09-25-2009
Using 'whois' to Retrieve all IPs/Subnets for an Organization
I manage a spam filter for the organization I work for. I've been trying to get the others here to stop white listing by domain name since that can be easily spoofed. One of the obstacles, however, is that there doesn't seem to be an easy way to determine the legitimate outgoing SMTP server IP for these domains. Currently, the best we can do is to find a legitimate message from one of the domains in question (cnn.com for example) then search the spam filter's message log for the first two or three octets of the validated IP address. The end result can be exported to a CSV file and then we determine if we should do individual IPs or a network. In the case of cnn.com, we had to do the network since there were 50 hosts in the 31-129 range (last octet).
Just "cold calling" places like CNN and saying, "Hey can you give me a list of the IP addresses for all of your outgoing mail servers" is not likely to get to warm a reception. And if I am going to convince my co-workers that whitelisting domains, while easy, is not the best approach... I need something that's almost as easy. Since it's possible to do a 'whois -h arin.whois.net <some ip address> and get the owner and full network range list, I was wondering if there is some way of using 'whois' with the domain name to get the full network? That would be much better than what I'm doing now which is kind of hit or miss. I looked at the 'whois' man page but there really didn't seem to be much there about doing a recursive query.
I have a feeling that answer will be that I will just need to go through the message log and try and snag whatever info I can, but I'm hoping someone out there might have a better way. Because there's ALWAYS a better way to do something.
9 More Discussions You Might Find Interesting
1. AIX
hello
I have a file system with 737 Go of data (oracle)
I want to add 230 Go.
IBM technician says to me that it's better (for performance) to backup the file system, rebuild it with the new 250Go and restore it....
737 Go to backup, it is not very simple... !!!!
You confirm what says the... (6 Replies)
Discussion started by: pascalbout
6 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I am quite sure that I am posting a question in the very wrong forum but I have to give a try. It's a question about UNIX theory. I don't have any clue of how to solve this question. If someone could kindly provide some good references or give me the formulas, it will be really... (1 Reply)
Discussion started by: ti_ma
1 Replies
3. UNIX for Dummies Questions & Answers
The /src file is obviously designed to contain source code, so when I download programs, I should put them in /src (because they contain the source files + the executables)? What do most people do with the executables? Do they copy them to /bin, make links to them in /bin, or just leave them in... (4 Replies)
Discussion started by: css136
4 Replies
4. Shell Programming and Scripting
Input file:
HS04636 type header 836 7001 ID=g1
HS04636 type status 836 1017 Parent=g1.t1
HS04636 type location 966 1017 ID=g1.t1.cds;Parent=g1.t1
HS04636 type location 1818 1934 ID=g1.t1.cds;Parent=g1.t1
HS04636 type status 1818... (8 Replies)
Discussion started by: patrick87
8 Replies
5. Shell Programming and Scripting
Hi All,
Through mailx command, we are able to send mail to all users within the organization but not outside the organization.
I need to work with Admin to configure it. Can someone tell me on what are the things needs be done to enable it.
i have checked the resolv.conf, it shows only... (1 Reply)
Discussion started by: ace_friends22
1 Replies
6. Shell Programming and Scripting
Input file
DATA2.2 POSITION_152486.2 COLUMN689699.2
DATA2.2 ROW00000342066 UNIT00000342313
DATA7.2 POSITION_017891.4 COLUMN060361.4
DATA7.2 ROW00000379319 UNIT00000368623
DATA7.2 ROW00000421241 UNIT00000400736
DATA8.1 POSITION_153254.2 COLUMN694986.2
DATA8.1 ROW00000379288... (1 Reply)
Discussion started by: perl_beginner
1 Replies
7. UNIX for Dummies Questions & Answers
Does anyone have any idea of how I can make something like the code below run recursively?
I'll run it on a tree of directories all with different names and all containing a sequence of .dpx files. I've tried to do it using find and exec but can't get it to work right.
What it needs to do is... (4 Replies)
Discussion started by: scribling
4 Replies
8. AIX
Please take your time to answer/comment. no urgency. it would help upcoming sysadmins like me in understanding how things work in real time.
OS: AIX
Middleware: Weblogic/WAS
Database: Oracle DB/IBM DB2
Backup s/w tools: not available as of now (except native OS commands/utilities)
I'm a... (5 Replies)
Discussion started by: aaron8667
5 Replies
9. What is on Your Mind?
Hi.
I've just made our internal Whois lookup service available for all forum users, not only moderators and admins.
Whois Database
It's basically the same whois info you can get from your command line and many other web sites.
If you would like to see other features, please post in... (0 Replies)
Discussion started by: Neo
0 Replies
LEARN ABOUT DEBIAN
www::cnic::simple
WWW::CNic::Simple(3pm) User Contributed Perl Documentation WWW::CNic::Simple(3pm)
NAME
WWW::CNic::Simple - a procedural interface to WWW::CNic
SYNOPSIS
#!/usr/bin/perl
use WWW::CNic::Simple;
my @suffixes = suffixes();
my %results = check('test-domain', 'uk.com', 'uk.net');
print "test-domain.uk.com is registered.
" if ($results{'uk.com'} == 1);
my %whois = whois('test-domain.uk.com');
print "domain status: $whois{status}
";
DESCRIPTION
This interface is intended for those who want a simplified view of the WWW::CNic library. It provides simple functions for querying the
CentralNic system, making it ideal for one-liners and other tasks.
Please note that it is not possible to make domain registrations or modifications using "WWW::CNic::Simple".
FUNCTIONS
my @suffixes = suffixes();
This function returns an array containing the currently live CentralNic suffixes.
my %result = check($domain, @suffixes);
This function does an availability check on $domain against the suffixes contained in @suffixes. Note that if @suffixes is omitted the
check will run against all CentralNic domains.
The function returns a hash of the form:
my %result = ( 'uk.com' => 1,
'uk.net' => 0,
'eu.com' => 0);
where 1 indicates that the domain is already registered.
my %whois = whois($domain);
This function returns a hash containing whois data for the given $domain This hash is of the form:
my %whois = { chandle => { postcode => 'SW6 4SN',
country => 'UK',
userid => 'C11480',
fax => 'N/A',
addr => "163 New King's Road, Fulham, London",
name => 'Hostmaster',
email => 'webservices@centralnic.com',
phone => '020 7751 9000',
company => 'CentralNic Ltd' },
expires => '1001458800',
status => 'Live',
thandle => # as chandle above
bhandle => # as chandle above
registrant => 'CentralNic Ltd',
domain => 'toolkit-test.uk.com',
created => '1001458800'
};
COPYRIGHT
This module is (c) 2011 CentralNic Ltd. All rights reserved. This module is free software; you can redistribute it and/or modify it under
the same terms as Perl itself.
SEE ALSO
o http://toolkit.centralnic.com/
o WWW::CNic
o WWW::CNic::Cookbook
perl v5.12.3 2011-05-13 WWW::CNic::Simple(3pm)