Snort 3.2.9.5_4 - Release Notes



  • Snort 3.2.9.5_4

    This update to the Snort package changes the URL for downloading the OpenAppID open rules package.  This rules package is maintained by a volunteer contributor and was formerly hosted at a University web site in Brazil.  That web site employs geo-protection, and thus Snort users in some countries were unable to download the OpenAppID rules.  The pfSense team has worked out an agreement with the rules package creator to host the package on pfSense infrastructure.  This will eliminate the geo-blocking issue.  No action is required on your part.  The URL change is automatic.

    Note to SG-3100 and other ARM hardware users:
    This package update does not address the problems within the Snort binary on ARM CPUs.  We are still trying to fix that issue.

    Bill



  • @bmeeks:

    Snort 3.2.9.5_4

    This update to the Snort package changes the URL for downloading the OpenAppID open rules package.

    Thanks Bill,
    This issue has presented a few glitches with some Unbound/pfBlockerNG/TLD listings that BBCan177 and I have had to work through on a few occasions.

    Rick



  • is this the same as the facebook post pfsense posted yesterday?  it advertised facebook blocking and other popular apps.  i reinstalled snort on my sg2220 last night and i don't see how to block facebook or anything posted in that online post .



  • @bcruze:

    is this the same as the facebook post pfsense posted yesterday?  it advertised facebook blocking and other popular apps.  i reinstalled snort on my sg2220 last night and i don't see how to block facebook or anything posted in that online post .

    Did you follow the link in that blog post to the "How To" document?  There are several steps involved in configuring OpenAppID in Snort.  It's more than just clicking the two checkboxes on the GLOBAL SETTINGS tab.  There are specific rules that have to be enabled as well on the RULES tab.  The various OpenAppID signatures are divided into various categories on that tab once you enable the rules and download them.

    Bill



  • I wanted to test the OpenAppID feature, but I cannot get the rules to download. The log entries are shown below. I have no problems downloading the rule files directly using the URL http://files.pfsense.org/openappid/appid_rules.tar.gz. Does anyone know what I am missing?

    Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
    Checking Snort OpenAppID RULES detectors md5 file...
    There is a new set of Snort OpenAppID RULES detectors posted.
    Downloading file 'appid_rules.tar.gz'...
    Done downloading rules file.
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
    Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
    Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.
    


  • @revengineer:

    I wanted to test the OpenAppID feature, but I cannot get the rules to download. The log entries are shown below. I have no problems downloading the rule files directly using the URL http://files.pfsense.org/openappid/appid_rules.tar.gz. Does anyone know what I am missing?

    Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
    Checking Snort OpenAppID RULES detectors md5 file...
    There is a new set of Snort OpenAppID RULES detectors posted.
    Downloading file 'appid_rules.tar.gz'...
    Done downloading rules file.
    Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
    Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
    Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
    Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.
    

    The problem is given in the error message.  The MD5 checksum check failed.  That means either your download got corrupted, or the MD5 file on the pfSense site is not correct for the current gzip rules archive.  Usually these kinds of errors auto-correct if you just wait a few hours or a day for things to get sorted out on the hosting site.

    Bill



  • @bmeeks:

    The problem is given in the error message.  The MD5 checksum check failed.  That means either your download got corrupted, or the MD5 file on the pfSense site is not correct for the current gzip rules archive.  Usually these kinds of errors auto-correct if you just wait a few hours or a day for things to get sorted out on the hosting site.

    Bill

    Thank you for the response. I just checked and the problem indeed fixed itself. The rules have loaded and I can start experimenting with application blocking.



  • i too am having same issue. i will also wait to see if it resoles for itself


Log in to reply