SNFClient Command Line: Update GBUdb Records
SNFClient.exe -set <IP4Address> ( good | bad | ugly | ignore ) <bad> <good>
This mode creates or updates the GBUdb record for the given IP.
GBUdb records consist of a flag that determines the mode of the record, a count of known bad encounters, and a count of known good encounters. If you wish to leave part of the GBUdb record with it's default (or current) value then use the dash ( - ) character in place of the corresponding command line parameter.
For example, to set the bad count to zero for a particular IP without changing any other parts of the GBUdb record you might do the following:
>SNFClient.exe -set 18.104.22.168 - 0 - GBUdb Record for 22.214.171.124 Type Flag: ugly Bad Count: 0 Good Count: 0 Probability: 0 Confidence: 0 Range: new Code: 0
In the above example, the flag ( good | bad | ugly | ignore ) and good event count <good>command line parameters were left in their original state, but the bad count <bad> was changed to zero. The original state of the record can be seen above (see Perform IP Testing). By changing the bad count to zero the IP has moved out of the truncate range and now looks like a "new" record (both counts zero, default "ugly" flag).
There are 4 possible flags:
Good - The IP is administratively white-listed.
Bad - The IP is administratively black-listed.
Ignore - The IP is to be ignored (infrastructure, transparent).
Ugly - The IP is to be judged on it's behavior / statistics.
In this example, we will black-list the IP by setting it's flag to Bad:
>SNFClient.exe -set 126.96.36.199 bad - - GBUdb Record for 188.8.131.52 Type Flag: bad Bad Count: 0 Good Count: 0 Probability: 0 Confidence: 0 Range: truncate Code: 20
Note that with the bad flag set the IP record will now return the truncate result code when tested without regard for the good and bad event counts.
In this example, we set the record for this IP back to it's original state. The important parts are that the flag was ugly, the bad count was 9, and the good count was 0:
>SNFClient.exe -set 184.108.40.206 ugly 9 0 GBUdb Record for 220.127.116.11 Type Flag: ugly Bad Count: 9 Good Count: 0 Probability: 1 Confidence: 0.226425 Range: truncate Code: 20
Note that the Probability and Confidence figures are now calculated to the same values as before and that the Range and associated result code are also correct (compare with the -test example for this IP above).
In this next example, we will change the good event counter so that the IP is no longer found in the truncate range:
>SNFClient.exe -set 18.104.22.168 - - 1 GBUdb Record for 22.214.171.124 Type Flag: ugly Bad Count: 9 Good Count: 1 Probability: 0.8 Confidence: 0.237282 Range: black Code: 63
Note that we only changed the good count. The other parts of the GBUdb record were left unchanged.
Note that with only 10 total encounters, only 1 out of 10 needs to be good in order to keep the IP out of the default truncate range. The IP doesn't get off the black-list completely however. Now with 9 out of 10 encounters counted as bad the IP is in the black range.