-
Notifications
You must be signed in to change notification settings - Fork 8
/
TODO
116 lines (75 loc) · 3.62 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
.. todolist::
*********
TODO List
*********
Bugfixes
========
* Ensure each modules is only running one time, it works but easy to do a mistake
* There is actually a problem with the slave database: it takes **to much** time.
The proper fix it the move the temporary data from the global database to an other one,
not synchronized with the slave.
* Ensure there is a ranking to post before posting a message on twitter and identica.
Improvements
============
* use python-whois as an external dep instead of the bundled version
(http://gitorious.org/python-whois)
* Extract interesting informations of the bview file, prepare to do a diff ::
``egrep -w "^$|PREFIX:|ASPATH:"| awk -F' ' '{print $NF}' | sed 's/^$/XXXXX/' | tr '\n' ' ' | sed 's/XXXXX/\n/g'| sed 's/^ //' | sort | uniq``
* Find a way to ensure everything if working and send a mail if there is a problem somewhere
* Make a "standard module" which just look for IP Addresses in a file.
* Reduce the length of the keys (idea of adulau)::
5577|2011-03-30|URLQuery|rankv4
-> 5577|20110330|1|4
1->URLQuery
4->rankv4
* Invent a favicon/logo
* Adulau said:
"Maybe we should work in the future on a way to publish and share the source "unique" name , with their urls and a recommended impact."
I agree. :-)
Work in progress: "unique" name/urls/impact are now saved in the redis database
* Ranking = 1 + IP Occ + IP Net - logarithm ? (adulau)
* add list: http://www.atma.es/atma.p2p
* add lists: http://labs.snort.org/iplists/
* print month average on ASN Details
* whitelisting Google, AOL, Cogent...
* plugin munin (feeds, dispo, ips...)
New functionalities
===================
* "Static lists": the Russian Business Network list provided by emergingthreats.net is a good example:
It is not really a "malware list" but will give information on "probably bad IPs" and it should be possible to,
when you want more information about an ASN, know that the ASN has IP in this list.
* Ranking by subnet can be improved: we divide the number of IPs found in a subnet by
the total of IPs announced by the AS. Like this, we just have to add the ranks of
each subnet of the AS to get the global rank of the AS.
It might be interesting to compute the division of the number of IPs found in a subnet
by the size of this subnet and to compare it to the global rank of the AS: if we have a
(big) difference, we can be sure that this particular subnet is better/worse than the
rest of the subnets announced by the AS. And investigate it further.
* read the code of Khanku (http://gitorious.org/~khanku/bgp-ranking/predictive-bgp-ranking/)
ans find a way to handle this usage of the ranking system in the main trunk
* Module which ping a list of URL known as malicious and insert the IP in the system.
* API (telnet like ?) -> See https://github.com/adulau/bgpranking-API
- get the weight of each source
- get the rank of a subnet/asn (by whatever you want)
* grab files using rsync, example : http://psbl.surriel.com/howto/
* handle this lists?
- https://www.projecthoneypot.org/index.php
Documentation
=============
* How-to generate customer_{key,secret} and access_token_{key,secret} on twitter and identica
Microblogging client
====================
* Post when a new ranking has been computed
* Possibility to do query on AS/IP
Website
=======
Homepage
--------
* latest ranking of each source available
ASN Details
-----------
* highlight depending on the number of sources where it has been found + credibility
* ability to display the details of the other days (click on the graph?)
IP Details
----------
* highlight the IPs found in more than one source