pfSense Support Subscription

Author Topic: Snort OpenAppID RULES - Server returned error code 0  (Read 104 times)

0 Members and 1 Guest are viewing this topic.

Offline EWBtCiaST

  • Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Snort OpenAppID RULES - Server returned error code 0
« on: November 25, 2017, 04:57:19 pm »
I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.

I've also deleted the Snort package and re-installed it and restored pfSense to a version where Snort had previously updated all rules.

Any help is much appreciated.

Offline mrzaz

  • Full Member
  • ***
  • Posts: 163
  • Karma: +4/-0
  • Beta Errors Eradicate Roguecode or BEER for short.
    • View Profile
Re: Snort OpenAppID RULES - Server returned error code 0
« Reply #1 on: December 10, 2017, 02:46:09 pm »
I've been unable to download the OpenAppID RULES for about 6 weeks due to the following error code - Server returned error code 0. All of the other rules update every day.

I've also deleted the Snort package and re-installed it and restored pfSense to a version where Snort had previously updated all rules.

Any help is much appreciated.

I also get problem with the APPID RULES download.

According to logs it says:
   Downloading Snort OpenAppID RULES detectors md5 file appid_rules.tar.gz.md5...
   Checking Snort OpenAppID RULES detectors md5 file...
   There is a new set of Snort OpenAppID RULES detectors posted.
   Downloading file 'appid_rules.tar.gz'...
   Done downloading rules file.
   Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
   Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
   Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
   Snort OpenAppID RULES detectors file download failed.  Snort OpenAppID RULES detectors will not be updated.

And just to make sure, I manually downloaded the http://files.pfsense.org/openappid/appid_rules.tar.gz and http://files.pfsense.org/openappid/appid_rules.tar.gz.md5
and then made a manual md5 checksum of the "appid_rules.tar.gz" and compared it to the downloaded one.

DOWNLOADED:   d4539caec45fdb0484ded9de593e0dc4
MANUAL MD5:      4a919586ee271f633a04b406b1332bf9

Exactly the same as from the pfSense.  So either someone has modified the appid_rules.tar.gz after the checksum was created
OR the appid_rules.tar.gz has been updated and someone has forgot to create a new updated md5 checksum file
or possible that the the appid file has gone corrupted.

Please correct this.

The interesting part is that the appid file and the md5 file is stored at almost the same time. only 2 min apart.
http://files.pfsense.org/openappid/
appid_rules.tar.gz                                 08-Dec-2017 20:46              788480
appid_rules.tar.gz.md5                             08-Dec-2017 20:48                  33

Best regards
Dan Lundqvist
MRZAZ.COM
Stockholm, Sweden