mirror of https://github.com/fail2ban/fail2ban
Moved README.pwhois to doc/
Robb Ballard
parent
05d08f662b
commit
c1c18b171c
|
|
@ -1,96 +0,0 @@
|
|||
Fail2ban Prefix Whois Modifications
|
||||
-----------------------------------
|
||||
|
||||
We (the Prefix Whois folks) have been using fail2ban to protect various
|
||||
services, and over time we have found that whois doesn't always provide
|
||||
useful information without additional digging (see examples below). The
|
||||
modified action configuration files use whois.pwhois.org with the standard
|
||||
whois client installed on your operating system. The changes also include
|
||||
passing a parameter that indicates the query is coming from a fail2ban
|
||||
installation, as well as the service being blocked. We plan on making a
|
||||
blacklist with automatic age-outs built with this data available to the
|
||||
community in the future.
|
||||
|
||||
Files:
|
||||
------
|
||||
action.d/complain-pwhois.conf
|
||||
action.d/sendmail-pwhois-lines.conf
|
||||
action.d/sendmail-pwhois.conf
|
||||
|
||||
|
||||
Example Whois Output:
|
||||
---------------------
|
||||
[whois.arin.net]
|
||||
|
||||
#
|
||||
# ARIN WHOIS data and services are subject to the Terms of Use
|
||||
# available at: https://www.arin.net/whois_tou.html
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
# Query terms are ambiguous. The query is assumed to be:
|
||||
# "n 142.54.168.146"
|
||||
#
|
||||
# Use "?" to get help.
|
||||
#
|
||||
|
||||
#
|
||||
# The following results may also be obtained via:
|
||||
# http://whois.arin.net/rest/nets;q=142.54.168.146?showDetails=true&showARIN=false&ext=netref2
|
||||
#
|
||||
|
||||
DataShack, LC DSV4-4 (NET-142-54-160-0-1) 142.54.160.0 - 142.54.191.255
|
||||
MMO Solution DS-168-146-150 (NET-142-54-168-144-1) 142.54.168.144 - 142.54.168.151
|
||||
|
||||
|
||||
|
||||
#
|
||||
# ARIN WHOIS data and services are subject to the Terms of Use
|
||||
# available at: https://www.arin.net/whois_tou.html
|
||||
#
|
||||
|
||||
Example Pwhois Output:
|
||||
----------------------
|
||||
[whois.pwhois.org]
|
||||
IP: 142.54.168.146
|
||||
Origin-AS: 33387
|
||||
Prefix: 142.54.160.0/19
|
||||
AS-Path: 1239 174 32097 33387
|
||||
AS-Org-Name: DataShack, LC
|
||||
Org-Name: MMO Solution
|
||||
Net-Name: DS-168-146-150
|
||||
Cache-Date: 1383626547
|
||||
Latitude: 39.147840
|
||||
Longitude: -94.568880
|
||||
City: KANSAS CITY
|
||||
Region: MISSOURI
|
||||
Country: UNITED STATES
|
||||
Country-Code: US
|
||||
AS-Org-Name-Source: ARIN
|
||||
Org-Name-Source: ARIN
|
||||
Net-Name-Source: ARIN
|
||||
Route-Create-Date: Aug 22 2012 00:01:25
|
||||
Route-Modify-Date: Nov 05 2013 00:01:21
|
||||
Next-Hop: 144.228.241.130
|
||||
Net-Range: 142.54.168.144 - 142.54.168.151
|
||||
Net-Type: reassignment
|
||||
Net-Register-Date: 2013-10-21
|
||||
Net-Update-Date: 2013-10-21
|
||||
Net-Create-Date: Sep 19 2013 01:51:07
|
||||
Net-Modify-Date: Nov 05 2013 01:53:22
|
||||
Org-Record: 0
|
||||
Org-ID: C04738597
|
||||
Org-Name: MMO Solution
|
||||
Can-Allocate: 0
|
||||
Street-1: 201 E. 16th st
|
||||
City: North Kansas City
|
||||
State: MO
|
||||
Postal-Code: 64116
|
||||
Country: US
|
||||
Register-Date: 2013-10-21
|
||||
Update-Date: 2013-10-21
|
||||
Create-Date: Oct 23 2013 01:52:34
|
||||
Modify-Date: Nov 05 2013 01:53:22
|
||||
|
||||
|
||||
Loading…
Reference in New Issue