Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reverse dns expert: ignore IPs #1264

Closed
ghost opened this issue Jul 2, 2018 · 0 comments
Closed

reverse dns expert: ignore IPs #1264

ghost opened this issue Jul 2, 2018 · 0 comments
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Milestone
1.0.6

Comments

@ghost
Copy link

ghost commented Jul 2, 2018

Reported here:

https://lists.cert.at/pipermail/intelmq-users/2018-January/000032.html

> dig +short -x 5.157.80.221
5.157.80.221.
aliancys.peopleinc.nl.

gives in intelmq:

intelmq.lib.exceptions.InvalidValue: invalid value '5.157.80.221' (<class 'str'>) for key 'source.reverse_dns': is_valid returned False.
@ghost ghost added bug Indicates an unexpected problem or unintended behavior component: bots labels Jul 2, 2018
@ghost ghost added this to the 1.0.6 milestone Jul 2, 2018
@ghost ghost self-assigned this Jul 2, 2018
@ghost ghost closed this as completed in 60d5680 Jul 2, 2018
ghost pushed a commit that referenced this issue Sep 3, 2018
Merge tag '1.0.6'
b4f7a6d 
Maintenance release 1.0.6

1.0.6 Bugfix release (2018-08-31)

\# Bots
\## Collectors
- `bots.collectors.rt.collector_rt`: Log ticket id for downloaded reports.

\## Parsers
- `bots.parsers.shadowserver`:
  - if required fields do not exist in data, an exception is raised, so the line will be dumped and not further processed.
  - fix a bug in the parsing of column `cipher_suite` in ssl poodle reports (#1288).

\## Experts
- Reverse DNS Expert: ignore all invalid results and use first valid one (#1264).
- `intelmq/bots/experts/tor_nodes/update-tor-nodes`: Use check.torproject.org as source as internet2.us is down (#1289).

\## Outputs
- `bots.output.amqptopic`:
  - The default exchange must not be declared (#1295).
  - Unencodable characters are prepended by backslashes by default. Otherwise Unicode characters can't be encoded and sent (#1296).
  - Gracefully close AMQP connection on shutdown of bot.

\# Documentation
- Bots: document redis cache parameters.
- Installation documentation: Ubuntu needs universe repositories.

\# Packaging
- Dropped support for Ubuntu 17.10, it reached its End of Life as of 2018-07-19.

\# Tests
- Drop tests for Python 3.3 for the mode with all requirements, as some optional dependencies do not support Python 3.3 anymore.
- `lib.test`: Add parameter `compare_raw` (default: `True`) to `assertMessageEqual`, to optionally skip the comparison of the raw field.
- Add tests for RT collector.
- Add tests for Shadowserver Parser:
  - SSL Poodle Reports.
  - Helper functions.

\# Tools
- `intelmqctl list` now sorts the output of bots and queues (#1262).
- `intelmqctl`: Correctly handle the corner cases with collectors and outputs for getting/sending messages in the bot debugger (#1263).
- `intelmqdump`: fix ordering of dumps in a file in runtime. All operations are applied to a sorted list (#1280).

\# Contrib
- `cron-jobs/update-tor-nodes`: Use check.torproject.org as source as internet2.us is down (#1289).
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Indicates an unexpected problem or unintended behavior component: bots
Projects
None yet
Milestone
1.0.6
Development

No branches or pull requests
0 participants