> Does anyone have a script that takes a list of IP addresses, looks
> them up in whois, and mails the contact for them and tells them
> they're a smurf amp (with appropriate pointers to self-help files,
> etc)?
>
> If it can read sorted output from Cisco "sh ip cache flow", that'd be
> a bonus.No, but we'd be interested in this if you come across one. Ronald Guilmette's
ipw (www.e-scrub.com/ipw/) is the closest I've seen, and it's unreliable at
best.
The enclosed hack worked last time I tried it (but no garuntees).
Change occurances of OpNet/op.net to your own name.
--jeff
#!/usr/local/bin/perl
while( <> ){
chop;
$net = $_;
$email = lookup($net);
while( !$email ){
sleep 5;
$email = lookup($net);
}
print "$net <$email>\n";
email( $net, $email ) if $email;
sleep 2;
}
exit;
sub lookup {
my($net) = @_;
my($email, $coord, $netblock);
open(W, "whois -h whois.arin.net $net |");
$email = '';
$netblock = '';
$coord = 0;
while( <W> ){
chop;
if( $coord ){
$coord = 0;
($email) = /.*\)\s*(.*)/;
last;
}
$coord = 1 if /Coordinator/;
if( /NETBLK-/ ){
$netblock = $_;
$netblock =~ s/.*\(//;
$netblock =~ s/\).*//;
}
}
return $email if $email;
return lookup( $netblock ) if $netblock;
'';
}
sub email {
my($net, $email) = @_;
open(E, "|sendmail -t");
if( $email =~ /NOWHERE/ ){
print "**** NOWHERE ****\n";
return;
}
print E <<EOF