....

         Error 422 when fetching snortrules-snapshot-2961.tar.gz at ./pulledpork.pl line 408

         main::rulefetch('oinkcode', 'snortrules-snapshot-2961.tar.gz',

'/tmp/', 'https://www.snort.org/reg-rules/') called at ./pulledpork.pl line 1856

Pulledpork rule config:

rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcode

I get the same HTTP response code when I try to manually download the rules fromhttps://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz/oinkcode

Am I missing something?

Thanks,

Laszlo

--

Laszlo Toth

Systems administrator

Linguamatics

324 Cambridge Science Park

Milton Road

Cambridge

CB4 0WG

UK

Telephone number:

+44 (0)1223 651910

www.linguamatics.com

------------------------------------------------------------------------------

Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft_______________________________________________

Snort-users mailing list

Snort...@lists.sourceforge.net

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Joel Esler (jesler)

unread,

Jul 10, 2014, 2:22:39 PM7/10/14

Okay. Thanks Mark, I just had the team in my office and they went to go look into the issue.

Joel Esler (jesler)

unread,

Jul 10, 2014, 2:32:24 PM7/10/14

Yup. I believe they just found the issue and the fix should be pushed shortly.

On Jul 10, 2014, at 2:23 PM, Starner, Mark <mark.s...@unisys.com> wrote:

[root@ustr-siqx pulledpork]# wget https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz/<oinkcode>

--2014-07-10 18:21:38-- https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz/<oinkcode>

Resolving www.snort.org... 50.19.124.119, 54.225.152.149, 54.243.242.66

Connecting to www.snort.org|50.19.124.119|:443... connected.

ERROR: cannot verify www.snort.org's certificate, issued by `/C=US/O=Thawte, Inc./CN=Thawte SSL CA':

Self-signed certificate encountered.

ERROR: certificate common name `snort.org' doesn't match requested host name `www.snort.org'.

To connect to www.snort.org insecurely, use `--no-check-certificate'.

Unable to establish SSL connection.

With no-check-certificate:

[root@ustr-siqx pulledpork]# wget --no-check-certificate https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz/<oinkcode>

--2014-07-10 18:22:35-- https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz/<oinkcode>

Resolving www.snort.org... 54.225.152.149, 54.243.242.66, 50.19.124.119

Connecting to www.snort.org|54.225.152.149|:443... connected.

WARNING: cannot verify www.snort.org's certificate, issued by `/C=US/O=Thawte, Inc./CN=Thawte SSL CA':

Self-signed certificate encountered.

WARNING: certificate common name `snort.org' doesn't match requested host name `www.snort.org'.

HTTP request sent, awaiting response... 404 Not Found

2014-07-10 18:22:36 ERROR 404: Not Found.

Getting 404 error if I ignore the certificate error.

From: Joel Esler (jesler) [mailto:jes...@cisco.com]
Sent: Thursday, July 10, 2014 2:21 PM
To: Starner, Mark
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

Can you try:

https://www.snort.org/rules/snortrules-snapshot-2961-tar.gz/<oinkcode>

0 new messages