mbrichetto

Pulled Pork Update Error

6 posts in this topic

Hi,

 

I have recently went to upgrade my Snort version and Pulled Pork version. Those seem to have upgraded just fine. What I am having an issue with is trying to update pulled pork after the update. When I run the update command it seems like it can't connect to Talos which is a first time I am seeing that issue. Has anyone seen an issue like this before. In the attached screenshot I am able to browse to the website shown. It almost seems like the Talos side might not allow me in to download said file.

 

Thanks in advance. 

Pulled Pork Error.JPG

Share this post


Link to post
Share on other sites

Make SURE you are ONLY using the Pulledpork from here. I have to modify it to work on windows. Make sure your oink code is correct. If you are behind a proxy there may be problems. Try removing everything in the pulledpork/temp folder. If there is still problems zip up the pulledpork folder and attach it. Don't forget to delete everything in the pulledpork/temp folder before compressing.

Share this post


Link to post
Share on other sites

Attached is my Pulled Pork folder and the temp folder was cleared out. I also cleared out the folder and tried to run the command again, and in the picture attached that shows the files getting downloaded there. So it is grabbing something at least. My OinkCode also looks good. This device is also not sitting behind a proxy.

 

 

Pulled Pork Temp Folder.JPG

pulledpork.zip

Share this post


Link to post
Share on other sites

Pulled your Pulledpork folder in and everything works as expected. I'm not sure what the problem is?

Possible firewall issue with a blocked port?

C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T

    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.4 - Helping you protect your bitcoin wallet!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2017 JJ Cummings, Michael Shirk
  @_/        /  66\_  and the PulledPork Team!
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'uname' is not recognized as an internal or external command,
operable program or batch file.
Checking latest MD5 for snortrules-snapshot-29111.tar.gz....
Rules tarball download of snortrules-snapshot-29111.tar.gz....
        They Match
        Done!
IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist....
Reading IP List...
Checking latest MD5 for opensource.gz....
Rules tarball download of opensource.gz....
        They Match
        Done!
Prepping rules from opensource.gz for work....
        Done!
Prepping rules from snortrules-snapshot-29111.tar.gz for work....
No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366.
Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366.
        Done!
Reading rules...
readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722.
readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722.
readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722.
Reading rules...
Activating security rulesets....
        Done
Modifying Sids....
        Done!
Processing d:\winids\pulledpork\etc\enablesid.conf....
        Modified 20480 rules
        Skipped 0 rules (already disabled)
        Done
Processing d:\winids\pulledpork\etc\dropsid.conf....
        Modified 0 rules
        Skipped 0 rules (already disabled)
        Done
Processing d:\winids\pulledpork\etc\disablesid.conf....
        Modified 0 rules
        Skipped 0 rules (already disabled)
        Done
Setting Flowbit State....
        Done
Writing d:\winids\snort\rules\winids.rules....
        Done
Generating sid-msg.map....
        Done
Writing v1 d:\winids\snort\etc\sid-msg.map....
        Done
Writing d:\winids\snort\log\sid_changes.log....
        Done
Rule Stats...
        New:-------4
        Deleted:---0
        Enabled Rules:----32501
        Dropped Rules:----0
        Disabled Rules:---0
        Total Rules:------32501
No IP Blacklist Changes

Done
Please review d:\winids\snort\log\sid_changes.log for additional details
Fly Piggy Fly!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now