Colbeck, Andrew wrote:
I recently used snfclient.exe to "whitelist" the IP address (actually a whole /24) of a mailing list manager that my users deem to be trustworthy. snfclient.exe -set 64.62.197.53 good - - You might argue the merits of this IP address, but that's not why I'm writing... I deliberately left alone the last two parameters, so as to not disturb the counts, given that I'm "whitelisting" by forcing the "good" flag. I assume that this does not affect the GBU community at all, because it's the good and bad counts that are shared, not the flag. Is this correct?
That is correct.
Does the ARMResearch support notice when an administrator does this, and research whether the findings are good?
No. We wouldn't know how to evaluate that anyway-- each system has it's own policies.
GBUdb traffic consists only of good/bad counts at specific intervals. If the IP is not "ugly" it doesn't get evaluated in this way so we stop seeing data about that IP from that system.
The "Bad count" and "Good count" I see when I do a: snfclient.exe -test 64.62.197.53 are results only on my own server, and not the GBU community. Is this correct?
They were built up using primarily data from your server with some hinting from "the cloud". The cloud's influence is diminished significantly as your system gains experience with a particular IP.
I assume that condensation affects the counts, and not the flag. So I will only lose this "good" flag if the GBUdb is dumped (or I build a new server). Is this correct?
If you wipe out your GBUdb data then it will be gone. Flags other than "ugly" are preserved in GBUdb. If you buid a new server and you want to preserve your GBUdb data then you can copy the .gbx file to the new server before you start it. The .gbx file is a binary snap-shot of your GBUdb data. By default it is created about once per hour so that your SNF node does not have to start learning again from scratch if it is abruptly restarted.
Please let us know if you have other questions. Best, _M
