[rescue] TCP Wrappers on Solaris question...
Geoffrey S. Mendelson
gsm at mendelson.com
Wed Feb 1 10:09:41 CST 2006
On Wed, Feb 01, 2006 at 10:58:32AM -0500, Phil Stracchino wrote:
> Since not everything uses TCPwrappers, I'd say this is a job for a firewall.
Lousy PERL script follows, set up for linux, but easily modified.
It could also be used to write /etc/hosts.deny too.
Geoff.
---------------------------------------------------------------------------
#!/usr/bin/perl
use Socket;
use Getopt::Std;
$test_mode = 0;
$opt_t = 0;
getopts('t');
if ($opt_t)
{
$test_mode = 1;
}
$in_list = 0;
$un_found = 0;
$total_networks_blocked = 0;
$SERVERS_LIST = `cat /etc/advertisers`;
$SERVER_LIST =~ tr /\r/\n/;
chomp $SERVERS_LIST;
@server_names = split('\n',$SERVERS_LIST);
foreach $domain (@server_names)
{
if (length($domain) == 0) {next;}
printf("\"%s\"\n",$domain);
$in_list++;
$ip_ok = 1;
if (substr($domain,0,1) eq "*")
{
$wild_card = 1;
$server = substr($domain,1);
}
else
{
$wild_card = 0;
$server = $domain;
}
@addresses = gethostbyname($server) or $ip_ok = 0;
if (!$ip_ok)
{
$server = "www." . $server;
$ip_ok = 1;
@addresses = gethostbyname($server) or $ip_ok = 0;
if (!$ip_ok)
{
printf("no ip address for \"%s\"\n",$server);
$un_found++;
next;
}
}
@addresses = map { inet_ntoa($_) } @addresses[4 .. $#addresses];
for ($n = 0; $n < @addresses; $n++)
{
$ip_address = @addresses[$n];
@ip_parts = split(/\./,$ip_address);
if ($wild_card)
{
$new_ip_address = @ip_parts[0] . "." . @ip_parts[1] . "." .
@ip_parts[2] . ".0/24";
}
else
{
$new_ip_address = $ip_address;
}
$command = "/sbin/iptables -A FORWARD -p tcp -s 0/0 -d ";
$command = $command . $new_ip_address . " -j REJECT";
$total_networks_blocked++;
printf("%s\n",$command);
if (!$test_mode) {system($command);}
}
}
printf ("Names in list %d, Names not found %d, Total blocked %d\n",
$in_list,$un_found,$total_networks_blocked);
---------------------------------------------------------------------------
Sample /etc/advertisers:
*008k.com
*1stblaze.com
*60pictures.com
*700k.com
*7days.ws
ads.ucomics.com
ads2.ucomics.com
*adserver.com
*advertising.com
*allbanners.ru
*auction.co.kr
*brilliantdigital.com
*chickenhost.com
*comclick.com
*daemond.com
*doubleclick.net
*falkag.net
*fastclick.net
*freexxxpages.net
*getweathercast.com
*hotbookmark.com
*hunteros.com
*israeli-celebrity-nudes.com
*mclain.wa.com
*mtree.com
*onlysex.ws
*opsex.com
*paypopup.com
*revenue.net
*searchcomplete.com
*searchv.com
*searchxp.com
*sexhits.org
*sexyteenclub.com
*targetnet.com
*telepolis.com
*tribalfusion.com
*urlstat.ru
*valuead.com
*vipru.com
*digicrime.com
*xboxlive.com
*xsex.ws
*yellow500.com
*young69.net
*young-hardcore.net
*qksrv.net
*paypopup.com
*revenue.net
*spotresults.com
a.as-us.falkag.net
a.tribalfusion.com
ads.ucomics.com
adserver.ign.com
adsremote.scripps.com
a1444.g.akamai.net
c4.maxserving.com
data.as-eu.falkag.net
focusin.ads.targetnet.com
itxt.vibrantmedia.com
media.fastclick.net
servedby.advertising.com
www.burstnet.com
www.paypopup.com
z1.adserver.com
banner.paypopup.com
c.casalemedia.com
isg09.casalemedia.com
isg08.casalemedia.com
isg07.casalemedia.com
isg06.casalemedia.com
isg05.casalemedia.com
isg04.casalemedia.com
isg03.casalemedia.com
isg02.casalemedia.com
isg01.casalemedia.com
---------------------------------------------------------------------------
--
Geoffrey S. Mendelson, Jerusalem, Israel gsm at mendelson.com N3OWJ/4X1GM
IL Voice: (07)-7424-1667 IL Fax: 972-2-648-1443 U.S. Voice: 1-215-821-1838
Visit my 'blog at http://geoffstechno.livejournal.com/
More information about the rescue
mailing list