Re: [Efw-user] Problems updating snort
It worked for me last night also, however I have it installed on RED, GREEN and ORANGE and they all worked On 10/23/07, woodrowbone <[EMAIL PROTECTED]> wrote: > > > Thx 2 Peter and everyone else in here. :handshake: > I can also confirm that the update works if you disable green and then > update the red only, > Looking forward to the next release Peter. :jumping: > > Woodrow > > > wharfratjoe wrote: > > > > its working now for "registered users" rules. I disabled SNORT on the > > green network on both versions and updates are working now. It worked > > before, not sure if the 2.3 rules not being available anymore like > others > > stated has to do with green network rules. > > > > I also made NO changes to any scripts on the Endian firewalls to force > 2.4 > > rules to replace the 2.3 rules. > > > > also like peter mentioned, do not try to update multiple times within (i > > think the same hour), they may block for this type of behavior on the > > SNORT servers themselves. > > > > hope this helps > > > > > > wharfratjoe wrote: > >> > >> Same here with snort is not updating. same MD5 error > >> > >> I also tested snort on an older version of Endian and it is not > updating > >> on it as well: > >> > >> Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT > >> 2006 i686 i686 i386 GNU/Linux > >> > >> > >> > >> > >> > >> Joseph L. Casale wrote: > >>> > >>> Exact scenario occurred for me as well. > >>> > >>> -Original Message- > >>> From: [EMAIL PROTECTED] > >>> [mailto:[EMAIL PROTECTED] On Behalf Of > woodrowbone > >>> Sent: October-16-07 3:55 AM > >>> To: efw-user@lists.sourceforge.net > >>> Subject: Re: [Efw-user] Problems updating snort > >>> > >>> > >>> Could some more people verify that this is the case on more Endian > 2.1.2 > >>> installs or just a fluke? > >>> I did test on another installation with the same results. > >>> Snort or Endian prob? > >>> > >>> Woodrow > >>> > >>> > >>> Tom-225 wrote: > >>>> > >>>> Hello Woodrow, > >>>> > >>>> I am had exactly the same problem yesterday night and found no > solution > >>>> for > >>>> it. > >>>> > >>>> Has anybody a solution for this? > >>>> > >>>> Greetings > >>>> tomakos > >>>> > >>>>> -Original Message- > >>>>> From: [EMAIL PROTECTED] [mailto:efw-user- > >>>>> [EMAIL PROTECTED] On Behalf Of woodrowbone > >>>>> Sent: Sonntag, 14. Oktober 2007 00:25 > >>>>> To: efw-user@lists.sourceforge.net > >>>>> Subject: [Efw-user] Problems updating snort > >>>>> > >>>>> > >>>>> Hi guys! > >>>>> All of a sudden I get these messages when trying to update the IDS > >>>>> (snort) > >>>>> First this mess: Invalid MD5Sum. > >>>>> Then this: Access refused with this oinkcode > >>>>> I did try to make a new account at snort with a new oinkcode but no > go > >>>>> >-( > >>>>> > >>>>> Anyone knows why:confused: > >>>>> > >>>>> Woodrow > >>>>> -- > >>>>> View this message in context: > http://www.nabble.com/Problems-updating- > >>>>> snort-tf4619676.html#a13193578 > >>>>> Sent from the efw-user mailing list archive at Nabble.com. > >>>>> > >>>>> > >>>>> > - > >>>>> This SF.net email is sponsored by: Splunk Inc. > >>>>> Still grepping through log files to find problems? Stop. > >>>>> Now Search log events and configuration files using AJAX and a > >>>>> browser. > >>>>> Download your FREE copy of Splunk now >> http://get.splunk.com/ > >>>>> ___ > >>>>> Efw-user mailing list > >>>>> Efw-user@lists.sourceforge.net > >>&
Re: [Efw-user] Problems updating snort
Thx 2 Peter and everyone else in here. :handshake: I can also confirm that the update works if you disable green and then update the red only, Looking forward to the next release Peter. :jumping: Woodrow wharfratjoe wrote: > > its working now for "registered users" rules. I disabled SNORT on the > green network on both versions and updates are working now. It worked > before, not sure if the 2.3 rules not being available anymore like others > stated has to do with green network rules. > > I also made NO changes to any scripts on the Endian firewalls to force 2.4 > rules to replace the 2.3 rules. > > also like peter mentioned, do not try to update multiple times within (i > think the same hour), they may block for this type of behavior on the > SNORT servers themselves. > > hope this helps > > > wharfratjoe wrote: >> >> Same here with snort is not updating. same MD5 error >> >> I also tested snort on an older version of Endian and it is not updating >> on it as well: >> >> Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT >> 2006 i686 i686 i386 GNU/Linux >> >> >> >> >> >> Joseph L. Casale wrote: >>> >>> Exact scenario occurred for me as well. >>> >>> -Original Message- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of woodrowbone >>> Sent: October-16-07 3:55 AM >>> To: efw-user@lists.sourceforge.net >>> Subject: Re: [Efw-user] Problems updating snort >>> >>> >>> Could some more people verify that this is the case on more Endian 2.1.2 >>> installs or just a fluke? >>> I did test on another installation with the same results. >>> Snort or Endian prob? >>> >>> Woodrow >>> >>> >>> Tom-225 wrote: >>>> >>>> Hello Woodrow, >>>> >>>> I am had exactly the same problem yesterday night and found no solution >>>> for >>>> it. >>>> >>>> Has anybody a solution for this? >>>> >>>> Greetings >>>> tomakos >>>> >>>>> -Original Message- >>>>> From: [EMAIL PROTECTED] [mailto:efw-user- >>>>> [EMAIL PROTECTED] On Behalf Of woodrowbone >>>>> Sent: Sonntag, 14. Oktober 2007 00:25 >>>>> To: efw-user@lists.sourceforge.net >>>>> Subject: [Efw-user] Problems updating snort >>>>> >>>>> >>>>> Hi guys! >>>>> All of a sudden I get these messages when trying to update the IDS >>>>> (snort) >>>>> First this mess: Invalid MD5Sum. >>>>> Then this: Access refused with this oinkcode >>>>> I did try to make a new account at snort with a new oinkcode but no go >>>>> >-( >>>>> >>>>> Anyone knows why:confused: >>>>> >>>>> Woodrow >>>>> -- >>>>> View this message in context: http://www.nabble.com/Problems-updating- >>>>> snort-tf4619676.html#a13193578 >>>>> Sent from the efw-user mailing list archive at Nabble.com. >>>>> >>>>> >>>>> - >>>>> This SF.net email is sponsored by: Splunk Inc. >>>>> Still grepping through log files to find problems? Stop. >>>>> Now Search log events and configuration files using AJAX and a >>>>> browser. >>>>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>>>> ___ >>>>> Efw-user mailing list >>>>> Efw-user@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>> >>>> >>>> - >>>> This SF.net email is sponsored by: Splunk Inc. >>>> Still grepping through log files to find problems? Stop. >>>> Now Search log events and configuration files using AJAX and a browser. >>>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>>> ___ >>>> Efw-user mailing list >>>> Efw-user@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>>> >>>> >>> >>> -- >>> Vi
Re: [Efw-user] Problems updating snort
its working now for "registered users" rules. I disabled SNORT on the green network on both versions and updates are working now. It worked before, not sure if the 2.3 rules not being available anymore like others stated has to do with green network rules. I also made NO changes to any scripts on the Endian firewalls to force 2.4 rules to replace the 2.3 rules. also like peter mentioned, do not try to update multiple times within (i think the same hour), they may block for this type of behavior on the SNORT servers themselves. hope this helps wharfratjoe wrote: > > Same here with snort is not updating. same MD5 error > > I also tested snort on an older version of Endian and it is not updating > on it as well: > > Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT > 2006 i686 i686 i386 GNU/Linux > > > > > > Joseph L. Casale wrote: >> >> Exact scenario occurred for me as well. >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of woodrowbone >> Sent: October-16-07 3:55 AM >> To: efw-user@lists.sourceforge.net >> Subject: Re: [Efw-user] Problems updating snort >> >> >> Could some more people verify that this is the case on more Endian 2.1.2 >> installs or just a fluke? >> I did test on another installation with the same results. >> Snort or Endian prob? >> >> Woodrow >> >> >> Tom-225 wrote: >>> >>> Hello Woodrow, >>> >>> I am had exactly the same problem yesterday night and found no solution >>> for >>> it. >>> >>> Has anybody a solution for this? >>> >>> Greetings >>> tomakos >>> >>>> -Original Message- >>>> From: [EMAIL PROTECTED] [mailto:efw-user- >>>> [EMAIL PROTECTED] On Behalf Of woodrowbone >>>> Sent: Sonntag, 14. Oktober 2007 00:25 >>>> To: efw-user@lists.sourceforge.net >>>> Subject: [Efw-user] Problems updating snort >>>> >>>> >>>> Hi guys! >>>> All of a sudden I get these messages when trying to update the IDS >>>> (snort) >>>> First this mess: Invalid MD5Sum. >>>> Then this: Access refused with this oinkcode >>>> I did try to make a new account at snort with a new oinkcode but no go >>>> >-( >>>> >>>> Anyone knows why:confused: >>>> >>>> Woodrow >>>> -- >>>> View this message in context: http://www.nabble.com/Problems-updating- >>>> snort-tf4619676.html#a13193578 >>>> Sent from the efw-user mailing list archive at Nabble.com. >>>> >>>> >>>> - >>>> This SF.net email is sponsored by: Splunk Inc. >>>> Still grepping through log files to find problems? Stop. >>>> Now Search log events and configuration files using AJAX and a browser. >>>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>>> ___ >>>> Efw-user mailing list >>>> Efw-user@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> ___ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 >> Sent from the efw-user mailing list archive at Nabble.com. >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourc
Re: [Efw-user] Problems updating snort
Just did a fresh install over the weekend 2.1.2 and I receive a md5sum error when trying to download the ruleset. This was an existing snort account that was working, so I see the issue also. On 10/22/07, compdoc <[EMAIL PROTECTED]> wrote: > > Heck, I have no problems updating on efw 2.1 or 2.12... > > But I only use Red snort, not green as well.. > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of CoryC > Sent: Monday, October 22, 2007 10:19 AM > To: efw-user@lists.sourceforge.net > Subject: Re: [Efw-user] Problems updating snort > > Peter, > > Which version of the rules are you using? > > When I put the url for the registered user in a > browser I get an error message that says "Oink!! The > page you requested doesn't exist.". When I change the > url to 2.4.tar.gz I get prompted to save the file. > > However, if I try to use the 2.3 subscriber rules I > get an error message that says "You must have an > active subscription to download this file". I get the > same message for 2.4 as well. > > I'm wondering if they have made the registered ruleset > unavailable and the symptoms you are describing > reflect using the subscriber rules which may still available? > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Heck, I have no problems updating on efw 2.1 or 2.12... But I only use Red snort, not green as well.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of CoryC Sent: Monday, October 22, 2007 10:19 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Problems updating snort Peter, Which version of the rules are you using? When I put the url for the registered user in a browser I get an error message that says "Oink!! The page you requested doesn't exist.". When I change the url to 2.4.tar.gz I get prompted to save the file. However, if I try to use the 2.3 subscriber rules I get an error message that says "You must have an active subscription to download this file". I get the same message for 2.4 as well. I'm wondering if they have made the registered ruleset unavailable and the symptoms you are describing reflect using the subscriber rules which may still available? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Are ppl having a problem with the older version of efw? I press the update community rules button on the newest efw, and have no problems.. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Peter, Which version of the rules are you using? When I put the url for the registered user in a browser I get an error message that says "Oink!! The page you requested doesn't exist.". When I change the url to 2.4.tar.gz I get prompted to save the file. However, if I try to use the 2.3 subscriber rules I get an error message that says "You must have an active subscription to download this file". I get the same message for 2.4 as well. I'm wondering if they have made the registered ruleset unavailable and the symptoms you are describing reflect using the subscriber rules which may still available? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Peter, Which version of the rules are you using? When I put the url for the registered user in a browser I get an error message that says "Oink!! The page you requested doesn't exist.". When I change the url to 2.4.tar.gz I get prompted to save the file. However, if I try to use the 2.3 subscriber rules I get an error message that says "You must have an active subscription to download this file". I get the same message for 2.4 as well. I'm wondering if they have made the registered ruleset unavailable and the symptoms you are describing reflect using the subscriber rules which may still available? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Hi Peter Warasin wrote: > But, our ids.cgi makes 2 downloads at a time in order to check if > something has changed and starts the full download only if there is a > new version on the server. > Now this check cannot be done anymore. Will see if there is another > possibility. Uhm.. tried again a little bit.. It i snot necessary to do any changes. The check is for each file seperately. Just do not download the signatures multiple times successively. peer -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: [EMAIL PROTECTED] begin:vcard fn:Peter Warasin n:;Peter Warasin org:Endian GmbH/Srl adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia email;internet:[EMAIL PROTECTED] tel;work:+39 0471 631763 tel;fax:+39 0471 631764 x-mozilla-html:FALSE url:http://www.endian.com version:2.1 end:vcard - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
hi
woodrowbone wrote:
> Thx a lot h h-2! =)
> I guess this is a task for the devs. to take care of, I hope they read this
> mailing list or?
Yes we are reading, but *currently* more or less passively.
I analysed the problem, will fix it for next version which will appear soon.
The problem is not the version of the rules, but that snort.org has
changed it's webserver in order to allow download only once. Next
download can be done after a couple of minutes.
But, our ids.cgi makes 2 downloads at a time in order to check if
something has changed and starts the full download only if there is a
new version on the server.
Now this check cannot be done anymore. Will see if there is another
possibility.
For now it is sufficient to change the following lines within ids.cgi
(line 88):
- $md5 = &getmd5;
- if (($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) {
+ if (1 || ($snortsettings{'INSTALLMD5'} ne $md5) && defined $md5 ) {
this should do the trick for now
peter
--
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: [EMAIL PROTECTED]
begin:vcard
fn:Peter Warasin
n:;Peter Warasin
org:Endian GmbH/Srl
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:[EMAIL PROTECTED]
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.com
version:2.1
end:vcard
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/___
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Ok, so doing this broke snort but starting snort from command line I was able to see that it had issues with some of the rules. I had to edit /etc/snort/snort.conf and comment out the following rulesets to get it to work: include $RULE_PATH/ftp.rules include $RULE_PATH/web-client.rules include $RULE_PATH/netbios.rules Afterwards I was able to get snort to start successfully from the console and from the web interface. I haven't looked into the rulesets yet to see which particular rule was causing snort to croak. You can run snort from the command line with the following: snort -c /etc/snort/snort.conf and it will tell you where the problem might be. Offtopic: Anybody have an idea why my name is showing up as h-h2? I've double checked my e-mail options to make sure my name is set correcly. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
DON'T DO THIS ! Don't change the ids page. If you have then check your Status page. Your IDS status will show its not running. Like mine! The 2.4 version, as you would expect if you think about it, look like they aren't compatible with 2.3 -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a1577 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Thx a lot h h-2! =) I guess this is a task for the devs. to take care of, I hope they read this mailing list or? h h-2 wrote: > > The problem with the updating of snort rules is that > the 2.3 ruleset is no longer available on snort.org. > > I modified the /home/httpd/cgi-bin/ids.cgi file and > replaced 2.3 with 2.4 and didn't get the error when I > clicked on "download new ruleset". It showed that > updated rules were downloaded but I don't know fully > if it is fully working or not yet. > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13331555 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
The problem with the updating of snort rules is that the 2.3 ruleset is no longer available on snort.org. I modified the /home/httpd/cgi-bin/ids.cgi file and replaced 2.3 with 2.4 and didn't get the error when I clicked on "download new ruleset". It showed that updated rules were downloaded but I don't know fully if it is fully working or not yet. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Same here with snort is not updating. same MD5 error I also tested snort on an older version of Endian and it is not updating on it as well: Linux fw.domain.int 2.6.9-34.0.1.EL.endian14 #1 Thu May 25 21:56:03 EDT 2006 i686 i686 i386 GNU/Linux Joseph L. Casale wrote: > > Exact scenario occurred for me as well. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of woodrowbone > Sent: October-16-07 3:55 AM > To: efw-user@lists.sourceforge.net > Subject: Re: [Efw-user] Problems updating snort > > > Could some more people verify that this is the case on more Endian 2.1.2 > installs or just a fluke? > I did test on another installation with the same results. > Snort or Endian prob? > > Woodrow > > > Tom-225 wrote: >> >> Hello Woodrow, >> >> I am had exactly the same problem yesterday night and found no solution >> for >> it. >> >> Has anybody a solution for this? >> >> Greetings >> tomakos >> >>> -Original Message- >>> From: [EMAIL PROTECTED] [mailto:efw-user- >>> [EMAIL PROTECTED] On Behalf Of woodrowbone >>> Sent: Sonntag, 14. Oktober 2007 00:25 >>> To: efw-user@lists.sourceforge.net >>> Subject: [Efw-user] Problems updating snort >>> >>> >>> Hi guys! >>> All of a sudden I get these messages when trying to update the IDS >>> (snort) >>> First this mess: Invalid MD5Sum. >>> Then this: Access refused with this oinkcode >>> I did try to make a new account at snort with a new oinkcode but no go >>> >-( >>> >>> Anyone knows why:confused: >>> >>> Woodrow >>> -- >>> View this message in context: http://www.nabble.com/Problems-updating- >>> snort-tf4619676.html#a13193578 >>> Sent from the efw-user mailing list archive at Nabble.com. >>> >>> >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> ___ >>> Efw-user mailing list >>> Efw-user@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> > > -- > View this message in context: > http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 > Sent from the efw-user mailing list archive at Nabble.com. > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13263786 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort And content filter...
compdoc a écrit : > I don’t think there is a link between the two. > > And the content filter does work. I have two customers who keep their > employees > off those websites that are most likely to infect your computer with some > virus. > > > In fact, it works too well - the wrong word on the news page of sites like > msn.com or yahoo.com will prevent them from opening, so you have to place them > in the whitelist. > > It works thru the Advanced Web Proxy, which unless the proxy address is set up > in IE, will not be used by default. Setting it to 'transparent on Green' will > solve all that without you having to change IE's settings on all the clients. > And of course Contentfilter is enabled there as well. > > On the Content filter page, I set it up like this for businesses: > > Max score: 300, PICS enabled > Block Pages with categories: (all you decide) > Block pages known to have content: (all you decide) > Black and white lists: (as needed) > > If you've set this, and it still isn’t working, try rebooting the efw. > > Hi, I actuallay lower the score to 50, in order to be fully catched by the content filter, pics is enabled, nearly every page categories were selected in the test as well as the content pages... Regarding the black list, i've only entered the selected site to be tested I will reboot the FW (as i will see the customer on friday) and tell wether it's ok or not... Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort And content filter...
I dont think there is a link between the two. And the content filter does work. I have two customers who keep their employees off those websites that are most likely to infect your computer with some virus. In fact, it works too well - the wrong word on the news page of sites like msn.com or yahoo.com will prevent them from opening, so you have to place them in the whitelist. It works thru the Advanced Web Proxy, which unless the proxy address is set up in IE, will not be used by default. Setting it to 'transparent on Green' will solve all that without you having to change IE's settings on all the clients. And of course Contentfilter is enabled there as well. On the Content filter page, I set it up like this for businesses: Max score: 300, PICS enabled Block Pages with categories: (all you decide) Block pages known to have content: (all you decide) Black and white lists: (as needed) If you've set this, and it still isnt working, try rebooting the efw. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephane Parenton Sent: Tuesday, October 16, 2007 11:53 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Problems updating snort And content filter... Joseph L. Casale a écrit : > Exact scenario occurred for me as well. > Hi everyone, here again, on a brand new install with 2.1.2, an old oink and a brand new one... it all end up with the same result, md5 error first and invalid oink after this... But it does not end here... I tried the content filter in order to prove my customer that it can be useful... Bad Idea !!! I tried to put on all the porno and sexual things and typed www.grosseins.com (bigboobs.com should exist also in english...)... I was quite amazed that i can access the site without any trouble... I did also put http://www.grosseins.com in the black list, but it also failed to block the site Is the oink code related to the content filter or a snort general problem on this version ? I don't know... What I know is that the "mother who wanted her kid to be protected by the content filter" had quite surprise to see i did not work as it should... Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort And content filter...
Joseph L. Casale a écrit : > Exact scenario occurred for me as well. > Hi everyone, here again, on a brand new install with 2.1.2, an old oink and a brand new one... it all end up with the same result, md5 error first and invalid oink after this... But it does not end here... I tried the content filter in order to prove my customer that it can be useful... Bad Idea !!! I tried to put on all the porno and sexual things and typed www.grosseins.com (bigboobs.com should exist also in english...)... I was quite amazed that i can access the site without any trouble... I did also put http://www.grosseins.com in the black list, but it also failed to block the site Is the oink code related to the content filter or a snort general problem on this version ? I don't know... What I know is that the "mother who wanted her kid to be protected by the content filter" had quite surprise to see i did not work as it should... Stephane - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Exact scenario occurred for me as well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of woodrowbone Sent: October-16-07 3:55 AM To: efw-user@lists.sourceforge.net Subject: Re: [Efw-user] Problems updating snort Could some more people verify that this is the case on more Endian 2.1.2 installs or just a fluke? I did test on another installation with the same results. Snort or Endian prob? Woodrow Tom-225 wrote: > > Hello Woodrow, > > I am had exactly the same problem yesterday night and found no solution > for > it. > > Has anybody a solution for this? > > Greetings > tomakos > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:efw-user- >> [EMAIL PROTECTED] On Behalf Of woodrowbone >> Sent: Sonntag, 14. Oktober 2007 00:25 >> To: efw-user@lists.sourceforge.net >> Subject: [Efw-user] Problems updating snort >> >> >> Hi guys! >> All of a sudden I get these messages when trying to update the IDS >> (snort) >> First this mess: Invalid MD5Sum. >> Then this: Access refused with this oinkcode >> I did try to make a new account at snort with a new oinkcode but no go >> >-( >> >> Anyone knows why:confused: >> >> Woodrow >> -- >> View this message in context: http://www.nabble.com/Problems-updating- >> snort-tf4619676.html#a13193578 >> Sent from the efw-user mailing list archive at Nabble.com. >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Could some more people verify that this is the case on more Endian 2.1.2 installs or just a fluke? I did test on another installation with the same results. Snort or Endian prob? Woodrow Tom-225 wrote: > > Hello Woodrow, > > I am had exactly the same problem yesterday night and found no solution > for > it. > > Has anybody a solution for this? > > Greetings > tomakos > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:efw-user- >> [EMAIL PROTECTED] On Behalf Of woodrowbone >> Sent: Sonntag, 14. Oktober 2007 00:25 >> To: efw-user@lists.sourceforge.net >> Subject: [Efw-user] Problems updating snort >> >> >> Hi guys! >> All of a sudden I get these messages when trying to update the IDS >> (snort) >> First this mess: Invalid MD5Sum. >> Then this: Access refused with this oinkcode >> I did try to make a new account at snort with a new oinkcode but no go >> >-( >> >> Anyone knows why:confused: >> >> Woodrow >> -- >> View this message in context: http://www.nabble.com/Problems-updating- >> snort-tf4619676.html#a13193578 >> Sent from the efw-user mailing list archive at Nabble.com. >> >> >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13229993 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Hello Woodrow, I am had exactly the same problem yesterday night and found no solution for it. Has anybody a solution for this? Greetings tomakos > -Original Message- > From: [EMAIL PROTECTED] [mailto:efw-user- > [EMAIL PROTECTED] On Behalf Of woodrowbone > Sent: Sonntag, 14. Oktober 2007 00:25 > To: efw-user@lists.sourceforge.net > Subject: [Efw-user] Problems updating snort > > > Hi guys! > All of a sudden I get these messages when trying to update the IDS (snort) > First this mess: Invalid MD5Sum. > Then this: Access refused with this oinkcode > I did try to make a new account at snort with a new oinkcode but no go >-( > > Anyone knows why:confused: > > Woodrow > -- > View this message in context: http://www.nabble.com/Problems-updating- > snort-tf4619676.html#a13193578 > Sent from the efw-user mailing list archive at Nabble.com. > > > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Problems updating snort
Hi guys! All of a sudden I get these messages when trying to update the IDS (snort) First this mess: Invalid MD5Sum. Then this: Access refused with this oinkcode I did try to make a new account at snort with a new oinkcode but no go >-( Anyone knows why:confused: Woodrow -- View this message in context: http://www.nabble.com/Problems-updating-snort-tf4619676.html#a13193578 Sent from the efw-user mailing list archive at Nabble.com. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
