Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Add External Lookups to Diagnostics: DNS Lookup

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 1 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator
      last edited by

      When using Snort/Suricata, you can click on the ICON to "Resolve host via Reverse DNS Lookup". The existing setup only alllows a lookup with DNSStuff. The Icon is also available in the Firewall Logs.

      You can edit the code to allow additional lookups. The example below will allow you to lookup :

      SRI's BOTHunter  and  Sucuri SITECHECK

      I would like to be able to add VirusTotal Lookup also but that is a little more involved.

      You will need to edit the following file  vi /usr/local/www/diag_dns.php

      Please backup the file before editing.

      
                                      [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>)
      
                                      [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>)
      
                                      [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
      
                                      [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
      
      

      If you have any other type of Intelligence Lookup that could be added, please post a reply.

      Maybe one of the Developers could add functionality to allow modification of the Web Links via a GUI setting? As these are all Free Use Tools, I don't believe that there is any issue in using the links.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Added a few other useful links -

        DShield
        Quttera
        MY WOT

        Managed to get VirusTotal Infomation page to work. Not the full report but its a start -

        
                                        [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>)
        
                                        [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>)
        
                                        [](http://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>)
        
                                        [](https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>)
        
                                        [](http://quttera.com/sitescan/<?php echo $ipaddr; ?>)
        
                                        [](https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information)
        
                                        [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
        
                                        [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
        
        

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          If you have I-Block lists in pfBlocker, you can lookup I-Block list from the DNS Lookup page with the following entry:

          [](https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>)
          
          

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            I have added some links to check for DNSRBL reputation -

            SPAMHAUS
              SPAMcop
              Multirbl.Valli.org
              MXToolbox

            If anyone uses any other references, please post.

                                            [](/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3) 
            
                                            [](/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18)
            
                                            [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>)
            
                                            [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)<
            br/>
            
                                            [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>)
            
                                            [a>](https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information) [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>)
            
                                            [](http://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>)
            
                                            [](https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>)<br<br>/>
                                            [](http://quttera.com/sitescan/<?php echo $ipaddr; ?>)
            
                                            [](https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>)</br<br> 
            
                                            [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>)
            
                                            [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)<
            br/>
                                            [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html)
            
                                            [ox");?>](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
            
            

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              The following Lookups would benefit anyone with a Local Mail Server.

              Mail Server DNSRBL Lookups

              SenderScore
              Spamhaus Blocklist
              SPAMcop Blocklist
              multirbl RBL Lookup
              MXToolbox

              
                               [](https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go)
              
                               [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>)
              
                               [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)
              
                               [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html)
              
                               [](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
              
              

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.