Thank you for your response and sorry for the delay in my response, changed
to public, good morning

El mar, 9 de mar. de 2021 a la(s) 09:00, Marc Deslauriers (
1917...@bugs.launchpad.net) escribió:

> Thanks for reporting this issue. Can I make this bug public so that the
> fwsnort community can see it and possibly fix the issue?
>
> ** Changed in: fwsnort (Ubuntu)
>        Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917682
>
> Title:
>   rules url error fwsnort
>
> Status in fwsnort package in Ubuntu:
>   Incomplete
>
> Bug description:
>
>   psad detects the default url of fwsnort rules and blocks the ip
>
>   sudo psad --sig-update
>
>   sudo fwsnort --update-rules
>
>
>   Resolviendo rules.emergingthreats.net (rules.emergingthreats.net)...
> 23.21.164.163, 18.214.66.196
>   Conectando con rules.emergingthreats.net 
> (rules.emergingthreats.net)[23.21.164.163]:80...
> falló: Expiró el tiempo de conexión.
>   Conectando con rules.emergingthreats.net 
> (rules.emergingthreats.net)[18.214.66.196]:80...
> ^C[-] Could not download emerging-all.rules file.
>   [*] Could not move emerging-all.rules -> emerging-all.rules.tmp at
> /usr/sbin/fwsnort line 4387.
>
>
>   added iptables auto-block against 18.214.66.196
>
>   added iptables auto-block against 23.21.164.163
>
>   Danger level: [2] (out of 5)
>
>       Scanned TCP ports: [48356: 1 packets]
>               TCP flags: [ACK: 1 packets]
>          iptables chain: FWSNORT_INPUT_ESTAB (prefix "[498] REJ SID1310
> ESTAB"), 1 packets
>            fwsnort rule: 498
>
>                  Source: 18.214.66.196
>                     DNS: ec2-18-214-66-196.compute-1.amazonaws.com
>                     MAC: 8c:c5:b4:dd:fe:e0
>   [+] TCP scan signatures:
>
>      "PORN free XXX"
>          dst port:  48356 (no server bound to local port)
>          flags:     ACK
>          content:   "FREE XXX"
>          sid:       1310
>          chain:     FWSNORT_INPUT_ESTAB
>          packets:   1
>          classtype: kickass-porn
>   -----------------------------------------------------------------
>
>   Danger level: [2] (out of 5)
>
>       Scanned TCP ports: [54500: 2 packets]
>               TCP flags: [ACK: 2 packets]
>          iptables chain: FWSNORT_INPUT_ESTAB (prefix "[514] REJ SID1795
> ESTAB"), 1 packets
>            fwsnort rule: 514
>          iptables chain: FWSNORT_INPUT_ESTAB (prefix "[93] REJ
> SID100000105 ESTAB"), 1 packets
>            fwsnort rule: 93
>
>                  Source: 23.21.164.163
>                     DNS: ec2-23-21-164-163.compute-1.amazonaws.com
>                     MAC: 8c:c5:b4:dd:fe:e0
>
>   [+] TCP scan signatures:
>
>      "PORN ejaculation"
>          dst port:  54500 (no server bound to local port)
>          flags:     ACK
>          content:   "ejaculat"
>          sid:       1795
>          chain:     FWSNORT_INPUT_ESTAB
>          packets:   1
>          classtype: kickass-porn
>
>      "COMMUNITY INAPPROPRIATE lolita sex"
>          dst port:  54500 (no server bound to local port)
>          flags:     ACK
>          content:   "lolita"
>          content:   "sex"
>          sid:       100000105
>          chain:     FWSNORT_INPUT_ESTAB
>          packets:   1
>          classtype: kickass-porn
>
>   --------------------------------------------------------------------
>    /etc/psad/psad.conf
>   #### AOL AIM server nets
>   AIM_SERVERS                 [64.12.24.0/24, 64.12.25.0/24,
> 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24,
>   64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
>
>
>   /etc/fwsnort/fwsnort.conf
>   ### AOL AIM server nets
>   AIM_SERVERS             [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24,
> 64.12.28.0/24, 64.12.29.0/24,
>    64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
>   -------------------------------------------------------------------
>
>   ubuntu Linux 5.4.0-66-generic #74~18.04.2-Ubuntu SMP Fri Feb 5
>   11:17:31 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
>
>   apt-cache policy fwsnort
>   fwsnort:
>     Instalados: 1.6.7-3
>     Candidato:  1.6.7-3
>     Tabla de versión:
>    *** 1.6.7-3 500
>           500 http://archive.ubuntu.com/ubuntu bionic/universe amd64
> Packages
>           500 http://archive.ubuntu.com/ubuntu bionic/universe i386
> Packages
>           100 /var/lib/dpkg/status
>
>   apt-cache policy psad
>   psad:
>     Instalados: 2.4.3-1.2
>     Candidato:  2.4.3-1.2
>     Tabla de versión:
>    *** 2.4.3-1.2 500
>           500 http://archive.ubuntu.com/ubuntu bionic/universe amd64
> Packages
>           100 /var/lib/dpkg/status
>
>   ProblemType: Bug
>   DistroRelease: Ubuntu 18.04
>   Package: fwsnort 1.6.7-3
>   ProcVersionSignature: Ubuntu 5.4.0-66.74~18.04.2-generic 5.4.86
>   Uname: Linux 5.4.0-66-generic x86_64
>   ApportVersion: 2.20.9-0ubuntu7.23
>   Architecture: amd64
>   CurrentDesktop: ubuntu:GNOME
>   Date: Wed Mar  3 20:12:08 2021
>   InstallationDate: Installed on 2020-04-16 (321 days ago)
>   InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64
> (20200203.1)
>   PackageArchitecture: all
>   SourcePackage: fwsnort
>   UpgradeStatus: No upgrade log present (probably fresh install)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions
>

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1917682

Title:
  rules url error fwsnort

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwsnort/+bug/1917682/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to