Open lorenzo95 opened 7 years ago
Did some more reading through the code and decided to print out the "length" to debug since that is where it fails. Here is the result: (tl:dr Length: 65533 or 0xfffd)
python3 apytest
Length: 5
Length: 37
Length: 0
Length: 5
Length: 0
'###1'
Length: 5
Length: 0
{}
'###2'
Length: 3
Length: 7
Length: 22
Length: 23
Length: 14
Length: 14
Length: 15
Length: 0
Length: 5
Length: 0
{'1': {'.id': '*1',
'address': '192.168.1.0/24',
'disabled': 'false',
'dynamic': 'false',
'list': 'Internal network'}}
'###3'
Length: 3
Length: 8
Length: 33
Length: 24
Length: 14
Length: 14
Length: 15
Length: 102
Length: 0
Length: 3
Length: 8
Length: 33
Length: 23
Length: 14
Length: 14
Length: 15
Length: 78
Length: 0
Length: 3
Length: 8
Length: 33
Length: 21
Length: 14
Length: 14
Length: 15
Length: 119
Length: 0
Length: 3
Length: 8
Length: 33
Length: 21
Length: 14
Length: 14
Length: 15
Length: 106
Length: 0
Length: 3
Length: 8
Length: 33
Length: 24
Length: 14
Length: 14
Length: 15
Length: 78
Length: 0
Length: 3
Length: 8
Length: 33
Length: 23
Length: 14
Length: 14
Length: 15
Length: 89
Length: 0
Length: 3
Length: 8
Length: 33
Length: 23
Length: 14
Length: 14
Length: 15
Length: 94
Length: 0
Length: 3
Length: 8
Length: 33
Length: 21
Length: 14
Length: 14
Length: 15
Length: 127
Length: 0
Length: 3
Length: 8
Length: 33
Length: 19
Length: 14
Length: 14
Length: 15
Length: 127
Length: 0
Length: 3
Length: 8
Length: 33
Length: 20
Length: 14
Length: 14
Length: 15
Length: 127
Length: 0
Length: 3
Length: 8
Length: 33
Length: 22
Length: 14
Length: 14
Length: 15
Length: 123
Length: 0
Length: 3
Length: 8
Length: 33
Length: 24
Length: 14
Length: 14
Length: 15
Length: 123
Length: 0
Length: 3
Length: 8
Length: 33
Length: 20
Length: 14
Length: 14
Length: 15
Length: 122
Length: 0
Length: 3
Length: 8
Length: 33
Length: 21
Length: 14
Length: 14
Length: 15
Length: 122
Length: 0
Length: 3
Length: 8
Length: 33
Length: 24
Length: 14
Length: 14
Length: 15
Length: 65533
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/tikapy/__init__.py", line 180, in talk
return self.tik_to_json(self._api.talk(words))
File "/usr/local/lib/python3.5/dist-packages/tikapy/api/__init__.py", line 105, in talk
sentence = self.read_sentence()
File "/usr/local/lib/python3.5/dist-packages/tikapy/api/__init__.py", line 170, in read_sentence
word = self.read_word()
File "/usr/local/lib/python3.5/dist-packages/tikapy/api/__init__.py", line 294, in read_word
raise ApiUnrecoverableError("unknown control byte received")
tikapy.api.ApiUnrecoverableError: unknown control byte received
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "apytest", line 16, in <module>
pprint(client.talk(['/ip/firewall/address-list/print', '?list=List-EveBoxBlockedGlobalIPs']))
File "/usr/local/lib/python3.5/dist-packages/tikapy/__init__.py", line 182, in talk
raise ClientError('could not talk to api') from exc
tikapy.ClientError: could not talk to api
Hi,
is it possible that you can provide me with an export of the address list? This would make it easier to debug. Feel free to send it via e-mail if you do not want to post it publicly.
Hello,
No problem. I forgot to export it. Address list export is attached.
I'm not sure if the logical and functions in the api are working as expected. I downloaded a c# api that I could find and it can read the list. I just wanted to test it.
Thanks,
Gero
On Jun 15, 2017 12:30 AM, "André Keller" notifications@github.com wrote:
Hi,
is it possible that you can provide me with an export of the address list? This would make it easier to debug. Feel free to send it via e-mail if you do not want to post it publicly.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vshn/tikapy/issues/6#issuecomment-308641452, or mute the thread https://github.com/notifications/unsubscribe-auth/AHrgvAOR1UFIrVuIIb8xKCsk7T0YZ1dRks5sEM9rgaJpZM4N6l3k .
/ip firewall address-list
add address=192.168.1.0/24 list="Internal network"
add address=151.101.148.193 comment="EveBox -- 2017-06-08T22:51:32 -- sid20122\
52 -- ET SHELLCODE Common 0a0a0a0a Heap Spray String" list=\
List-EveBoxBlockedGlobalIPs
add address=104.113.56.224 comment=\
"EveBox -- 2017-06-12T23:13:34 -- sid2016360 -- ET INFO JAVA - ClassID" \
list=List-EveBoxBlockedGlobalIPs
add address=45.76.92.117 comment="EveBox -- 2017-06-11T01:15:53 -- sid2522772 \
-- ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 387" list=\
List-EveBoxBlockedGlobalIPs
add address=52.84.64.156 comment="EveBox -- 2017-06-10T21:14:50 -- sid2018959 \
-- ET POLICY PE EXE or DLL Windows file download HTTP" list=\
List-EveBoxBlockedGlobalIPs
add address=195.211.221.116 comment=\
"EveBox -- 2017-06-11T10:50:58 -- sid2016360 -- ET INFO JAVA - ClassID" \
list=List-EveBoxBlockedGlobalIPs
add address=141.212.122.48 comment="EveBox -- 2017-06-11T12:52:25 -- sid222101\
4 -- SURICATA HTTP missing Host header" list=List-EveBoxBlockedGlobalIPs
add address=162.243.96.172 comment="EveBox -- 2017-06-11T17:31:37 -- sid202388\
2 -- ET INFO HTTP Request to a *.top domain" list=\
List-EveBoxBlockedGlobalIPs
add address=52.84.64.130 comment="EveBox -- 2017-06-14T07:53:02 -- sid2006380 \
-- ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted\
" list=List-EveBoxBlockedGlobalIPs
add address=52.84.0.29 comment="EveBox -- 2017-06-14T06:52:57 -- sid2006380 --\
\_ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted" \
list=List-EveBoxBlockedGlobalIPs
add address=52.84.0.118 comment="EveBox -- 2017-06-14T05:52:59 -- sid2006380 -\
- ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted" \
list=List-EveBoxBlockedGlobalIPs
add address=217.10.68.152 comment="EveBox -- 2017-06-13T20:57:27 -- sid2018908\
\_-- ET INFO Session Traversal Utilities for NAT (STUN Binding Response)" \
list=List-EveBoxBlockedGlobalIPs
add address=217.116.122.138 comment="EveBox -- 2017-06-13T20:50:17 -- sid20189\
08 -- ET INFO Session Traversal Utilities for NAT (STUN Binding Response)" \
list=List-EveBoxBlockedGlobalIPs
add address=52.87.201.4 comment="EveBox -- 2017-06-13T19:44:21 -- sid2016149 -\
- ET INFO Session Traversal Utilities for NAT (STUN Binding Request)" \
list=List-EveBoxBlockedGlobalIPs
add address=54.172.47.69 comment="EveBox -- 2017-06-13T18:24:34 -- sid2016149 \
-- ET INFO Session Traversal Utilities for NAT (STUN Binding Request)" \
list=List-EveBoxBlockedGlobalIPs
add address=176.194.164.183 comment="EveBox -- 2017-06-14T06:03:22 -- sid22300\
12 -- SURICATA TLS overflow heartbeat encountered, possible exploit attemp\
t (heartbleed)" list=List-EveBoxBlockedGlobalIPs
add address=192.229.211.70 comment="EveBox -- 2017-06-13T21:40:11 -- sid201653\
8 -- ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Se\
cond Stage Download" list=List-EveBoxBlockedGlobalIPs
add address=194.42.22.9 comment="EveBox -- 2017-06-13T21:38:36 -- sid2016538 -\
- ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Secon\
d Stage Download" list=List-EveBoxBlockedGlobalIPs
Hi, I was just wondering if you were able to re-produce the error I am seeing? Thanks.
Hi guys,
I am using tikapy to gather alerts from the evebox api (suricata alerts) and then update an address-list in one or several mikrotiks to block the offending IP. I have run into an issue that I thought maybe someone could help. Essentially i am getting a traceback from the tikapy when I print an address-list but not on all of them. It almost looks like an issue with the size of the list to me. However, here are the details.
Here I am showing two address-lilsts:
I made a test-script to narrow down the error:
When I run the script, I get this output:
You can see that I don't have ospf neighbors so ###1 returns correctly,
2 only has one IP so that is correct and the
3 starts working when I delete a bunch of address-list items. Until then, no go.
I have tried the same setup on a Mikrotik with most current firmware with the same result. I used pip3 install tikapy to install the api. Thank you for your help.