No such file or directory - blacklist?

[mmatheus 0]

Any idea what is going on here?

'uname' is not recognized as an internal or external command,
operable program or batch file.
Checking latest MD5 for snortrules-snapshot-2975.tar.gz....
Rules tarball download of snortrules-snapshot-2975.tar.gz....
        They Match
        Done!
IP Blacklist download of http://talosintel.com/files/additional_resources/ips_bl
acklist/ip-filter.blf....
Reading IP List...
Couldn't read d:\winids\pulledpork\temp/888.85498046875-black_list.rules - No su
ch file or directory
 at d:\winids\pulledpork\pulledpork.pl line 540
        main::read_iplist('HASH(0x38eba80)', 'd:\winids\pulledpork\temp/888.8549
8046875-black_list.rules') called at d:\winids\pulledpork\pulledpork.pl line 431

        main::rulefetch('open', 'IPBLACKLIST0', 'd:\winids\pulledpork\temp/', 'h
ttp://talosintel.com/files/additional_resources/ips_blacklis...') called at d:\w
inids\pulledpork\pulledpork.pl line 1946

 

[Morpheus 28]

Is the file 888.85498046875-black_list.rules in the d:\winids\pulledpork\temp folder ?

It appears the download location may not be available. You might leave a note in the snort-users group with the error message you are receiving.

[mmatheus 0]

No, and I think that's the problem.  That file name is randomly created everytime and doesn't ever exist.

[Morpheus 28]

The location has a 404 error. Ask in the snort users group with a copy of the error.

In the interim just hash out the line and it will be bypassed.

Edited October 1, 2015 by Morpheus

[FrancklinMBG 0]

launch pulledpork.conf file with notepad2 and replace

rule_url=http://talosintel.com/files/additionnal_ressources/... by

rule_url=http://www.talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|OPEN

and you gotta got something like this

 

Edited November 10, 2015 by FrancklinMBG