DNS and NTP columns are the same because the data in the DB is the same for both risks! #100

aaronkaplan · 2017-03-20T16:30:50Z

prod=> select sum(count) from count_by_country where date > '2017/1/1' and risk=2 and country='US' limit 10;
   sum
---------
 2585757
(1 row)

prod=> select sum(count) from count_by_country where date > '2017/1/1' and risk=1 and country='US' limit 10;
   sum
---------
 2585757
(1 row)

The text was updated successfully, but these errors were encountered:

zelima · 2017-03-21T07:22:56Z

@aaronkaplan Small note: We don't use table count_by_country any more, but agg_risk_country_week. But they are identical

This is not an aggregation issue, but scanned data for last 3 week for DNS and NTP are identical. Only difference between this two files are risk ID's. So aggregation result is identical obviously.

To check difference for latest week

aws --profile cg s3 cp  s3://private-bits-cybergreen-net/dev/clean/dns-scan/dns-scan.2017-W03.csv.gz .
aws --profile cg s3 cp  s3://private-bits-cybergreen-net/dev/clean/ntp-scan/ntp-scan.20170120.csv.gz .
gunzip ntp-scan.20170120.csv.gz
gunzip dns-scan.2017-W03.csv.gz

# strip timestamps and IPs and ASN for comparison
sed "s/\([^,]*,\)\{3\}//" ntp-scan.20170120.csv > ntp.stripped.csv
sed "s/\([^,]*,\)\{3\}//" dns-scan.2017-W03.csv > dns.stripped.csv
diff ntp.stripped.csv dns.stripped.csv -c | less

No output - files are identical!

cc @chorsley and @kxyne.

aaronkaplan · 2017-03-21T07:33:38Z

Got it. Kayne, chris can you please check?

…

--- Mobile

On 21 Mar 2017, at 08:22, Irakli Mchedlishvili ***@***.***> wrote: @aaronkaplan cc @chorsley and @kxyne. This is not an aggregation issue,but scanned data for last 3 week for DNS and NTP are identical. Only difference between this two files are risk ID's. So aggregation result is identical obviously. To check difference aws --profile cg s3 cp s3://private-bits-cybergreen-net/dev/clean/dns-scan/dns-scan.2017-W03.csv.gz . aws --profile cg s3 cp s3://private-bits-cybergreen-net/dev/clean/ntp-scan/ntp-scan.20170120.csv.gz . gunzip ntp-scan.20170120.csv.gz gunzip dns-scan.2017-W03.csv.gz # strip timestamps and IPs and ASN for comparison sed "s/\([^,]*,\)\{3\}//" ntp-scan.20170120.csv > ntp.stripped.csv sed "s/\([^,]*,\)\{3\}//" dns-scan.2017-W03.csv > dns.stripped.csv diff ntp.stripped.csv dns.stripped.csv -c | less No output - files are identical! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

chorsley · 2017-03-21T09:54:18Z

Acknowledged, Cosive will investigate.

kxyne · 2017-03-22T04:11:51Z

This was from a manual file handling issue on the unprocessed files I believe, will rectify along with backprocessing the last weeks files.

aaronkaplan added the bug label Mar 20, 2017

aaronkaplan added this to the FINAL release is TESTED & signed off milestone Mar 20, 2017

aaronkaplan assigned rufuspollock and zelima Mar 20, 2017

zelima assigned chorsley and kxyne and unassigned rufuspollock and zelima Mar 21, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DNS and NTP columns are the same because the data in the DB is the same for both risks! #100

DNS and NTP columns are the same because the data in the DB is the same for both risks! #100

aaronkaplan commented Mar 20, 2017

zelima commented Mar 21, 2017 •

edited

Loading

aaronkaplan commented Mar 21, 2017 via email

chorsley commented Mar 21, 2017

kxyne commented Mar 22, 2017

DNS and NTP columns are the same because the data in the DB is the same for both risks! #100

DNS and NTP columns are the same because the data in the DB is the same for both risks! #100

Comments

aaronkaplan commented Mar 20, 2017

zelima commented Mar 21, 2017 • edited Loading

aaronkaplan commented Mar 21, 2017 via email

chorsley commented Mar 21, 2017

kxyne commented Mar 22, 2017

zelima commented Mar 21, 2017 •

edited

Loading