[Intelmq-users] reverse_dns-expert exception InvalidValue

Tomislav Protega tomislav.protega at cert.hr
Sat Jan 6 13:28:42 CET 2018


Hi,

here's another exception I ran into.

If Reverse DNS expert bot runs into IP address which doesn't have DNS
PTR record in fqdn form, then it gives exception.

In attachment are logs.

Example:
There are cases when DNS gives two records for PTR.

$ nslookup 5.157.80.221
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
221.80.157.5.in-addr.arpa	name = 5.157.80.221.
221.80.157.5.in-addr.arpa	name = aliancys.peopleinc.nl.

--------------------------------------------------------

$ nslookup 121.201.38.118
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
118.38.201.121.in-addr.arpa	name = 121.201.38.118.


Regards,

-- 
Tomislav

-------------- next part --------------
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 154, in start
    self.process()
  File "/usr/lib/python3/dist-packages/intelmq/bots/experts/reverse_dns/expert.py", line 80, in process
    event.add(key % 'reverse_dns', str(result), overwrite=True)
  File "/usr/lib/python3/dist-packages/intelmq/lib/message.py", line 230, in add
    raise exceptions.InvalidValue(key, value, reason=valid_value[1])
intelmq.lib.exceptions.InvalidValue: invalid value '121.201.38.118' (<class 'str'>) for key 'source.reverse_dns': is_valid returned False.

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 154, in start
    self.process()
  File "/usr/lib/python3/dist-packages/intelmq/bots/experts/reverse_dns/expert.py", line 80, in process
    event.add(key % 'reverse_dns', str(result), overwrite=True)
  File "/usr/lib/python3/dist-packages/intelmq/lib/message.py", line 230, in add
    raise exceptions.InvalidValue(key, value, reason=valid_value[1])
intelmq.lib.exceptions.InvalidValue: invalid value '5.157.80.221' (<class 'str'>) for key 'source.reverse_dns': is_valid returned False.



Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 154, in start
    self.process()
  File "/usr/lib/python3/dist-packages/intelmq/bots/experts/reverse_dns/expert.py", line 80, in process
    event.add(key % 'reverse_dns', str(result), overwrite=True)
  File "/usr/lib/python3/dist-packages/intelmq/lib/message.py", line 230, in add
    raise exceptions.InvalidValue(key, value, reason=valid_value[1])
intelmq.lib.exceptions.InvalidValue: invalid value '1.0/224.246.103.fxwirelesssol.com' (<class 'str'>) for key 'source.reverse_dns': is_valid returned False.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20180106/964f4332/attachment.sig>


More information about the Intelmq-users mailing list