Sponsored Content
Special Forums IP Networking Using 'whois' to Retrieve all IPs/Subnets for an Organization Post 302356412 by deckard on Friday 25th of September 2009 11:38:28 AM
Old 09-25-2009
Using 'whois' to Retrieve all IPs/Subnets for an Organization

I manage a spam filter for the organization I work for. I've been trying to get the others here to stop white listing by domain name since that can be easily spoofed. One of the obstacles, however, is that there doesn't seem to be an easy way to determine the legitimate outgoing SMTP server IP for these domains. Currently, the best we can do is to find a legitimate message from one of the domains in question (cnn.com for example) then search the spam filter's message log for the first two or three octets of the validated IP address. The end result can be exported to a CSV file and then we determine if we should do individual IPs or a network. In the case of cnn.com, we had to do the network since there were 50 hosts in the 31-129 range (last octet).

Just "cold calling" places like CNN and saying, "Hey can you give me a list of the IP addresses for all of your outgoing mail servers" is not likely to get to warm a reception. And if I am going to convince my co-workers that whitelisting domains, while easy, is not the best approach... I need something that's almost as easy. Since it's possible to do a 'whois -h arin.whois.net <some ip address> and get the owner and full network range list, I was wondering if there is some way of using 'whois' with the domain name to get the full network? That would be much better than what I'm doing now which is kind of hit or miss. I looked at the 'whois' man page but there really didn't seem to be much there about doing a recursive query.

I have a feeling that answer will be that I will just need to go through the message log and try and snag whatever info I can, but I'm hoping someone out there might have a better way. Because there's ALWAYS a better way to do something.
 

9 More Discussions You Might Find Interesting

1. AIX

Organization in a big file system

hello I have a file system with 737 Go of data (oracle) I want to add 230 Go. IBM technician says to me that it's better (for performance) to backup the file system, rebuild it with the new 250Go and restore it.... 737 Go to backup, it is not very simple... !!!! You confirm what says the... (6 Replies)
Discussion started by: pascalbout
6 Replies

2. UNIX for Dummies Questions & Answers

Theory question about the organization of a UNIX file...

Hi, I am quite sure that I am posting a question in the very wrong forum but I have to give a try. It's a question about UNIX theory. I don't have any clue of how to solve this question. If someone could kindly provide some good references or give me the formulas, it will be really... (1 Reply)
Discussion started by: ti_ma
1 Replies

3. UNIX for Dummies Questions & Answers

File organization, /bin and /src

The /src file is obviously designed to contain source code, so when I download programs, I should put them in /src (because they contain the source files + the executables)? What do most people do with the executables? Do they copy them to /bin, make links to them in /bin, or just leave them in... (4 Replies)
Discussion started by: css136
4 Replies

4. Shell Programming and Scripting

Organization data based on two conditions applied problem asking...

Input file: HS04636 type header 836 7001 ID=g1 HS04636 type status 836 1017 Parent=g1.t1 HS04636 type location 966 1017 ID=g1.t1.cds;Parent=g1.t1 HS04636 type location 1818 1934 ID=g1.t1.cds;Parent=g1.t1 HS04636 type status 1818... (8 Replies)
Discussion started by: patrick87
8 Replies

5. Shell Programming and Scripting

mail outside organization

Hi All, Through mailx command, we are able to send mail to all users within the organization but not outside the organization. I need to work with Admin to configure it. Can someone tell me on what are the things needs be done to enable it. i have checked the resolv.conf, it shows only... (1 Reply)
Discussion started by: ace_friends22
1 Replies

6. Shell Programming and Scripting

Help with re-organization data

Input file DATA2.2 POSITION_152486.2 COLUMN689699.2 DATA2.2 ROW00000342066 UNIT00000342313 DATA7.2 POSITION_017891.4 COLUMN060361.4 DATA7.2 ROW00000379319 UNIT00000368623 DATA7.2 ROW00000421241 UNIT00000400736 DATA8.1 POSITION_153254.2 COLUMN694986.2 DATA8.1 ROW00000379288... (1 Reply)
Discussion started by: perl_beginner
1 Replies

7. UNIX for Dummies Questions & Answers

Recursive file organization?

Does anyone have any idea of how I can make something like the code below run recursively? I'll run it on a tree of directories all with different names and all containing a sequence of .dpx files. I've tried to do it using find and exec but can't get it to work right. What it needs to do is... (4 Replies)
Discussion started by: scribling
4 Replies

8. AIX

Help in understanding how backup and restore works in any organization?

Please take your time to answer/comment. no urgency. it would help upcoming sysadmins like me in understanding how things work in real time. OS: AIX Middleware: Weblogic/WAS Database: Oracle DB/IBM DB2 Backup s/w tools: not available as of now (except native OS commands/utilities) I'm a... (5 Replies)
Discussion started by: aaron8667
5 Replies

9. What is on Your Mind?

Whois Lookup

Hi. I've just made our internal Whois lookup service available for all forum users, not only moderators and admins. Whois Database It's basically the same whois info you can get from your command line and many other web sites. If you would like to see other features, please post in... (0 Replies)
Discussion started by: Neo
0 Replies
WHOIS.CONF(5)							 Debian GNU/Linux						     WHOIS.CONF(5)

NAME
whois.conf - alternative WHOIS servers list for whois client SYNOPSIS
/etc/whois.conf DESCRIPTION
This file contains a list of WHOIS servers which can augment or override the built-in list of the client. It's a plain text file in ASCII encoding. Each line consists of two fields: a pattern to match WHOIS object identifier and a corresponding WHOIS server domain name. Fields are separated by non-empty sequence of space or a tabular characters. A line starting with a hash character is a free comment and it's not considered. The pattern is case-insensitive extended regular expression if whois client has been compiled with POSIX regular expressions support. Oth- erwise, simple case-insensitive suffix comparison against WHOIS object identifier is used. Internationalized domain names (IDN) must be specified in ascii-compatible encoding (ACE) format. EXAMPLE
.nz$ nz.whois-servers.net # Hangul Korean TLD .xn--3e0b707e$ whois.kr # Private ASNs ^as645(1[2-9]|2[0-9]|3[0-4])$ whois.example.net FILES
/etc/whois.conf SEE ALSO
whois(1) AUTHOR
This manual page was written by Petr Pisa <ppisar@redhat.com> and is licensed under the terms of the GNU General Public License, version 2 or higher. Petr Pisa 9 April 2013 WHOIS.CONF(5)
All times are GMT -4. The time now is 11:34 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy