subject:"\[Bug 1917682\] Re\: rules url error fwsnort"

[Bug 1917682] Re: rules url error fwsnort

2021-03-13 Thread claudio javier fernandez

changing the address from http to https seems to fix psad's crash, but i
still get data from unconfigured servers in:

/etc/fwsnort/fwsnort.conf
### AOL AIM server nets
AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 
64.12.29.0/24,
  64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];

sudo fwsnort --update-rules
[+] Downloading latest rules into /etc/fwsnort/snort_rules/--2021-03-13 
12:23:40--  
https://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules
Resolviendo rules.emergingthreats.net (rules.emergingthreats.net)... 
18.214.66.196, 23.21.164.163
Conectando con rules.emergingthreats.net 
(rules.emergingthreats.net)[18.214.66.196]:443... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 17054303 (16M) [text/plain]
Guardando como: “emerging-all.rules”

emerging-all.rules
100%[=>]  16,26M
509KB/sen 30s

2021-03-13 12:24:11 (551 KB/s) - “emerging-all.rules” guardado
[17054303/17054303]

[+] Finished.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917682

Title:
  rules url error fwsnort

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1917682] Re: rules url error fwsnort

2021-03-12 Thread claudio javier fernandez

** Changed in: fwsnort (Ubuntu)
 Assignee: (unassigned) => claudio javier fernandez (cjfjavier)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917682

Title:
  rules url error fwsnort

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1917682] Re: rules url error fwsnort

2021-03-12 Thread claudio javier fernandez

** Changed in: fwsnort (Ubuntu)
   Status: Incomplete => Invalid

** Converted to question:
   https://answers.launchpad.net/ubuntu/+source/fwsnort/+question/696031

** Description changed:

  psad detects the default url of fwsnort rules and blocks the ip
  
  when executing the following commands the ip addresses do not correspond
  to the servers configured in the fwsnort and psad files
  
- sudo psad --sig-update
+ EDIT (sudo psad --sig-update) corrected
  
  sudo fwsnort --update-rules
  
  Resolviendo rules.emergingthreats.net (rules.emergingthreats.net)... 
23.21.164.163, 18.214.66.196
  Conectando con rules.emergingthreats.net 
(rules.emergingthreats.net)[23.21.164.163]:80... falló: Expiró el tiempo de 
conexión.
  Conectando con rules.emergingthreats.net 
(rules.emergingthreats.net)[18.214.66.196]:80... ^C[-] Could not download 
emerging-all.rules file.
  [*] Could not move emerging-all.rules -> emerging-all.rules.tmp at 
/usr/sbin/fwsnort line 4387.
  
  I receive mail alert in mutt
  
  Subject: [psad-status] tcpwrappers AUTO-BLOCK against 18.214.66.196
  
  Subject: [psad-status] tcpwrappers AUTO-BLOCK against 23.21.164.163
  
  added iptables auto-block against 18.214.66.196
  
  added iptables auto-block against 23.21.164.163
  
  Danger level: [2] (out of 5)
  
  Scanned TCP ports: [48356: 1 packets]
  TCP flags: [ACK: 1 packets]
     iptables chain: FWSNORT_INPUT_ESTAB (prefix "[498] REJ SID1310 
ESTAB"), 1 packets
   fwsnort rule: 498
  
     Source: 18.214.66.196
    DNS: ec2-18-214-66-196.compute-1.amazonaws.com
    MAC:
  [+] TCP scan signatures:
  
     "PORN free XXX"
     dst port:  48356 (no server bound to local port)
     flags: ACK
     content:   "FREE XXX"
     sid:   1310
     chain: FWSNORT_INPUT_ESTAB
     packets:   1
     classtype: kickass-porn
  -
  
  Danger level: [2] (out of 5)
  
  Scanned TCP ports: [54500: 2 packets]
  TCP flags: [ACK: 2 packets]
     iptables chain: FWSNORT_INPUT_ESTAB (prefix "[514] REJ SID1795 
ESTAB"), 1 packets
   fwsnort rule: 514
     iptables chain: FWSNORT_INPUT_ESTAB (prefix "[93] REJ SID10105 
ESTAB"), 1 packets
   fwsnort rule: 93
  
     Source: 23.21.164.163
    DNS: ec2-23-21-164-163.compute-1.amazonaws.com
    MAC:
  
  [+] TCP scan signatures:
  
     "PORN ejaculation"
     dst port:  54500 (no server bound to local port)
     flags: ACK
     content:   "ejaculat"
     sid:   1795
     chain: FWSNORT_INPUT_ESTAB
     packets:   1
     classtype: kickass-porn
  
     "COMMUNITY INAPPROPRIATE lolita sex"
     dst port:  54500 (no server bound to local port)
     flags: ACK
     content:   "lolita"
     content:   "sex"
     sid:   10105
     chain: FWSNORT_INPUT_ESTAB
     packets:   1
     classtype: kickass-porn
  
  
   /etc/psad/psad.conf
   AOL AIM server nets
  AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 
64.12.28.0/24, 64.12.29.0/24,
  64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
  
  /etc/fwsnort/fwsnort.conf
  ### AOL AIM server nets
  AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 
64.12.28.0/24, 64.12.29.0/24,
   64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
  ---
  
  ubuntu Linux 5.4.0-66-generic #74~18.04.2-Ubuntu SMP Fri Feb 5 11:17:31
  UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
  
  apt-cache policy fwsnort
  fwsnort:
    Instalados: 1.6.7-3
    Candidato:  1.6.7-3
    Tabla de versión:
   *** 1.6.7-3 500
  500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
  500 http://archive.ubuntu.com/ubuntu bionic/universe i386 Packages
  100 /var/lib/dpkg/status
  
  apt-cache policy psad
  psad:
    Instalados: 2.4.3-1.2
    Candidato:  2.4.3-1.2
    Tabla de versión:
   *** 2.4.3-1.2 500
  500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
  100 /var/lib/dpkg/status
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: fwsnort 1.6.7-3
  ProcVersionSignature: Ubuntu 5.4.0-66.74~18.04.2-generic 5.4.86
  Uname: Linux 5.4.0-66-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.23
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Mar  3 20:12:08 2021
  InstallationDate: Installed on 2020-04-16 (321 days ago)
  InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 
(20200203.1)
  PackageArchitecture: all
  SourcePackage: fwsnort
  UpgradeStatus: No upgrade log present (probably fresh install)
  
  edit:psad corrected without changing configuration

[Bug 1917682] Re: rules url error fwsnort

2021-03-12 Thread claudio javier fernandez

** Description changed:

+ psad detects the default url of fwsnort rules and blocks the ip
  
- psad detects the default url of fwsnort rules and blocks the ip
+ 
+ when executing the following commands the ip addresses do not correspond to 
the servers configured in the fwsnort and psad files
  
  sudo psad --sig-update
  
+ 
  sudo fwsnort --update-rules
- 
  
  Resolviendo rules.emergingthreats.net (rules.emergingthreats.net)... 
23.21.164.163, 18.214.66.196
  Conectando con rules.emergingthreats.net 
(rules.emergingthreats.net)[23.21.164.163]:80... falló: Expiró el tiempo de 
conexión.
  Conectando con rules.emergingthreats.net 
(rules.emergingthreats.net)[18.214.66.196]:80... ^C[-] Could not download 
emerging-all.rules file.
  [*] Could not move emerging-all.rules -> emerging-all.rules.tmp at 
/usr/sbin/fwsnort line 4387.
  
+ I receive mail alert in mutt
  
  added iptables auto-block against 18.214.66.196
  
  added iptables auto-block against 23.21.164.163
  
  Danger level: [2] (out of 5)
  
- Scanned TCP ports: [48356: 1 packets]
- TCP flags: [ACK: 1 packets]
-iptables chain: FWSNORT_INPUT_ESTAB (prefix "[498] REJ SID1310 
ESTAB"), 1 packets
-  fwsnort rule: 498
+ Scanned TCP ports: [48356: 1 packets]
+ TCP flags: [ACK: 1 packets]
+    iptables chain: FWSNORT_INPUT_ESTAB (prefix "[498] REJ SID1310 
ESTAB"), 1 packets
+  fwsnort rule: 498
  
-Source: 18.214.66.196
-   DNS: ec2-18-214-66-196.compute-1.amazonaws.com
-   MAC: 8c:c5:b4:dd:fe:e0
+    Source: 18.214.66.196
+   DNS: ec2-18-214-66-196.compute-1.amazonaws.com
+   MAC: 8c:c5:b4:dd:fe:e0
  [+] TCP scan signatures:
  
-"PORN free XXX"
-dst port:  48356 (no server bound to local port)
-flags: ACK
-content:   "FREE XXX"
-sid:   1310
-chain: FWSNORT_INPUT_ESTAB
-packets:   1
-classtype: kickass-porn
+    "PORN free XXX"
+    dst port:  48356 (no server bound to local port)
+    flags: ACK
+    content:   "FREE XXX"
+    sid:   1310
+    chain: FWSNORT_INPUT_ESTAB
+    packets:   1
+    classtype: kickass-porn
  -
  
  Danger level: [2] (out of 5)
  
- Scanned TCP ports: [54500: 2 packets]
- TCP flags: [ACK: 2 packets]
-iptables chain: FWSNORT_INPUT_ESTAB (prefix "[514] REJ SID1795 
ESTAB"), 1 packets
-  fwsnort rule: 514
-iptables chain: FWSNORT_INPUT_ESTAB (prefix "[93] REJ SID10105 
ESTAB"), 1 packets
-  fwsnort rule: 93
+ Scanned TCP ports: [54500: 2 packets]
+ TCP flags: [ACK: 2 packets]
+    iptables chain: FWSNORT_INPUT_ESTAB (prefix "[514] REJ SID1795 
ESTAB"), 1 packets
+  fwsnort rule: 514
+    iptables chain: FWSNORT_INPUT_ESTAB (prefix "[93] REJ SID10105 
ESTAB"), 1 packets
+  fwsnort rule: 93
  
-Source: 23.21.164.163
-   DNS: ec2-23-21-164-163.compute-1.amazonaws.com
-   MAC: 8c:c5:b4:dd:fe:e0
+    Source: 23.21.164.163
+   DNS: ec2-23-21-164-163.compute-1.amazonaws.com
+   MAC: 8c:c5:b4:dd:fe:e0
  
  [+] TCP scan signatures:
  
-"PORN ejaculation"
-dst port:  54500 (no server bound to local port)
-flags: ACK
-content:   "ejaculat"
-sid:   1795
-chain: FWSNORT_INPUT_ESTAB
-packets:   1
-classtype: kickass-porn
+    "PORN ejaculation"
+    dst port:  54500 (no server bound to local port)
+    flags: ACK
+    content:   "ejaculat"
+    sid:   1795
+    chain: FWSNORT_INPUT_ESTAB
+    packets:   1
+    classtype: kickass-porn
  
-"COMMUNITY INAPPROPRIATE lolita sex"
-dst port:  54500 (no server bound to local port)
-flags: ACK
-content:   "lolita"
-content:   "sex"
-sid:   10105
-chain: FWSNORT_INPUT_ESTAB
-packets:   1
-classtype: kickass-porn
+    "COMMUNITY INAPPROPRIATE lolita sex"
+    dst port:  54500 (no server bound to local port)
+    flags: ACK
+    content:   "lolita"
+    content:   "sex"
+    sid:   10105
+    chain: FWSNORT_INPUT_ESTAB
+    packets:   1
+    classtype: kickass-porn
  
  
-  /etc/psad/psad.conf
+  /etc/psad/psad.conf
   AOL AIM server nets
- AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 
64.12.28.0/24, 64.12.29.0/24, 
+ AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 
64.12.28.0/24, 64.12.29.0/24,
  64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
- 
  
  /etc/fwsnort/fwsnort.conf
  ### AOL AIM server nets

Re: [Bug 1917682] Re: rules url error fwsnort

2021-03-12 Thread claudio javier fernandez

Thank you for your response and sorry for the delay in my response, changed
to public, good morning

El mar, 9 de mar. de 2021 a la(s) 09:00, Marc Deslauriers (
1917...@bugs.launchpad.net) escribió:

> Thanks for reporting this issue. Can I make this bug public so that the
> fwsnort community can see it and possibly fix the issue?
>
> ** Changed in: fwsnort (Ubuntu)
>Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917682
>
> Title:
>   rules url error fwsnort
>
> Status in fwsnort package in Ubuntu:
>   Incomplete
>
> Bug description:
>
>   psad detects the default url of fwsnort rules and blocks the ip
>
>   sudo psad --sig-update
>
>   sudo fwsnort --update-rules
>
>
>   Resolviendo rules.emergingthreats.net (rules.emergingthreats.net)...
> 23.21.164.163, 18.214.66.196
>   Conectando con rules.emergingthreats.net 
> (rules.emergingthreats.net)[23.21.164.163]:80...
> falló: Expiró el tiempo de conexión.
>   Conectando con rules.emergingthreats.net 
> (rules.emergingthreats.net)[18.214.66.196]:80...
> ^C[-] Could not download emerging-all.rules file.
>   [*] Could not move emerging-all.rules -> emerging-all.rules.tmp at
> /usr/sbin/fwsnort line 4387.
>
>
>   added iptables auto-block against 18.214.66.196
>
>   added iptables auto-block against 23.21.164.163
>
>   Danger level: [2] (out of 5)
>
>   Scanned TCP ports: [48356: 1 packets]
>   TCP flags: [ACK: 1 packets]
>  iptables chain: FWSNORT_INPUT_ESTAB (prefix "[498] REJ SID1310
> ESTAB"), 1 packets
>fwsnort rule: 498
>
>  Source: 18.214.66.196
> DNS: ec2-18-214-66-196.compute-1.amazonaws.com
> MAC: 8c:c5:b4:dd:fe:e0
>   [+] TCP scan signatures:
>
>  "PORN free XXX"
>  dst port:  48356 (no server bound to local port)
>  flags: ACK
>  content:   "FREE XXX"
>  sid:   1310
>  chain: FWSNORT_INPUT_ESTAB
>  packets:   1
>  classtype: kickass-porn
>   -
>
>   Danger level: [2] (out of 5)
>
>   Scanned TCP ports: [54500: 2 packets]
>   TCP flags: [ACK: 2 packets]
>  iptables chain: FWSNORT_INPUT_ESTAB (prefix "[514] REJ SID1795
> ESTAB"), 1 packets
>fwsnort rule: 514
>  iptables chain: FWSNORT_INPUT_ESTAB (prefix "[93] REJ
> SID10105 ESTAB"), 1 packets
>fwsnort rule: 93
>
>  Source: 23.21.164.163
> DNS: ec2-23-21-164-163.compute-1.amazonaws.com
> MAC: 8c:c5:b4:dd:fe:e0
>
>   [+] TCP scan signatures:
>
>  "PORN ejaculation"
>  dst port:  54500 (no server bound to local port)
>  flags: ACK
>  content:   "ejaculat"
>  sid:   1795
>  chain: FWSNORT_INPUT_ESTAB
>  packets:   1
>  classtype: kickass-porn
>
>  "COMMUNITY INAPPROPRIATE lolita sex"
>  dst port:  54500 (no server bound to local port)
>  flags: ACK
>  content:   "lolita"
>  content:   "sex"
>  sid:   10105
>  chain: FWSNORT_INPUT_ESTAB
>  packets:   1
>  classtype: kickass-porn
>
>   
>/etc/psad/psad.conf
>    AOL AIM server nets
>   AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24,
> 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24,
>   64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
>
>
>   /etc/fwsnort/fwsnort.conf
>   ### AOL AIM server nets
>   AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24,
> 64.12.28.0/24, 64.12.29.0/24,
>64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
>   ---
>
>   ubuntu Linux 5.4.0-66-generic #74~18.04.2-Ubuntu SMP Fri Feb 5
>   11:17:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
>
>   apt-cache policy fwsnort
>   fwsnort:
> Instalados: 1.6.7-3
> Candidato:  1.6.7-3
> Tabla de versión:
>*** 1.6.7-3 500
>   500 http://archive.ubuntu.com/ubuntu bionic/universe amd64
> Packages
>   500 http://archive.ubuntu.com/ubuntu bionic/universe i386
> Packages
>   100 /var/lib/dpkg/status
>
>   apt-cache policy psad
>   psad:
> Instalados: 2.4.3-1.2
> Candidato:  2.4.3-1.2
> Tabla de versión:
>*** 2.4.3-1.2 500
>   500 http://archive.ubuntu.com/ubuntu bionic/universe amd64
> Packages
>   100 /var/lib/dpkg/status
>
>   ProblemType: Bug
>   DistroRelease: Ubuntu 18.04
>   Package: fwsnort 1.6.7-3
>   ProcVersionSignature: Ubuntu 5.4.0-66.74~18.04.2-generic 5.4.86
>   Uname: Linux 5.4.0-66-generic x86_64
>   ApportVersion: 2.20.9-0ubuntu7.23
>   Architecture: amd64
>   CurrentDesktop: ubuntu:GNOME
>   Date: Wed Mar  3

[Bug 1917682] Re: rules url error fwsnort

2021-03-12 Thread claudio javier fernandez

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917682

Title:
  rules url error fwsnort

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1917682] Re: rules url error fwsnort

[Bug 1917682] Re: rules url error fwsnort

[Bug 1917682] Re: rules url error fwsnort

[Bug 1917682] Re: rules url error fwsnort

Re: [Bug 1917682] Re: rules url error fwsnort

[Bug 1917682] Re: rules url error fwsnort

6 matches

Site Navigation

Mail list logo

Footer information