snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: JJ Cummings <cummingsj_at_nospam>
Date: Fri May 29 2009 - 17:50:58 GMT
To: Eoin Miller <eoin.miller@trojanedbinaries.com>


That's exactly what "pulledpork" does.. it first checks the latest MD5 from VRT and compares against the last rules tarball that it fetched.. if matches.. the it does not re-download the file..

that being said, I am about to check in the code that will handle changes in the md5 file format.

Cheers,
JJC pulledpork here: http://code.google.com/p/pulledpork

On Fri, May 29, 2009 at 11:42 AM, Eoin Miller < eoin.miller@trojanedbinaries.com> wrote:

> I think this just MD5 sum's the file after download? How about something
> built into Snort for auto rule updating that would check a page like
> http://dl.snort.org/sub-rules/snortrules-snapshot-CURRENT_s.tar.gz.md5
> against the last downloaded MD5. If it doesn't match, go ahead and
> download the rules then and only then. This should reduce the bandwidth
> load of people just constantly grabbing the 90mb rules file over and
> over. Tenable does something similiar with their NASL feed system.
>
> --
> Eoin Miller
>
>
> Joel Esler wrote:
> > On Fri, May 29, 2009 at 12:56 PM, Jeff Dell <jdell@activeworx.com
> > <mailto:jdell@activeworx.com>> wrote:
> >
> > The problem with once a week is what happens if you check on
> > Monday at 8am and the rules are updated on Monday at 8:05? You
> > won’t get any updates for 2 weeks. It would be really great to
> > have something like a checksum that will be available to see if
> > there is a change in the rules file. This way users know exactly
> > when an update has occurred and even if they check it every 15
> > minutes they will be checking a tiny file as compared to 90megs+
> > file. Then incorporating this into your favorite update utility
> > will make updates very fast most of the time as there won’t be an
> > update to the file, and would severely lower the bandwidth that
> > snort.org <http://snort.org> needs.
> >
> >
> >
> >
> > A tool was recently written by one of our guys here at Sourcefire
> > called "PulledPork".
> > http://code.google.com/p/pulledpork/
> >
> > This tool updates rules and does exactly that (Checks the checksum of
> > the rules first).
> >
> >
> > --
> > joel esler | Sourcefire | gtalk: jesler@sourcefire.com
> > <mailto:jesler@sourcefire.com> | 302-223-5974
> > ------------------------------------------------------------------------
> >
> >
> ------------------------------------------------------------------------------
> > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> > is a gathering of tech-side developers & brand creativity professionals.
> Meet
> > the minds behind Google Creative Lab, Visual Complexity, Processing, &
> > iPhoneDevCamp as they present alongside digital heavyweights like
> Barbarian
> > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com



Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users