Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using 'whois' to Retrieve all IPs/Subnets for an Organization
Special Forums IP Networking Using 'whois' to Retrieve all IPs/Subnets for an Organization Post 302356412 by deckard on Friday 25th of September 2009 11:38:28 AM
Old 09-25-2009
Using 'whois' to Retrieve all IPs/Subnets for an Organization
I manage a spam filter for the organization I work for. I've been trying to get the others here to stop white listing by domain name since that can be easily spoofed. One of the obstacles, however, is that there doesn't seem to be an easy way to determine the legitimate outgoing SMTP server IP for these domains. Currently, the best we can do is to find a legitimate message from one of the domains in question (cnn.com for example) then search the spam filter's message log for the first two or three octets of the validated IP address. The end result can be exported to a CSV file and then we determine if we should do individual IPs or a network. In the case of cnn.com, we had to do the network since there were 50 hosts in the 31-129 range (last octet).

Just "cold calling" places like CNN and saying, "Hey can you give me a list of the IP addresses for all of your outgoing mail servers" is not likely to get to warm a reception. And if I am going to convince my co-workers that whitelisting domains, while easy, is not the best approach... I need something that's almost as easy. Since it's possible to do a 'whois -h arin.whois.net <some ip address> and get the owner and full network range list, I was wondering if there is some way of using 'whois' with the domain name to get the full network? That would be much better than what I'm doing now which is kind of hit or miss. I looked at the 'whois' man page but there really didn't seem to be much there about doing a recursive query.

I have a feeling that answer will be that I will just need to go through the message log and try and snag whatever info I can, but I'm hoping someone out there might have a better way. Because there's ALWAYS a better way to do something.
 

9 More Discussions You Might Find Interesting

1. AIX

Organization in a big file system

hello I have a file system with 737 Go of data (oracle) I want to add 230 Go. IBM technician says to me that it's better (for performance) to backup the file system, rebuild it with the new 250Go and restore it.... 737 Go to backup, it is not very simple... !!!! You confirm what says the... (6 Replies)
Discussion started by: pascalbout
6 Replies

2. UNIX for Dummies Questions & Answers

Theory question about the organization of a UNIX file...

Hi, I am quite sure that I am posting a question in the very wrong forum but I have to give a try. It's a question about UNIX theory. I don't have any clue of how to solve this question. If someone could kindly provide some good references or give me the formulas, it will be really... (1 Reply)
Discussion started by: ti_ma
1 Replies

3. UNIX for Dummies Questions & Answers

File organization, /bin and /src

The /src file is obviously designed to contain source code, so when I download programs, I should put them in /src (because they contain the source files + the executables)? What do most people do with the executables? Do they copy them to /bin, make links to them in /bin, or just leave them in... (4 Replies)
Discussion started by: css136
4 Replies

4. Shell Programming and Scripting

Organization data based on two conditions applied problem asking...

Input file: HS04636 type header 836 7001 ID=g1 HS04636 type status 836 1017 Parent=g1.t1 HS04636 type location 966 1017 ID=g1.t1.cds;Parent=g1.t1 HS04636 type location 1818 1934 ID=g1.t1.cds;Parent=g1.t1 HS04636 type status 1818... (8 Replies)
Discussion started by: patrick87
8 Replies

5. Shell Programming and Scripting

mail outside organization

Hi All, Through mailx command, we are able to send mail to all users within the organization but not outside the organization. I need to work with Admin to configure it. Can someone tell me on what are the things needs be done to enable it. i have checked the resolv.conf, it shows only... (1 Reply)
Discussion started by: ace_friends22
1 Replies

6. Shell Programming and Scripting

Help with re-organization data

Input file DATA2.2 POSITION_152486.2 COLUMN689699.2 DATA2.2 ROW00000342066 UNIT00000342313 DATA7.2 POSITION_017891.4 COLUMN060361.4 DATA7.2 ROW00000379319 UNIT00000368623 DATA7.2 ROW00000421241 UNIT00000400736 DATA8.1 POSITION_153254.2 COLUMN694986.2 DATA8.1 ROW00000379288... (1 Reply)
Discussion started by: perl_beginner
1 Replies

7. UNIX for Dummies Questions & Answers

Recursive file organization?

Does anyone have any idea of how I can make something like the code below run recursively? I'll run it on a tree of directories all with different names and all containing a sequence of .dpx files. I've tried to do it using find and exec but can't get it to work right. What it needs to do is... (4 Replies)
Discussion started by: scribling
4 Replies

8. AIX

Help in understanding how backup and restore works in any organization?

Please take your time to answer/comment. no urgency. it would help upcoming sysadmins like me in understanding how things work in real time. OS: AIX Middleware: Weblogic/WAS Database: Oracle DB/IBM DB2 Backup s/w tools: not available as of now (except native OS commands/utilities) I'm a... (5 Replies)
Discussion started by: aaron8667
5 Replies

9. What is on Your Mind?

Whois Lookup

Hi. I've just made our internal Whois lookup service available for all forum users, not only moderators and admins. Whois Database It's basically the same whois info you can get from your command line and many other web sites. If you would like to see other features, please post in... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT OSX

whois

WHOIS(1)						    BSD General Commands Manual 						  WHOIS(1)

NAME

     whois -- Internet domain name and network number directory service

SYNOPSIS

     whois [-aAbdgiIlmQrR6] [-c country-code | -h host] [-p port] name ...

DESCRIPTION

     The whois utility looks up records in the databases maintained by several Network Information Centers (NICs).

     The options are as follows:

     -6      Use the IPv6 Resource Center (6bone) database.  It contains network names and addresses for the IPv6 network.

     -A      Use the Asia/Pacific Network Information Center (APNIC) database.	It contains network numbers used in East Asia, Australia, New Zea-
	     land, and the Pacific islands.

     -a      Use the American Registry for Internet Numbers (ARIN) database.  It contains network numbers used in those parts of the world covered
	     neither by APNIC nor by RIPE.

	     (Hint: All point of contact handles in the ARIN whois database end with "-ARIN".)

     -b      Use the Network Abuse Clearinghouse database.  It contains addresses to which network abuse should be reported, indexed by domain
	     name.

     -c country-code
	     This is the equivalent of using the -h option with an argument of "country-code.whois-servers.net".

     -d      Use the US Department of Defense database.  It contains points of contact for subdomains of .MIL.

     -g      Use the US non-military federal government database, which contains points of contact for subdomains of .GOV.

     -h host
	     Use the specified host instead of the default variant.  Either a host name or an IP address may be specified.

	     By default whois constructs the name of a whois server to use from the top-level domain (TLD) of the supplied (single) argument, and
	     appending ".whois-servers.net".  This effectively allows a suitable whois server to be selected automatically for a large number of
	     TLDs.

	     In the event that an IP address is specified, the whois server will default to the American Registry for Internet Numbers (ARIN).	If
	     a query to ARIN references APNIC, LACNIC, or RIPE, that server will be queried also, provided that the -Q option is not specified.

	     If the query is not a domain name or IP address, whois will fall back to whois.crsnic.net.

     -I      Use the Internet Assigned Numbers Authority (IANA) database.  It contains network information for top-level domains.

     -i      Use the Network Solutions Registry for Internet Numbers (whois.networksolutions.com) database.  It contains network numbers and
	     domain contact information for most of .COM, .NET, .ORG and .EDU domains.

	     NOTE!  The registration of these domains is now done by a number of independent and competing registrars.	This database holds no
	     information on domains registered by organizations other than Network Solutions, Inc.  Also, note that the InterNIC database
	     (whois.internic.net) is no longer handled by Network Solutions, Inc.  For details, see http://www.internic.net/.

	     (Hint: Contact information, identified by the term handle, can be looked up by prefixing "handle " to the NIC handle in the query.)

     -l      Use the Latin American and Caribbean IP address Regional Registry (LACNIC) database.  It contains network numbers used in much of
	     Latin America and the Caribbean.

     -m      Use the Route Arbiter Database (RADB) database.  It contains route policy specifications for a large number of operators' networks.

     -p port
	     Connect to the whois server on port.  If this option is not specified, whois defaults to port 43.

     -Q      Do a quick lookup.  This means that whois will not attempt to lookup the name in the authoritative whois server (if one is listed).
	     This option has no effect when combined with any other options.

     -R      Use the Russia Network Information Center (RIPN) database.  It contains network numbers and domain contact information for subdomains
	     of .RU.  This option is deprecated; use the -c option with an argument of "RU" instead.

     -r      Use the R'eseaux IP Europ'eens (RIPE) database.  It contains network numbers and domain contact information for Europe.

     The operands specified to whois are treated independently and may be used as queries on different whois servers.

EXAMPLES

     Most types of data, such as domain names and IP addresses, can be used as arguments to whois without any options, and whois will choose the
     correct whois server to query.  Some exceptions, where whois will not be able to handle data correctly, are detailed below.

     To obtain contact information about an administrator located in the Russian TLD domain "RU", use the -c option as shown in the following
     example, where CONTACT-ID is substituted with the actual contact identifier.

	   whois -c RU CONTACT-ID

     (Note: This example is specific to the TLD "RU", but other TLDs can be queried by using a similar syntax.)

     The following example demonstrates how to obtain information about an IPv6 address or hostname using the -6 option, which directs the query
     to 6bone.

	   whois -6 IPv6-IP-Address

     The following example demonstrates how to query a whois server using a non-standard port, where ``query-data'' is the query to be sent to
     ``whois.example.com'' on port ``rwhois'' (written numerically as 4321).

	   whois -h whois.example.com -p rwhois query-data

SEE ALSO

     Ken Harrenstien and Vic White, NICNAME/WHOIS, 1 March 1982, RFC 812.

HISTORY

     The whois command appeared in 4.3BSD.

BSD
								   June 14, 2004							       BSD
All times are GMT -4. The time now is 01:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy