This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Automatic IP -> abuse email address mapping
- Previous message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
- Next message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Erik Bais
erik at bais.name
Thu Jun 20 10:58:17 CEST 2013
Hi Olaf, I use the API from ISC SANS (http://isc.sans.edu/api ) to do some parsing for me if needed. cat send_abusemsg.sh #!/bin/sh for i in `cat uniq_IP_list` do abuse=`wget -O - http://isc.sans.edu/api/ip/"$i"?text | grep 'abusecontact' | cut -f2 -d'>' | tr -d ' '` cat template.txt | sed "s/%%ip%%/$i/" | sed "s/%%email%%/$abuse/" | sendmail -oi -t done the uniq_IP_list is a file that has the offending IP addresses. 1 IP per line. and the mail template that I use looks something like : cat template.txt | more To: %%email%% Cc: noc@<your mail domain here> From: abuse@<your mail domain here> Subject: IP Address %%ip%% involved in DDoS attack Dear abusedesk, Please take action on the following IP address: %%ip%% due to an DDoS on an IP in our network. </snip partial SFLOW log> The mentioned server with IP address: %%ip%% should be looked at directly as it is probably hacked or misconfigured to be abused. Regards, <your ISP NOC> Does that answer your question? Regards, Erik Bais From: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg-bounces at ripe.net] On Behalf Of Olaf van der Spek Sent: donderdag 20 juni 2013 10:08 To: anti-abuse-wg at ripe.net Subject: [anti-abuse-wg] Automatic IP -> abuse email address mapping Hi, I hope this is the right list for such a question. How does one map an IP address to an abuse email address in an automated way? I assume scripts exist, but I haven't found any. Does everyone roll their own? -- Olaf -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20130620/ac858cc4/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
- Next message (by thread): [anti-abuse-wg] Automatic IP -> abuse email address mapping
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]