[IntelMQ-users] More specific CIDRs from a different country from RIPE?
L. Aaron Kaplan
aaron at lo-res.org
Fri Feb 12 16:11:38 CET 2021
Hi Bernhard,
well, this is one of the things where the national boundary definitions don't really match the definitions of the internet. I have been coming across this problem many times.
Ultimately you will end up with a list of net blocks (or even individual IP addresses) which are somehow assigned to a country, or let's say it clearer, which are "your constituency" (the systems you are responsible for as a CERT).
Example: Embassies in other countries. Still relevant to a national CERT.
Hope it helped somewhat.
Best,
a.
> On 11.02.2021, at 11:10, Bernhard Reiter <bernhard at intevation.de> wrote:
>
> Signed PGP part
> Hello IntelMQ-Users,
>
> if you are responsible to only deal with reports for a country
> and base your decisions on the RIPE database,
> how do you deal with more specific CIDRs that are from a different country,
> but within a CIDR that belongs to yours?
>
> See more details of the problem
> as seen from the ripe importer the intelmq-cb-mailgen solution uses:
> https://github.com/Intevation/intelmq-certbund-contact/issues/13
>
> (Feel free to answer here or in the issue or personally.)
>
> Thanks in advance,
> Bernhard
>
> --
> www.intevation.de/~bernhard +49 541 33 508 3-3
> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20210212/c9e240c9/attachment.sig>
More information about the IntelMQ-users
mailing list