snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz

Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?

From: Jeff Dell <jdell_at_nospam>
Date: Fri May 29 2009 - 18:20:34 GMT
To: "'Joel Esler'" <jesler@sourcefire.com>, "'Jack Pepper'" <pepperjack@afferentsecurity.com>


Interesting.. I didn't know  

http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-C URRENT.tar.gz.md5  

existed. Is there a link that doesn't require an oinkcode? I can't find one.  

I also noticed that when you use this link it redirects to:

http://dl.snort.org/reg-rules/snortrules-snapshot-CURRENT.tar.gz.md5?oink_co de=<oinkcode>  

Is the original link going to go away?  

Thanks!

Jeff  

From: Joel Esler [mailto:jesler@sourcefire.com] Sent: Friday, May 29, 2009 1:57 PM
To: Jack Pepper
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] VRT Rules snapshot-CURRENT.tar.gz Download Error?  

On Fri, May 29, 2009 at 1:12 PM, Jack Pepper <pepperjack@afferentsecurity.com> wrote:

Quoting Jeff Dell <jdell@activeworx.com>:

> The problem with once a week is what happens if you check on Monday at 8am
> and the rules are updated on Monday at 8:05? You won't get any updates for
2
> weeks. It would be really great to have something like a checksum that
will
> be available to see if there is a change in the rules file. This way users
> know exactly when an update has occurred and even if they check it every
15
> minutes they will be checking a tiny file as compared to 90megs+ file.
Then
> incorporating this into your favorite update utility will make updates
very
> fast most of the time as there won't be an update to the file, and would
> severely lower the bandwidth that snort.org needs.
>

Good idea. If I could download the md5 using the oinkcode, it would be very nice. Like this:

http://www.snort.org/pub-bin/oinkmaster.cgi/${OINK}/snortrules-2.8.tar.gz.md 5
<http://www.snort.org/pub-bin/oinkmaster.cgi/$%7bOINK%7d/snortrules-2.8.tar. gz.md5>  

Why would you need an oinkcode to look for the md5? That's an unneeded step.     -- joel esler | Sourcefire | gtalk: jesler@sourcefire.com | 302-223-5974

------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com

_______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users