09-25-2009
Using 'whois' to Retrieve all IPs/Subnets for an Organization
I manage a spam filter for the organization I work for. I've been trying to get the others here to stop white listing by domain name since that can be easily spoofed. One of the obstacles, however, is that there doesn't seem to be an easy way to determine the legitimate outgoing SMTP server IP for these domains. Currently, the best we can do is to find a legitimate message from one of the domains in question (cnn.com for example) then search the spam filter's message log for the first two or three octets of the validated IP address. The end result can be exported to a CSV file and then we determine if we should do individual IPs or a network. In the case of cnn.com, we had to do the network since there were 50 hosts in the 31-129 range (last octet).
Just "cold calling" places like CNN and saying, "Hey can you give me a list of the IP addresses for all of your outgoing mail servers" is not likely to get to warm a reception. And if I am going to convince my co-workers that whitelisting domains, while easy, is not the best approach... I need something that's almost as easy. Since it's possible to do a 'whois -h arin.whois.net <some ip address> and get the owner and full network range list, I was wondering if there is some way of using 'whois' with the domain name to get the full network? That would be much better than what I'm doing now which is kind of hit or miss. I looked at the 'whois' man page but there really didn't seem to be much there about doing a recursive query.
I have a feeling that answer will be that I will just need to go through the message log and try and snag whatever info I can, but I'm hoping someone out there might have a better way. Because there's ALWAYS a better way to do something.
9 More Discussions You Might Find Interesting
1. AIX
hello
I have a file system with 737 Go of data (oracle)
I want to add 230 Go.
IBM technician says to me that it's better (for performance) to backup the file system, rebuild it with the new 250Go and restore it....
737 Go to backup, it is not very simple... !!!!
You confirm what says the... (6 Replies)
Discussion started by: pascalbout
6 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I am quite sure that I am posting a question in the very wrong forum but I have to give a try. It's a question about UNIX theory. I don't have any clue of how to solve this question. If someone could kindly provide some good references or give me the formulas, it will be really... (1 Reply)
Discussion started by: ti_ma
1 Replies
3. UNIX for Dummies Questions & Answers
The /src file is obviously designed to contain source code, so when I download programs, I should put them in /src (because they contain the source files + the executables)? What do most people do with the executables? Do they copy them to /bin, make links to them in /bin, or just leave them in... (4 Replies)
Discussion started by: css136
4 Replies
4. Shell Programming and Scripting
Input file:
HS04636 type header 836 7001 ID=g1
HS04636 type status 836 1017 Parent=g1.t1
HS04636 type location 966 1017 ID=g1.t1.cds;Parent=g1.t1
HS04636 type location 1818 1934 ID=g1.t1.cds;Parent=g1.t1
HS04636 type status 1818... (8 Replies)
Discussion started by: patrick87
8 Replies
5. Shell Programming and Scripting
Hi All,
Through mailx command, we are able to send mail to all users within the organization but not outside the organization.
I need to work with Admin to configure it. Can someone tell me on what are the things needs be done to enable it.
i have checked the resolv.conf, it shows only... (1 Reply)
Discussion started by: ace_friends22
1 Replies
6. Shell Programming and Scripting
Input file
DATA2.2 POSITION_152486.2 COLUMN689699.2
DATA2.2 ROW00000342066 UNIT00000342313
DATA7.2 POSITION_017891.4 COLUMN060361.4
DATA7.2 ROW00000379319 UNIT00000368623
DATA7.2 ROW00000421241 UNIT00000400736
DATA8.1 POSITION_153254.2 COLUMN694986.2
DATA8.1 ROW00000379288... (1 Reply)
Discussion started by: perl_beginner
1 Replies
7. UNIX for Dummies Questions & Answers
Does anyone have any idea of how I can make something like the code below run recursively?
I'll run it on a tree of directories all with different names and all containing a sequence of .dpx files. I've tried to do it using find and exec but can't get it to work right.
What it needs to do is... (4 Replies)
Discussion started by: scribling
4 Replies
8. AIX
Please take your time to answer/comment. no urgency. it would help upcoming sysadmins like me in understanding how things work in real time.
OS: AIX
Middleware: Weblogic/WAS
Database: Oracle DB/IBM DB2
Backup s/w tools: not available as of now (except native OS commands/utilities)
I'm a... (5 Replies)
Discussion started by: aaron8667
5 Replies
9. What is on Your Mind?
Hi.
I've just made our internal Whois lookup service available for all forum users, not only moderators and admins.
Whois Database
It's basically the same whois info you can get from your command line and many other web sites.
If you would like to see other features, please post in... (0 Replies)
Discussion started by: Neo
0 Replies
LEARN ABOUT PLAN9
whois.conf
WHOIS.CONF(5) Debian GNU/Linux WHOIS.CONF(5)
NAME
whois.conf - alternative WHOIS servers list for whois client
SYNOPSIS
/etc/whois.conf
DESCRIPTION
This file contains a list of WHOIS servers which can augment or override the built-in list of the client.
It's a plain text file in ASCII encoding. Each line consists of two fields: a pattern to match WHOIS object identifier and a corresponding
WHOIS server domain name.
Fields are separated by non-empty sequence of space or a tabular characters. A line starting with a hash character is a free comment and
it's not considered.
The pattern is case-insensitive extended regular expression if whois client has been compiled with POSIX regular expressions support. Oth-
erwise, simple case-insensitive suffix comparison against WHOIS object identifier is used.
Internationalized domain names (IDN) must be specified in ascii-compatible encoding (ACE) format.
EXAMPLE
.nz$ nz.whois-servers.net
# Hangul Korean TLD
.xn--3e0b707e$ whois.kr
# Private ASNs
^as645(1[2-9]|2[0-9]|3[0-4])$ whois.example.net
FILES
/etc/whois.conf
SEE ALSO
whois(1)
AUTHOR
This manual page was written by Petr Pisa <ppisar@redhat.com> and is licensed under the terms of the GNU General Public License, version 2
or higher.
Petr Pisa 9 April 2013 WHOIS.CONF(5)