Hello and welcome to the Friday, January 17th, 2025 edition of the Sandcent Storm Center's

Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Today's Internet Storm Center diary is coming from one of our undergraduate interns. Curtis. Curtis is writing about how to

store data collected from the honeypot efficiently in a SQL database. The reason Curtis

investigated that was to build dashboards for his honeypot using free cloud resource.

And of course, then you're limited how much data you can store in a database.

This actually opened up some old wounds in me developing the Shield in a storm center 25 years ago.

I certainly made some wrong choices

back then that still haunt me today. In some displays of IP addresses, for example, on the

United Storm Center website, you may still see the Octet's seropadded, which is utterly wrong

and bad, but that was my quick workaround to be

able to store data in, well, a 15-character charers in a database and still being able to efficiently

sort them. Way better way to store IP addresses in any kind of context is usually an unsigned

integer. And actually, most of our data has been switched to that format. And then also

things like subnetting and such, of course, become a lot more natural compared to doing it

in a string. There actually still a couple sort of IP address handling libraries that don't do that

correctly.

I think, was it last year, year before last year, we had some vulnerabilities in Python

network IP address management libraries that did exactly that same mistake where they treated IP address as a string and then try to do like

regular expressions and things like this for subnetting,

which of course tends to fail because of all the different ways,

how IP addresses can be displayed.

...