mirror of https://github.com/fail2ban/fail2ban
Moved README.pwhois to doc/
Robb Ballard
parent
c1c18b171c
commit
40c879f7e6
|
|
@ -0,0 +1,96 @@
|
||||||
|
Fail2ban Prefix Whois Modifications
|
||||||
|
-----------------------------------
|
||||||
|
|
||||||
|
We (the Prefix Whois folks) have been using fail2ban to protect various
|
||||||
|
services, and over time we have found that whois doesn't always provide
|
||||||
|
useful information without additional digging (see examples below). The
|
||||||
|
modified action configuration files use whois.pwhois.org with the standard
|
||||||
|
whois client installed on your operating system. The changes also include
|
||||||
|
passing a parameter that indicates the query is coming from a fail2ban
|
||||||
|
installation, as well as the service being blocked. We plan on making a
|
||||||
|
blacklist with automatic age-outs built with this data available to the
|
||||||
|
community in the future.
|
||||||
|
|
||||||
|
Files:
|
||||||
|
------
|
||||||
|
action.d/complain-pwhois.conf
|
||||||
|
action.d/sendmail-pwhois-lines.conf
|
||||||
|
action.d/sendmail-pwhois.conf
|
||||||
|
|
||||||
|
|
||||||
|
Example Whois Output:
|
||||||
|
---------------------
|
||||||
|
[whois.arin.net]
|
||||||
|
|
||||||
|
#
|
||||||
|
# ARIN WHOIS data and services are subject to the Terms of Use
|
||||||
|
# available at: https://www.arin.net/whois_tou.html
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Query terms are ambiguous. The query is assumed to be:
|
||||||
|
# "n 142.54.168.146"
|
||||||
|
#
|
||||||
|
# Use "?" to get help.
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# The following results may also be obtained via:
|
||||||
|
# http://whois.arin.net/rest/nets;q=142.54.168.146?showDetails=true&showARIN=false&ext=netref2
|
||||||
|
#
|
||||||
|
|
||||||
|
DataShack, LC DSV4-4 (NET-142-54-160-0-1) 142.54.160.0 - 142.54.191.255
|
||||||
|
MMO Solution DS-168-146-150 (NET-142-54-168-144-1) 142.54.168.144 - 142.54.168.151
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# ARIN WHOIS data and services are subject to the Terms of Use
|
||||||
|
# available at: https://www.arin.net/whois_tou.html
|
||||||
|
#
|
||||||
|
|
||||||
|
Example Pwhois Output:
|
||||||
|
----------------------
|
||||||
|
[whois.pwhois.org]
|
||||||
|
IP: 142.54.168.146
|
||||||
|
Origin-AS: 33387
|
||||||
|
Prefix: 142.54.160.0/19
|
||||||
|
AS-Path: 1239 174 32097 33387
|
||||||
|
AS-Org-Name: DataShack, LC
|
||||||
|
Org-Name: MMO Solution
|
||||||
|
Net-Name: DS-168-146-150
|
||||||
|
Cache-Date: 1383626547
|
||||||
|
Latitude: 39.147840
|
||||||
|
Longitude: -94.568880
|
||||||
|
City: KANSAS CITY
|
||||||
|
Region: MISSOURI
|
||||||
|
Country: UNITED STATES
|
||||||
|
Country-Code: US
|
||||||
|
AS-Org-Name-Source: ARIN
|
||||||
|
Org-Name-Source: ARIN
|
||||||
|
Net-Name-Source: ARIN
|
||||||
|
Route-Create-Date: Aug 22 2012 00:01:25
|
||||||
|
Route-Modify-Date: Nov 05 2013 00:01:21
|
||||||
|
Next-Hop: 144.228.241.130
|
||||||
|
Net-Range: 142.54.168.144 - 142.54.168.151
|
||||||
|
Net-Type: reassignment
|
||||||
|
Net-Register-Date: 2013-10-21
|
||||||
|
Net-Update-Date: 2013-10-21
|
||||||
|
Net-Create-Date: Sep 19 2013 01:51:07
|
||||||
|
Net-Modify-Date: Nov 05 2013 01:53:22
|
||||||
|
Org-Record: 0
|
||||||
|
Org-ID: C04738597
|
||||||
|
Org-Name: MMO Solution
|
||||||
|
Can-Allocate: 0
|
||||||
|
Street-1: 201 E. 16th st
|
||||||
|
City: North Kansas City
|
||||||
|
State: MO
|
||||||
|
Postal-Code: 64116
|
||||||
|
Country: US
|
||||||
|
Register-Date: 2013-10-21
|
||||||
|
Update-Date: 2013-10-21
|
||||||
|
Create-Date: Oct 23 2013 01:52:34
|
||||||
|
Modify-Date: Nov 05 2013 01:53:22
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue