Posted March 20, 2018 Hi, I have recently went to upgrade my Snort version and Pulled Pork version. Those seem to have upgraded just fine. What I am having an issue with is trying to update pulled pork after the update. When I run the update command it seems like it can't connect to Talos which is a first time I am seeing that issue. Has anyone seen an issue like this before. In the attached screenshot I am able to browse to the website shown. It almost seems like the Talos side might not allow me in to download said file. Thanks in advance. Share this post Link to post Share on other sites
Posted March 20, 2018 Attach you pulledpork.conf file. Share this post Link to post Share on other sites
Posted March 21, 2018 Hi attached is my pulled pork config file pulledpork.conf Share this post Link to post Share on other sites
Posted March 22, 2018 Make SURE you are ONLY using the Pulledpork from here. I have to modify it to work on windows. Make sure your oink code is correct. If you are behind a proxy there may be problems. Try removing everything in the pulledpork/temp folder. If there is still problems zip up the pulledpork folder and attach it. Don't forget to delete everything in the pulledpork/temp folder before compressing. Share this post Link to post Share on other sites
Posted March 23, 2018 Attached is my Pulled Pork folder and the temp folder was cleared out. I also cleared out the folder and tried to run the command again, and in the picture attached that shows the files getting downloaded there. So it is grabbing something at least. My OinkCode also looks good. This device is also not sitting behind a proxy. pulledpork.zip Share this post Link to post Share on other sites
Posted March 23, 2018 Pulled your Pulledpork folder in and everything works as expected. I'm not sure what the problem is? Possible firewall issue with a blocked port? C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T https://github.com/shirkdog/pulledpork _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.4 - Helping you protect your bitcoin wallet! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2017 JJ Cummings, Michael Shirk @_/ / 66\_ and the PulledPork Team! | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29111.tar.gz.... Rules tarball download of snortrules-snapshot-29111.tar.gz.... They Match Done! IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist.... Reading IP List... Checking latest MD5 for opensource.gz.... Rules tarball download of opensource.gz.... They Match Done! Prepping rules from opensource.gz for work.... Done! Prepping rules from snortrules-snapshot-29111.tar.gz for work.... No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366. Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366. Done! Reading rules... readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. Reading rules... Activating security rulesets.... Done Modifying Sids.... Done! Processing d:\winids\pulledpork\etc\enablesid.conf.... Modified 20480 rules Skipped 0 rules (already disabled) Done Processing d:\winids\pulledpork\etc\dropsid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Processing d:\winids\pulledpork\etc\disablesid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Setting Flowbit State.... Done Writing d:\winids\snort\rules\winids.rules.... Done Generating sid-msg.map.... Done Writing v1 d:\winids\snort\etc\sid-msg.map.... Done Writing d:\winids\snort\log\sid_changes.log.... Done Rule Stats... New:-------4 Deleted:---0 Enabled Rules:----32501 Dropped Rules:----0 Disabled Rules:---0 Total Rules:------32501 No IP Blacklist Changes Done Please review d:\winids\snort\log\sid_changes.log for additional details Fly Piggy Fly! Share this post Link to post Share on other sites
