MIS Analytics: ISMS: dnsbl-check

2016年12月24日星期六

ISMS: dnsbl-check

a script for checking suspicious ip via DNSBL.

REF: http://marc.info/?l=openbsd-misc&m=148223350813762&w=2

=== dnsbl-check ===

#!/bin/sh
#
# Check if the given IPv4 address is on a DNS blacklist.
# The list of DNSBL services was taken from
# https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists.
#
# DNSBLs that return too many false positives:
# - hostkarma.junkemailfilter.com
# - recent.spam.dnsbl.sorbs.net
# - dnsbl.sorbs.net

ip=$1
[[ $ip = [0-9]*.[0-9]*.[0-9]*.[0-9]* ]] || { echo 'IPv4 required'; exit 1; }
rev_ip=$(
IFS="."
set -- $ip
echo "$4.$3.$2.$1"
)

DNSBL_SERVICES='
zen.spamhaus.org
bl.spamcop.net
b.barracudacentral.org
rbl.megarbl.net
all.s5h.net
srnblack.surgate.net
bl.blocklist.de
dnsbl.inps.de
ix.dnsbl.manitu.net
blacklist.hostkarma.com
spamtrap.drbl.drand.net
bl.spamcannibal.org
spam.spamrats.com
dyna.spamrats.com
noptr.spamrats.com
dnsrbl.org
dnsbl.cobion.com
dul.dnsbl.sorbs.net
noservers.dnsbl.sorbs.net
badconf.rhsbl.sorbs.net
escalations.dnsbl.sorbs.net
web.dnsbl.sorbs.net
safe.dnsbl.sorbs.net
babl.rbl.webiron.net
'

for dnsbl in $DNSBL_SERVICES
do host -t A ${rev_ip}.${dnsbl} >/dev/null &&
echo "$ip on $dnsbl black list." &
done

wait

沒有留言:

張貼留言

訂閱：張貼留言 (Atom)