mbrichetto

Members
  • Content count

    15
  • Joined

  • Last visited

  1. Attached is my Pulled Pork folder and the temp folder was cleared out. I also cleared out the folder and tried to run the command again, and in the picture attached that shows the files getting downloaded there. So it is grabbing something at least. My OinkCode also looks good. This device is also not sitting behind a proxy. pulledpork.zip
  2. Hi attached is my pulled pork config file pulledpork.conf
  3. Hi, I have recently went to upgrade my Snort version and Pulled Pork version. Those seem to have upgraded just fine. What I am having an issue with is trying to update pulled pork after the update. When I run the update command it seems like it can't connect to Talos which is a first time I am seeing that issue. Has anyone seen an issue like this before. In the attached screenshot I am able to browse to the website shown. It almost seems like the Talos side might not allow me in to download said file. Thanks in advance.
  4. I couldn't find in the original tutorial where you stated that, but I did just manually create two files named white_list.rules and black_list.rules. Then running the snort check seemed to do it. Is that good enough or do I need to run some type of command line? I also notice I had a winids.rules in my old snort rules folder, but not in the new one.
  5. I went ahead and started over by reusing my old winsnort folder. I went through the steps again and I came across this error when testing the snort config file. I went ahead and checked line 507 in my snort config file and below is the screenshot. Not sure how to proceed on this one.
  6. Last week I updated my version of WinSnort to Snort 2.9.7.6. I followed the tutorial and everything seems to be going just fine except for the type of traffic I am seeing, My WinSnort setup is running in a Windows 8.1 machine, using Apache and MySQL tutorial when it was originally created. I am not seeing the alerts in the WINIDS browser I usually would see. I attached a screenshot of some of the traffic that keeps displaying. This screenshot is just an example of the the type of traffic I am seeing. I don't know if this has anything to do with the latest rule set? I am also using pulled pork for updates. I noticed you updated in the forums that a lot of the companion programs were updated, which when I updated my WinSnort install I didn't re-download because it was before your post. With all of these moving components not really sure what I messed up.
  7. Perfect that did it. I then got an error with black_list.rules and I did the same Nul command again. Everything looks like it is good to.
  8. So I got through the setup of pulled pork with no real problems. I finally get to the last step of running the Snort self-test using the command line d:winidssnortbinsnort -c d:winidssnortetcsnort.conf -l d:winidssnortlog -i1 -T It comes back with an error ERROR: d:winidssnortetcsnort.conf(507) => Unable to open address file d:winidssnortrules/white_list.rules, Error: No such file or directory Fatal Error, Quitting.. Not sure what I messed up exactly.
  9. Just FYI the link to download for the "Rules Documentation (opensource.tgz)" link is broken. It looks like the snort.org site moved it to this link https://www.snort.org/downloads/community/opensource.tar.gzf So just FYI on that. I got the file with no problem.