Snort: No more VRT-Updates? -> Snort-Version too old?
-
same here. I just registered to post about it. I talked to someone at Snort and got a quick reply. The url pfsense is using is not the right one and needs to be updated. Seems mine is attemping to download 2980 rules, where It should be trying to download 2983 rules. Maybe a good feature where we can manually update?
Bad timing for me I guess. I purchased the upgraded rules a few days ago. lol
-
My bad for being late on the package update. Look for this to be fixed in another day or two. The correct package has been posted for the pfSense team to review and merge. The long Independence Day weekend here in the U.S. is slowing things down. I did not post the update for them to review until late this past Friday evening.
Bill
-
No worries. Thanks for all your hard work. Great product! I use it at home and at the business network I manage. Take it easy and have a happy 4th!
-
Any Eta on this or any special instructions we need to know about. I still have no updates yet.
-
another post. Just update snort from packages. There is a squid update as well… unrelated. lol . Thanks
-
Worked on 7/12/16 BUT hasn't updated since. I "Forced Update" and I get a
"Snort GPLv2 Community Rules md5 download failed.
Server returned error code 0."Any suggestions?
-
Never mind. I reverted back to a early restore point when I didn't install squid in the last 2 days and snort updates correctly.
I am guessing squid is blocking snort updates, and pfsense packages.
-
I figured I'd update this with what turned out to be the actual problem.
It was not SQUID it was PFBLOCKER and a BOGON list I had installed from iBlocklist.com….
PFBLOCKER Bogon list was blocking the SNORT VRT Rules and other updates. Kind of weird as this hasn't happened before and I've been using these lists for quite sometime...
ohh well... at least I figured it out :)
-
I figured I'd update this with what turned out to be the actual problem.
It was not SQUID it was PFBLOCKER and a BOGON list I had installed from iBlocklist.com….
PFBLOCKER Bogon list was blocking the SNORT VRT Rules and other updates. Kind of weird as this hasn't happened before and I've been using these lists for quite sometime...
ohh well... at least I figured it out :)
IP addresses can come and go on lists like that. Every now and then it would not be unexpected for a legitimate site to maybe pickup an IP that was once a bad guy's. Just like phone numbers can be reused, so to can IP addresses. That's one issue in my personal view with lists of so-called "bad IP addresses". They can sometimes get a little stale and block legitimate sites that happened to get assigned one of those formerly bad IP addresses. Remember, there are no more IPv4 addresses, so the existing pool will keep getting recycled as old sites die and new sites need an IP to come online.
Bill
-
I, too, am unable to download snort updates.
Specifically, there are two issues:
1. I have unchecked "Click to retain Snort settings after package removal." Then uninstalled, then rebooted, and still Snort remembers my settings (including my oinkmaster code)
2. Ignoring that….. and more importantly, when trying to update VRT rules using snort 3.2.9.1_14, I get the following error. Any ideas?
Starting rules update... Time: 2016-08-11 22:05:58 Downloading Snort VRT rules md5 file snortrules-snapshot-2983.tar.gz.md5... Checking Snort VRT rules md5 file... There is a new set of Snort VRT rules posted. Downloading file 'snortrules-snapshot-2983.tar.gz'... Snort VRT rules file download failed. Server returned error 0. The error text was: Connection timed out after 15015 milliseconds Snort VRT rules will not be updated. The Rules update has finished. Time: 2016-08-11 22:07:59I have tried more than 10 times over the last 3 days.
I run the following packages:
pfblockerNG 2.1.1_1 with TLD features enabled
squid
Squidguard
Machine:
C2758
16 Gigs ECC ram
4 onboard intel NIC
1x PCI-e intel 4 port pro/1000 PT
