Security Incidents mailing list archives
Re: Handling Scans.
From: Bill Munger <bmunger () LIGHTSHIPMAIL NET>
Date: Mon, 12 Feb 2001 16:18:08 -0500
abel wisman wrote:
Has (in addition to the question already asked) anybody mae (perhaps) a automated system based on for instance iplog, snort or tripwire, where mail is generated to do this automatically? would be an interesting feature
A while back, I started a script to do this. I abandoned it however without really finishing it, but what I do have is pasted here. Basically it gets the contact email for the IP given on the command line. Doesn't help much for RIPE or APNIC addresses though, and it's kind of clumsy, but it does work. Anyway, here it is if anybody is interested: ---CUT HERE---- #!/usr/bin/perl my $email; my @save; my $handle; my $host = $ARGV[0] || die "please specify a host IP address.\n"; $email = q_arin( $host ); if ($email) { print "$email\n"; } else { for ($i=0; $i < scalar(@save); $i++) { if ($save[$i] =~ /single\ out\ one\ record/) { for ($j=1; $j>0; $j++) { $save[$i-$j] =~ /\((.*)\)/; if ($1) { $handle = $1; last; } } print q_arin( "\!$handle" ), "\n"; } } } sub q_arin { my $t = shift; my $addr = undef; open WHOIS, "whois $t\@rs.arin.net|"; while (<WHOIS>) { my $line = $_; push @save, $line; $line =~ /([^\s]+\@[^\s]+)/; $addr = $1 if ($1); } return $addr; }
Current thread:
- Handling Scans. Reeves, Mike (Feb 12)
- Re: Handling Scans. abel wisman (Feb 12)
- Re: Handling Scans. Bill Munger (Feb 12)
- Re: Handling Scans. E, M (Feb 13)
- Re: Handling Scans. Russell Fulton (Feb 13)
- Re: Handling Scans. deviate (Feb 13)
- Re: Handling Scans. Eelco Duijker (Feb 15)
- Re: Handling Scans. Joe Shaw (Feb 13)
- Re: Handling Scans. Michael Boman (Feb 13)
- Re: Handling Scans. Richard Johnson (Feb 13)
- Re: Handling Scans. Harlan S. Barney, Jr. (Feb 13)
- <Possible follow-ups>
- Re: Handling Scans. Booke, Raymond (Feb 12)
- Re: Handling Scans. Reeves, Mike (Feb 12)
(Thread continues...)
- Re: Handling Scans. abel wisman (Feb 12)