Am 27. September 2017 21:07:28 MESZ schrieb Per Jessen <per@opensuse.org>:
let him also scan via IPv6...
To get scanning on ipv6 would be good, agree. Our mirror is taken offline for about 3 minutes when olaf tries the ipv6 address first, then the ipv4 address a little later.
Jip. I'm wondering, if scar could either do some NATv6 or route/accept IPv6 from Olaf directly. At the moment, my favorite is NAT, as this would not only have a security plus, but also the benefit of having everything coming from the same DNS source. But I'm open for suggestions...
Mind you, the pfx2asn table is ipv4 only ...
There should be some IPv6 tables, too (and now the question is how they get updated). But I did not look into the DB for a long time.
Thanks for checking!
Just to make sure I got the right place - mirrordb3, right?
Yes. mirrordb3 is currently the master (you can see this in /etc/mirrorbrain.conf) and mirrordb4 the (read only) slave.
I want to write a monitoring check for this...
It's not so easy - I happened to notice 'asn 0' and 'prefix 0' being listed for our mirror. "mb iplookup 185.85.248.0". I checked the pfx2asn table, and the prefix (185.95.248.0/22) wasn't listed. That range was allocated in Jan 2015, so I knew some data had to be out of date. Maybe you can check for the downloaded file being out of date?
That happens IMHO already, but is a good first step. We might also check some known entries to be correct. And I'll see what I can get out of the DB next week, when I'm back in the office. Regards from SUSECON ;-) Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org