Netgate SG-1000 microFirewall

Author Topic: Snort OpenAppID RULES Detectors fail to download  (Read 523 times)

0 Members and 1 Guest are viewing this topic.

Offline bertobass

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Snort OpenAppID RULES Detectors fail to download
« on: December 17, 2017, 08:12:18 pm »
Snort OpenAppID RULES Detectors always fails to download updates....

log shows:
Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
Downloaded Snort OpenAppID RULES detectors file MD5:

tried forced update... still not updated

please help anyone..thank you in advance.

Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 728
  • Karma: +154/-135
    • View Profile
    • Netgate
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #1 on: December 17, 2017, 08:22:17 pm »
I have tried it just now and rules download without issues. What does your log say?
Need help fast? Commercial support: https://www.netgate.com/support/

Offline bertobass

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #2 on: December 19, 2017, 07:35:30 pm »
log shows:
Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
Downloaded Snort OpenAppID RULES detectors file MD5:

Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 728
  • Karma: +154/-135
    • View Profile
    • Netgate
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #3 on: December 20, 2017, 04:15:38 am »
This is fixed by now. Can you try updating the rules?
Need help fast? Commercial support: https://www.netgate.com/support/

Offline mrhotflamin

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #4 on: December 22, 2017, 04:50:12 pm »
Seems like this is still an issue. Seeing the same error.

Offline Johnno

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #5 on: January 13, 2018, 05:32:32 am »
I concur, this is still an issue unfortunately.
Would appreciate some tips or solutions.

snort 3.2.9.5_3 on PfSense 2.3.4-Release

Quote
Snort OpenAppID RULES detectors file download failed.  Bad MD5 checksum.
   Downloaded Snort OpenAppID RULES detectors file MD5: 4a919586ee271f633a04b406b1332bf9
   Expected Snort OpenAppID RULES detectors file MD5: d4539caec45fdb0484ded9de593e0dc4
   Snort OpenAppID RULES detectors file download failed.

Offline Wroxc

  • Full Member
  • ***
  • Posts: 182
  • Karma: +0/-0
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #6 on: January 24, 2018, 03:02:22 pm »
Me also facing same issue.
I have enough space in /temp and vart( 300mb)

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3290
  • Karma: +861/-0
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #7 on: January 24, 2018, 04:28:31 pm »
Me also facing same issue.
I have enough space in /temp and vart( 300mb)

OpenAppID detector rules is a different problem.  The pfSense team started hosting these volunteer-maintained rules on their site, but there have been some recurring issues with the MD5 checksum not being recalculated correctly when the rules are updated.  Hopefully one of the pfSense folks will see this thread, or you can try contacting them directly.

Bill

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 566
  • Karma: +74/-4
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #8 on: January 24, 2018, 07:35:12 pm »
It might have everything to do with the timing of downloading your updates for Snort. I installed Snort not quite a month ago and have been downloading the OpenAppID Rules without any problems to date. I have my Snort updates run at 4:05a Eastern (GMT-5), with one update per day.

Offline bimmerdriver

  • Sr. Member
  • ****
  • Posts: 515
  • Karma: +21/-3
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #9 on: February 03, 2018, 11:01:35 pm »
I have two pfsense systems with this rule set installed. On one of the systems, the rules are fine. I can force update and they update properly. On the other system, which is connected to the same edge router, the date of the rule set is december 8th, 2017 and it will not update. I've tried force update a few times and it made no difference. Any suggestions?

Offline bimmerdriver

  • Sr. Member
  • ****
  • Posts: 515
  • Karma: +21/-3
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #10 on: February 04, 2018, 11:59:16 am »
Further to the previous post, in one of my systems, OpenAppID RULES Detectors updated on its own this morning. The other system is still stuck at December 8th, 2017, reporting the same MD5 error as above. Is there a fix for this?

Offline bimmerdriver

  • Sr. Member
  • ****
  • Posts: 515
  • Karma: +21/-3
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #11 on: February 04, 2018, 04:40:36 pm »
The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3290
  • Karma: +861/-0
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #12 on: February 05, 2018, 03:15:32 pm »
The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

There was an update to the Snort GUI a month or two back that updated the URL used for downloading the OpenAppID rules package.  Perhaps your older version is trying the older URL?

The current Snort GUI package version is 3.2.9.6.

Bill

Offline bimmerdriver

  • Sr. Member
  • ****
  • Posts: 515
  • Karma: +21/-3
    • View Profile
Re: Snort OpenAppID RULES Detectors fail to download
« Reply #13 on: February 05, 2018, 07:44:45 pm »
The system that is having the MD5 errors is running version 2.4.2. The system that is working properly is running the latest 2.4.3 snapshot. Is it possible a difference between the respective snort packages is the reason for the difference?

There was an update to the Snort GUI a month or two back that updated the URL used for downloading the OpenAppID rules package.  Perhaps your older version is trying the older URL?

The current Snort GUI package version is 3.2.9.6.

Bill
I updated the package and the problem is fixed. Thank you very much.