From 40c879f7e6dbaebe799520a7baa3f4edafdbb003 Mon Sep 17 00:00:00 2001 From: Robb Ballard Date: Mon, 23 Dec 2013 06:14:26 -0700 Subject: [PATCH] Moved README.pwhois to doc/ --- doc/README.pwhois | 96 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 doc/README.pwhois diff --git a/doc/README.pwhois b/doc/README.pwhois new file mode 100644 index 00000000..bafc7589 --- /dev/null +++ b/doc/README.pwhois @@ -0,0 +1,96 @@ +Fail2ban Prefix Whois Modifications +----------------------------------- + +We (the Prefix Whois folks) have been using fail2ban to protect various +services, and over time we have found that whois doesn't always provide +useful information without additional digging (see examples below). The +modified action configuration files use whois.pwhois.org with the standard +whois client installed on your operating system. The changes also include +passing a parameter that indicates the query is coming from a fail2ban +installation, as well as the service being blocked. We plan on making a +blacklist with automatic age-outs built with this data available to the +community in the future. + +Files: +------ +action.d/complain-pwhois.conf +action.d/sendmail-pwhois-lines.conf +action.d/sendmail-pwhois.conf + + +Example Whois Output: +--------------------- +[whois.arin.net] + +# +# ARIN WHOIS data and services are subject to the Terms of Use +# available at: https://www.arin.net/whois_tou.html +# + + +# +# Query terms are ambiguous. The query is assumed to be: +# "n 142.54.168.146" +# +# Use "?" to get help. +# + +# +# The following results may also be obtained via: +# http://whois.arin.net/rest/nets;q=142.54.168.146?showDetails=true&showARIN=false&ext=netref2 +# + +DataShack, LC DSV4-4 (NET-142-54-160-0-1) 142.54.160.0 - 142.54.191.255 +MMO Solution DS-168-146-150 (NET-142-54-168-144-1) 142.54.168.144 - 142.54.168.151 + + + +# +# ARIN WHOIS data and services are subject to the Terms of Use +# available at: https://www.arin.net/whois_tou.html +# + +Example Pwhois Output: +---------------------- +[whois.pwhois.org] +IP: 142.54.168.146 +Origin-AS: 33387 +Prefix: 142.54.160.0/19 +AS-Path: 1239 174 32097 33387 +AS-Org-Name: DataShack, LC +Org-Name: MMO Solution +Net-Name: DS-168-146-150 +Cache-Date: 1383626547 +Latitude: 39.147840 +Longitude: -94.568880 +City: KANSAS CITY +Region: MISSOURI +Country: UNITED STATES +Country-Code: US +AS-Org-Name-Source: ARIN +Org-Name-Source: ARIN +Net-Name-Source: ARIN +Route-Create-Date: Aug 22 2012 00:01:25 +Route-Modify-Date: Nov 05 2013 00:01:21 +Next-Hop: 144.228.241.130 +Net-Range: 142.54.168.144 - 142.54.168.151 +Net-Type: reassignment +Net-Register-Date: 2013-10-21 +Net-Update-Date: 2013-10-21 +Net-Create-Date: Sep 19 2013 01:51:07 +Net-Modify-Date: Nov 05 2013 01:53:22 +Org-Record: 0 +Org-ID: C04738597 +Org-Name: MMO Solution +Can-Allocate: 0 +Street-1: 201 E. 16th st +City: North Kansas City +State: MO +Postal-Code: 64116 +Country: US +Register-Date: 2013-10-21 +Update-Date: 2013-10-21 +Create-Date: Oct 23 2013 01:52:34 +Modify-Date: Nov 05 2013 01:53:22 + +