<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>I appreciate your comments on this topic. This problem is still

      unresolved.<br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 06/19/2017 02:13 PM, Sebastian

      Wagner wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:2cd374a4-d1b7-bd83-b3fd-6de37afc5d6d@cert.at">

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

      <p>Any thoughts on this?<br>

      </p>

      <br>

      <div class="moz-cite-prefix">On 04/21/2017 03:42 PM, Sebastian

        Wagner wrote:<br>

      </div>

      <blockquote type="cite"

        cite="mid:8bab87ff-55be-2d1a-9e4c-df9f44685306@cert.at">

        <pre wrap="">Dear list,

in pull request #944 (netlab 360 enh [0]) by navtej an issue came up

which can't be solved trivially:

The feed Netlab 360 DGA[1] - which is already included in intelmq -

provides a validity time frame for each domain. Most of those (~90%) end

in 2030 while the start date is the current day at 00:00.

So both start and end time are artificial. And the source claims the

event is valid in the future, which is a very odd. And does it actually

make sense to forward this kind of information?

Also, we can't really handle this time information using the current

harmonization.

One idea would be to set time.source to time.observation if the

time.source is in the future. So time.source <= time.observation does

always apply.

What do you think?

Sebastian

[0]: <a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq/pull/944" moz-do-not-send="true">https://github.com/certtools/intelmq/pull/944</a>

[1]: <a class="moz-txt-link-freetext" href="http://data.netlab.360.com/feeds/dga/dga.txt" moz-do-not-send="true">http://data.netlab.360.com/feeds/dga/dga.txt</a> - attention, quite

big! The domains at the beginning have a very near end date.

</pre>

        <br>

        <fieldset class="mimeAttachmentHeader"></fieldset>

        <br>

        <pre wrap="">_______________________________________________

Intelmq-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Intelmq-dev@lists.cert.at" moz-do-not-send="true">Intelmq-dev@lists.cert.at</a>

<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev" moz-do-not-send="true">http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev</a>

</pre>

      </blockquote>

      <br>

      <pre class="moz-signature" cols="72">-- 

// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at" moz-do-not-send="true"><wagner@cert.at></a> - T: +43 1 5056416 7201

// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/" moz-do-not-send="true">https://www.cert.at/</a>

// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/" moz-do-not-send="true">https://www.nic.at/</a>

// Firmenbuchnummer 172568b, LG Salzburg</pre>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Intelmq-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Intelmq-dev@lists.cert.at">Intelmq-dev@lists.cert.at</a>

<a class="moz-txt-link-freetext" href="http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev">http://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-dev</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 1 5056416 7201

// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>

// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>

// Firmenbuchnummer 172568b, LG Salzburg</pre>

  </body>

</html>