Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Sig mismatch - something up?

from [Matthew Watchinski] Network Security [Permanent Link]
Subject: Re: [Snort-users] Sig mismatch - something up?
Date: Tue, 18 Apr 2006 12:24:20 -0400
With the release of the RPMS and binaries for 2.4.4 and 2.6.0 RC we re-rolled the .tar.gz file. That's why the md5sums are different.

Cheers,
-matt

Paul Schmehl wrote:
A poster just reported, on the FreeBSD ports list, that the distinfo file for snort has checksums that don't match what's on snort.org right now.

Here's the distinfo file information:

MD5 (snort-2.4.4.tar.gz) = 9dc9060d1f2e248663eceffadfc45e7e
SHA256 (snort-2.4.4.tar.gz) = b9f3e21467a5f6dd827ddb80dc9ac29ea272e4a5633a6a8a583f523a219e00e9
SIZE (snort-2.4.4.tar.gz) = 2825187

This is an md5 checksum of a download that I just did. As you can see, they don't match:

root@utd59514# md5 /home/pauls/Downloads/snort-2.4.4.tar.gz
MD5 (/home/pauls/Downloads/snort-2.4.4.tar.gz) = 37415bc9db02063ce421e3cd3f59c6c8

Here's the md5 checksum file from snort. It matches the downloaded file but *not* the md5 sum from the FreeBSD ports distro:

root@utd59514# less /home/pauls/Downloads/snort-2.4.4.tar.gz.md5
37415bc9db02063ce421e3cd3f59c6c8  snort-2.4.4.tar.gz

And here's a sha256 checksum of the downloaded tarball. It also doesn't match the checksum in the FreeBSD ports distro.

root@utd59514# sha256 /home/pauls/Downloads/snort-2.4.4.tar.gz
SHA256 (/home/pauls/Downloads/snort-2.4.4.tar.gz) = 1f573e5a7e44c94ec509cea05c4345591a4ba76d0d1b25dcfcb0cdc4d3239c6c

The checksums in the distinfo file are created by downloading the tarball and running "make makesum". Then the port maintainer *should* check those checksums against the checksum file on snort.org.

So why do we have a mismatch? Has the snort 2.4.4 tarball been changed recently?




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Sig mismatch - something up?, Paul Schmehl
Next by Date:  [Snort-users] Fragroute - Evade Snort?, Arif Basha
Previous by Thread:  [Snort-users] Sig mismatch - something up?, Paul Schmehl
Next by Thread:  [Snort-users] stream4: Stealth activity, Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]