Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] Sig mismatch - something up?

from [Paul Schmehl] Network Security [Permanent Link]
Subject: [Snort-users] Sig mismatch - something up?
Date: Tue, 18 Apr 2006 10:49:33 -0500
A poster just reported, on the FreeBSD ports list, that the distinfo file for snort has checksums that don't match what's on snort.org right now.

Here's the distinfo file information:

MD5 (snort-2.4.4.tar.gz) = 9dc9060d1f2e248663eceffadfc45e7e
SHA256 (snort-2.4.4.tar.gz) = b9f3e21467a5f6dd827ddb80dc9ac29ea272e4a5633a6a8a583f523a219e00e9
SIZE (snort-2.4.4.tar.gz) = 2825187

This is an md5 checksum of a download that I just did. As you can see, they don't match:

root@utd59514# md5 /home/pauls/Downloads/snort-2.4.4.tar.gz
MD5 (/home/pauls/Downloads/snort-2.4.4.tar.gz) = 37415bc9db02063ce421e3cd3f59c6c8

Here's the md5 checksum file from snort. It matches the downloaded file but *not* the md5 sum from the FreeBSD ports distro:

root@utd59514# less /home/pauls/Downloads/snort-2.4.4.tar.gz.md5
37415bc9db02063ce421e3cd3f59c6c8  snort-2.4.4.tar.gz

And here's a sha256 checksum of the downloaded tarball. It also doesn't match the checksum in the FreeBSD ports distro.

root@utd59514# sha256 /home/pauls/Downloads/snort-2.4.4.tar.gz
SHA256 (/home/pauls/Downloads/snort-2.4.4.tar.gz) = 1f573e5a7e44c94ec509cea05c4345591a4ba76d0d1b25dcfcb0cdc4d3239c6c

The checksums in the distinfo file are created by downloading the tarball and running "make makesum". Then the port maintainer *should* check those checksums against the checksum file on snort.org.

So why do we have a mismatch? Has the snort 2.4.4 tarball been changed recently?

--
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] arpspoof preprocessor, Rob Ward
Next by Date:  Re: [Snort-users] Sig mismatch - something up?, Matthew Watchinski
Previous by Thread:  [Snort-users] SQueRT-0.2.0 has been released., Paul Halliday
Next by Thread:  Re: [Snort-users] Sig mismatch - something up?, Matthew Watchinski
Indexes:  [Date] [Thread] [Top] [All Lists]