<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I appreciate your comments on this topic. This problem is still
unresolved.<br>
</p>
<br>
<div class="moz-cite-prefix">On 06/19/2017 02:13 PM, Sebastian
Wagner wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2cd374a4-d1b7-bd83-b3fd-6de37afc5d6d@cert.at">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Any thoughts on this?<br>
</p>
<br>
<div class="moz-cite-prefix">On 04/21/2017 03:42 PM, Sebastian
Wagner wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8bab87ff-55be-2d1a-9e4c-df9f44685306@cert.at">
<pre wrap="">Dear list,
in pull request #944 (netlab 360 enh [0]) by navtej an issue came up
which can't be solved trivially:
The feed Netlab 360 DGA[1] - which is already included in intelmq -
provides a validity time frame for each domain. Most of those (~90%) end
in 2030 while the start date is the current day at 00:00.
So both start and end time are artificial. And the source claims the
event is valid in the future, which is a very odd. And does it actually
make sense to forward this kind of information?
Also, we can't really handle this time information using the current
harmonization.
One idea would be to set time.source to time.observation if the
time.source is in the future. So time.source <= time.observation does
always apply.
What do you think?
Sebastian
[0]: <a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq/pull/944" moz-do-not-send="true">https://github.com/certtools/intelmq/pull/944</a>
[1]: <a class="moz-txt-link-freetext" href="http://data.netlab.360.com/feeds/dga/dga.txt" moz-do-not-send="true">http://data.netlab.360.com/feeds/dga/dga.txt</a> - attention, quite
big! The domains at the beginning have a very near end date.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Intelmq-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Intelmq-dev@lists.cert.at" moz-do-not-send="true">Intelmq-dev@lists.cert.at</a>
<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev" moz-do-not-send="true">http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at" moz-do-not-send="true"><wagner@cert.at></a> - T: +43 1 5056416 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/" moz-do-not-send="true">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/" moz-do-not-send="true">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Intelmq-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Intelmq-dev@lists.cert.at">Intelmq-dev@lists.cert.at</a>
<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev">http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 1 5056416 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
</body>
</html>