Hi Bernhard,
well, this is one of the things where the national boundary definitions don't really match the definitions of the internet. I have been coming across this problem many times.
Ultimately you will end up with a list of net blocks (or even individual IP addresses) which are somehow assigned to a country, or let's say it clearer, which are "your constituency" (the systems you are responsible for as a CERT).
Example: Embassies in other countries. Still relevant to a national CERT.
Hope it helped somewhat.
Best, a.
On 11.02.2021, at 11:10, Bernhard Reiter bernhard@intevation.de wrote:
Signed PGP part Hello IntelMQ-Users,
if you are responsible to only deal with reports for a country and base your decisions on the RIPE database, how do you deal with more specific CIDRs that are from a different country, but within a CIDR that belongs to yours?
See more details of the problem as seen from the ripe importer the intelmq-cb-mailgen solution uses: https://github.com/Intevation/intelmq-certbund-contact/issues/13
(Feel free to answer here or in the issue or personally.)
Thanks in advance, Bernhard
-- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner