mirror of https://github.com/fail2ban/fail2ban
Moved README.pwhois to doc/
Robb Ballard
parent
05d08f662b
commit
c1c18b171c
|
|
@ -1,96 +0,0 @@
|
||||||
Fail2ban Prefix Whois Modifications
|
|
||||||
-----------------------------------
|
|
||||||
|
|
||||||
We (the Prefix Whois folks) have been using fail2ban to protect various
|
|
||||||
services, and over time we have found that whois doesn't always provide
|
|
||||||
useful information without additional digging (see examples below). The
|
|
||||||
modified action configuration files use whois.pwhois.org with the standard
|
|
||||||
whois client installed on your operating system. The changes also include
|
|
||||||
passing a parameter that indicates the query is coming from a fail2ban
|
|
||||||
installation, as well as the service being blocked. We plan on making a
|
|
||||||
blacklist with automatic age-outs built with this data available to the
|
|
||||||
community in the future.
|
|
||||||
|
|
||||||
Files:
|
|
||||||
------
|
|
||||||
action.d/complain-pwhois.conf
|
|
||||||
action.d/sendmail-pwhois-lines.conf
|
|
||||||
action.d/sendmail-pwhois.conf
|
|
||||||
|
|
||||||
|
|
||||||
Example Whois Output:
|
|
||||||
---------------------
|
|
||||||
[whois.arin.net]
|
|
||||||
|
|
||||||
#
|
|
||||||
# ARIN WHOIS data and services are subject to the Terms of Use
|
|
||||||
# available at: https://www.arin.net/whois_tou.html
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Query terms are ambiguous. The query is assumed to be:
|
|
||||||
# "n 142.54.168.146"
|
|
||||||
#
|
|
||||||
# Use "?" to get help.
|
|
||||||
#
|
|
||||||
|
|
||||||
#
|
|
||||||
# The following results may also be obtained via:
|
|
||||||
# http://whois.arin.net/rest/nets;q=142.54.168.146?showDetails=true&showARIN=false&ext=netref2
|
|
||||||
#
|
|
||||||
|
|
||||||
DataShack, LC DSV4-4 (NET-142-54-160-0-1) 142.54.160.0 - 142.54.191.255
|
|
||||||
MMO Solution DS-168-146-150 (NET-142-54-168-144-1) 142.54.168.144 - 142.54.168.151
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# ARIN WHOIS data and services are subject to the Terms of Use
|
|
||||||
# available at: https://www.arin.net/whois_tou.html
|
|
||||||
#
|
|
||||||
|
|
||||||
Example Pwhois Output:
|
|
||||||
----------------------
|
|
||||||
[whois.pwhois.org]
|
|
||||||
IP: 142.54.168.146
|
|
||||||
Origin-AS: 33387
|
|
||||||
Prefix: 142.54.160.0/19
|
|
||||||
AS-Path: 1239 174 32097 33387
|
|
||||||
AS-Org-Name: DataShack, LC
|
|
||||||
Org-Name: MMO Solution
|
|
||||||
Net-Name: DS-168-146-150
|
|
||||||
Cache-Date: 1383626547
|
|
||||||
Latitude: 39.147840
|
|
||||||
Longitude: -94.568880
|
|
||||||
City: KANSAS CITY
|
|
||||||
Region: MISSOURI
|
|
||||||
Country: UNITED STATES
|
|
||||||
Country-Code: US
|
|
||||||
AS-Org-Name-Source: ARIN
|
|
||||||
Org-Name-Source: ARIN
|
|
||||||
Net-Name-Source: ARIN
|
|
||||||
Route-Create-Date: Aug 22 2012 00:01:25
|
|
||||||
Route-Modify-Date: Nov 05 2013 00:01:21
|
|
||||||
Next-Hop: 144.228.241.130
|
|
||||||
Net-Range: 142.54.168.144 - 142.54.168.151
|
|
||||||
Net-Type: reassignment
|
|
||||||
Net-Register-Date: 2013-10-21
|
|
||||||
Net-Update-Date: 2013-10-21
|
|
||||||
Net-Create-Date: Sep 19 2013 01:51:07
|
|
||||||
Net-Modify-Date: Nov 05 2013 01:53:22
|
|
||||||
Org-Record: 0
|
|
||||||
Org-ID: C04738597
|
|
||||||
Org-Name: MMO Solution
|
|
||||||
Can-Allocate: 0
|
|
||||||
Street-1: 201 E. 16th st
|
|
||||||
City: North Kansas City
|
|
||||||
State: MO
|
|
||||||
Postal-Code: 64116
|
|
||||||
Country: US
|
|
||||||
Register-Date: 2013-10-21
|
|
||||||
Update-Date: 2013-10-21
|
|
||||||
Create-Date: Oct 23 2013 01:52:34
|
|
||||||
Modify-Date: Nov 05 2013 01:53:22
|
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue