From: "Peter Müller" <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: Thoughts on importing IP feeds from Amazon, second attempt (was: Re: [PATCH] location-importer.in: import additional IP information for Amazon AWS IP networks)
Date: Sun, 30 May 2021 11:15:24 +0200 [thread overview]
Message-ID: <9852ce9b-206f-792c-5e49-fe3835220b26@ipfire.org> (raw)
In-Reply-To: <AEE2FAF8-32FA-4745-AFD4-99461744BD17@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1385 bytes --]
Hello Michael,
hello *,
before I start coding, I just wanted to share my current idea of importing IP feeds from Amazon AWS
in a less insecure way. Comments, etc. are appreciated. :-)
(a) Run "location-importer update-whois" and "location-importer update-announcements", as we did before.
(b) Introduce something like "location-importer update-3rd-party-feeds", which is a blanket function for
updating all the 3rd party feeds we will have at some day, as Amazon for sure won't be the only one.
(c) In case of Amazon, download their feed, parse it and put the results in a temporary table.
(d) Process a list of Autonomous Systems owned or controlled by Amazon.
(d) Delete every IP network from this temporary table which is not announced by one of the Autonomous
Systems. That way, we limit potential damage by a broken or manipulated Amazon IP feed to their ASNs.
(e) Anything left in the temporary table is safe to go, and will be merged into the overrides table.
Sounds a bit complicated than my first patch looked like, but is more versatile and robust. :-)
Speaking of robustness, do we want a "source" column for the overrides table as well? Although it won't
appear in the generated database or it's .txt dump, it might be worth having, so we still have transparency
on 3rd party feeds at this point.
Thanks, and best regards,
Peter Müller
prev parent reply other threads:[~2021-05-30 9:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-10 12:28 [PATCH] location-importer.in: import additional IP information for Amazon AWS IP networks Peter Müller
2021-04-12 9:57 ` Michael Tremer
2021-04-12 17:48 ` Peter Müller
2021-04-14 9:21 ` Michael Tremer
2021-05-14 16:22 ` Peter Müller
2021-05-18 10:43 ` Michael Tremer
2021-05-30 9:15 ` Peter Müller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9852ce9b-206f-792c-5e49-fe3835220b26@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=location@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox