Add External Lookups to Diagnostics: DNS Lookup


  • Moderator

    When using Snort/Suricata, you can click on the ICON to "Resolve host via Reverse DNS Lookup". The existing setup only alllows a lookup with DNSStuff. The Icon is also available in the Firewall Logs.

    You can edit the code to allow additional lookups. The example below will allow you to lookup :

    SRI's BOTHunter  and  Sucuri SITECHECK

    I would like to be able to add VirusTotal Lookup also but that is a little more involved.

    You will need to edit the following file  vi /usr/local/www/diag_dns.php

    Please backup the file before editing.

    
                                    [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>)
    
                                    [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>)
    
                                    [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
    
                                    [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
    
    

    If you have any other type of Intelligence Lookup that could be added, please post a reply.

    Maybe one of the Developers could add functionality to allow modification of the Web Links via a GUI setting? As these are all Free Use Tools, I don't believe that there is any issue in using the links.


  • Moderator

    Added a few other useful links -

    DShield
    Quttera
    MY WOT

    Managed to get VirusTotal Infomation page to work. Not the full report but its a start -

    
                                    [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>)
    
                                    [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>)
    
                                    [](http://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>)
    
                                    [](https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>)
    
                                    [](http://quttera.com/sitescan/<?php echo $ipaddr; ?>)
    
                                    [](https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information)
    
                                    [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
    
                                    [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
    
    

  • Moderator

    If you have I-Block lists in pfBlocker, you can lookup I-Block list from the DNS Lookup page with the following entry:

    [](https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>)
    
    

  • Moderator

    I have added some links to check for DNSRBL reputation -

    SPAMHAUS
      SPAMcop
      Multirbl.Valli.org
      MXToolbox

    If anyone uses any other references, please post.

                                    [](/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3) 
    
                                    [](/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18)
    
                                    [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
    
                                    [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)<
    br/>
    
                                    [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>)
    
                                    [a>](https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information) [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>)
    
                                    [](http://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>)
    
                                    [](https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>)<br<br>/>
                                    [](http://quttera.com/sitescan/<?php echo $ipaddr; ?>)
    
                                    [](https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>)</br<br> 
    
                                    [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>)
    
                                    [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)<
    br/>
                                    [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html)
    
                                    [ox");?>](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
    
    

  • Moderator

    The following Lookups would benefit anyone with a Local Mail Server.

    Mail Server DNSRBL Lookups

    SenderScore
    Spamhaus Blocklist
    SPAMcop Blocklist
    multirbl RBL Lookup
    MXToolbox

    
                     [](https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go)
    
                     [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>)
    
                     [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)
    
                     [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html)
    
                     [](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
    
    

Log in to reply