Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
Certain of the following commands find use in network data transfer and analysis, as well as in chasing spammers.
Information and Statistics
host
Searches for information about an Internet host by name or IP address, using DNS.
bash$ host surfacemail.com surfacemail.com. has address 202.92.42.236
ipcalc
Displays IP information for a host. With the -h option, ipcalc does a reverse DNS lookup, finding the name of the host (server) from the IP address.
bash$ ipcalc -h 202.92.42.236 HOSTNAME=surfacemail.com
nslookup
Do an Internet "name server lookup" on a host by IP address. This is essentially equivalent to ipcalc -h or dig -x . The command may be run either interactively or noninteractively, i.e., from within a sc ript.
The nslookup command has allegedly been "deprecated," but it is still useful.
bash$ nslookup -sil 66.97.104.180 nslookup kuhleersparnis.ch Server: 135.116.137.2 Address: 135.116.137.2#53 Non-authoritative answer: Name: kuhleersparnis.ch
dig
Domain Information Groper. Similar to nslookup, dig does an Internet name server lookup on a host. May be run from the command-line or from within a script.
Some interesting options to dig are +time=N for setting a query timeout to N seconds, +nofail for continuing to query servers until a reply is received, and -x for doing a reverse address lookup.
Compare the output of dig -x with ipcalc -h and nslookup.
bash$ dig -x 81.9.6.2 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11649 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.6.9.81.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 6.9.81.in-addr.arpa. 3600 IN SOA ns.eltel.net. noc.eltel.net. 2002031705 900 600 86400 3600 ;; Query time: 537 msec ;; SERVER: 135.116.137.2#53(135.116.137.2) ;; WHEN: Wed Jun 26 08:35:24 2002 ;; MSG SIZE rcvd: 91
Example 16-40. Finding out where to report a spammer
#!/bin/bash # spam-lookup.sh: Look up abuse contact to report a spammer. # Thanks, Michael Zick. # Check for command-line arg. ARGCOUNT=1 E_WRONGARGS=85 if [ $# -ne "$ARGCOUNT" ] then echo "Usage: `basename $0` domain-name" exit $E_WRONGARGS fi dig +short $1.contacts.abuse.net -c in -t txt # Also try: # dig +nssearch $1 # Tries to find "authoritative name servers" and display SOA records. # The following also works: # whois -h whois.abuse.net $1 # ^^ ^^^^^^^^^^^^^^^ Specify host. # Can even lookup multiple spammers with this, i.e." # whois -h whois.abuse.net $spamdomain1 $spamdomain2 . . . # Exercise: # -------- # Expand the functionality of this script #+ so that it automatically e-mails a notification #+ to the responsible ISP's contact address(es). # Hint: use the "mail" command. exit $? # spam-lookup.sh chinatietong.com # A known spam domain. # "[email protected]" # "[email protected]" # "[email protected]" # For a more elaborate version of this script, #+ see the SpamViz home page, http://www.spamviz.net/index.html.
Example 16-41. Analyzing a spam domain
#! /bin/bash # is-spammer.sh: Identifying spam domains # $Id: is-spammer, v 1.4 2004/09/01 19:37:52 mszick Exp $ # Above line is RCS ID info. # # This is a simplified version of the "is_spammer.bash #+ script in the Contributed Scripts appendix. # is-spammer <domain.name> # Uses an external program: 'dig' # Tested with version: 9.2.4rc5 # Uses functions. # Uses IFS to parse strings by assignment into arrays. # And even does something useful: checks e-mail blacklists. # Use the domain.name(s) from the text body: # http://www.good_stuff.spammer.biz/just_ignore_everything_else # ^^^^^^^^^^^ # Or the domain.name(s) from any e-mail address: # [email protected] # # as the only argument to this script. #(PS: have your Inet connection running) # # So, to invoke this script in the above two instances: # is-spammer.sh spammer.biz # Whitespace == :Space:Tab:Line Feed:Carriage Return: WSP_IFS=$'\x20'$'\x09'$'\x0A'$'\x0D' # No Whitespace == Line Feed:Carriage Return No_WSP=$'\x0A'$'\x0D' # Field separator for dotted decimal ip addresses ADR_IFS=${No_WSP}'.' # Get the dns text resource record. # get_txt <error_code> <list_query> get_txt() { # Parse $1 by assignment at the dots. local -a dns IFS=$ADR_IFS dns=( $1 ) IFS=$WSP_IFS if [ "${dns[0]}" == '127' ] then # See if there is a reason. echo $(dig +short $2 -t txt) fi } # Get the dns address resource record. # chk_adr <rev_dns> <list_server> chk_adr() { local reply local server local reason server=${1}${2} reply=$( dig +short ${server} ) # If reply might be an error code . . . if [ ${#reply} -gt 6 ] then reason=$(get_txt ${reply} ${server} ) reason=${reason:-${reply}} fi echo ${reason:-' not blacklisted.'} } # Need to get the IP address from the name. echo 'Get address of: '$1 ip_adr=$(dig +short $1) dns_reply=${ip_adr:-' no answer '} echo ' Found address: '${dns_reply} # A valid reply is at least 4 digits plus 3 dots. if [ ${#ip_adr} -gt 6 ] then echo declare query # Parse by assignment at the dots. declare -a dns IFS=$ADR_IFS dns=( ${ip_adr} ) IFS=$WSP_IFS # Reorder octets into dns query order. rev_dns="${dns[3]}"'.'"${dns[2]}"'.'"${dns[1]}"'.'"${dns[0]}"'.' # See: http://www.spamhaus.org (Conservative, well maintained) echo -n 'spamhaus.org says: ' echo $(chk_adr ${rev_dns} 'sbl-xbl.spamhaus.org') # See: http://ordb.org (Open mail relays) echo -n ' ordb.org says: ' echo $(chk_adr ${rev_dns} 'relays.ordb.org') # See: http://www.spamcop.net/ (You can report spammers here) echo -n ' spamcop.net says: ' echo $(chk_adr ${rev_dns} 'bl.spamcop.net') # # # other blacklist operations # # # # See: http://cbl.abuseat.org. echo -n ' abuseat.org says: ' echo $(chk_adr ${rev_dns} 'cbl.abuseat.org') # See: http://dsbl.org/usage (Various mail relays) echo echo 'Distributed Server Listings' echo -n ' list.dsbl.org says: ' echo $(chk_adr ${rev_dns} 'list.dsbl.org') echo -n ' multihop.dsbl.org says: ' echo $(chk_adr ${rev_dns} 'multihop.dsbl.org') echo -n 'unconfirmed.dsbl.org says: ' echo $(chk_adr ${rev_dns} 'unconfirmed.dsbl.org') else echo echo 'Could not use that address.' fi exit 0 # Exercises: # -------- # 1) Check arguments to script, # and exit with appropriate error message if necessary. # 2) Check if on-line at invocation of script, # and exit with appropriate error message if necessary. # 3) Substitute generic variables for "hard-coded" BHL domains. # 4) Set a time-out for the script using the "+time=" option to the 'dig' command.
For a much more elaborate version of the above script, see Example A-28.
About AquaClusters Privacy Policy Support Version - 19.0.2-4 AquaFold, Inc Copyright © 2007-2017