Closed alexcpsec closed 10 years ago
What specifically did you observe?
I sampled a few entries from crop.json
so that processing time would not be so bad. I took maybe the top 25 ones from yesterday.
After running winnower, all of them had countries (some had rhosts from DNSDB) but NONE had asnumber/asname. So I figured something could be wrong.
Hrm, having trouble reproducing this.
Try with this:
[
[
"27.159.210.82",
"IPv4",
"inbound",
"http://www.projecthoneypot.org/list_of_ips.php?rss=1",
"",
"2014-09-15"
],
[
"120.33.245.248",
"IPv4",
"inbound",
"http://www.projecthoneypot.org/list_of_ips.php?rss=1",
"",
"2014-09-15"
],
[
"62.210.148.172",
"IPv4",
"inbound",
"http://www.projecthoneypot.org/list_of_ips.php?rss=1",
"",
"2014-09-15"
],
[
"46.39.255.195",
"IPv4",
"inbound",
"http://www.projecthoneypot.org/list_of_ips.php?rss=1",
"",
"2014-09-15"
],
[
"110.89.36.219",
"IPv4",
"inbound",
"http://www.projecthoneypot.org/list_of_ips.php?rss=1",
"",
"2014-09-15"
],
[
"91.200.12.14",
"IPv4",
"inbound",
"http://www.projecthoneypot.org/list_of_ips.php?rss=1",
"",
"2014-09-15"
]
]
okay this is something I can work with!
OK, major logic fail on my part. Every time we read a new row from data/GeoIPASNum2.csv
, we assign to the specified ASN the range in that row. But this is wrong because many ASNs have multiple ranges, including in particular AS4134 Chinanet
.
So effectively the dict only contains the last range for each ASN. Working on fixing this now.
AH! Of course. Completely forgot about that as well.
Maybe I broke it when I updated the files, maybe not. This needs investigating.