Add External Lookups to Diagnostics: DNS Lookup
-
When using Snort/Suricata, you can click on the ICON to "Resolve host via Reverse DNS Lookup". The existing setup only alllows a lookup with DNSStuff. The Icon is also available in the Firewall Logs.
You can edit the code to allow additional lookups. The example below will allow you to lookup :
SRI's BOTHunter and Sucuri SITECHECK
I would like to be able to add VirusTotal Lookup also but that is a little more involved.
You will need to edit the following file vi /usr/local/www/diag_dns.php
Please backup the file before editing.
[](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>) [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>) [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>) [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
If you have any other type of Intelligence Lookup that could be added, please post a reply.
Maybe one of the Developers could add functionality to allow modification of the Web Links via a GUI setting? As these are all Free Use Tools, I don't believe that there is any issue in using the links.
-
Added a few other useful links -
DShield
Quttera
MY WOTManaged to get VirusTotal Infomation page to work. Not the full report but its a start -
[](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>) [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>) [](http://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>) [](https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>) [](http://quttera.com/sitescan/<?php echo $ipaddr; ?>) [](https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information) [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>) [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)
-
If you have I-Block lists in pfBlocker, you can lookup I-Block list from the DNS Lookup page with the following entry:
[](https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>)
-
I have added some links to check for DNSRBL reputation -
SPAMHAUS
SPAMcop
Multirbl.Valli.org
MXToolboxIf anyone uses any other references, please post.
[](/diag_ping.php?host=<?=htmlspecialchars($host)?>&interface=wan&count=3) [](/diag_traceroute.php?host=<?=htmlspecialchars($host)?>&ttl=18) [](http://private.dnsstuff.com/tools/whois.ch?ip=<?php echo $ipaddr; ?>) [](http://private.dnsstuff.com/tools/ipall.ch?ip=<?php echo $ipaddr; ?>)< br/> [](http://kb.bothunter.net/ipInfo/nowait.php?IP=<?php echo $ipaddr; ?>) [a>](https://www.virustotal.com/en/ip-address/<?php echo $ipaddr; ?>/information) [](http://sitecheck2.sucuri.net/results/<?php echo $ipaddr; ?>) [](http://www.dshield.org/ipinfo.html?IP=<?php echo $ipaddr; ?>) [](https://www.mywot.com/en/scorecard/<?php echo $ipaddr; ?>)<br<br>/> [](http://quttera.com/sitescan/<?php echo $ipaddr; ?>) [](https://www.iblocklist.com/search.php?string=<?php echo $ipaddr; ?>)</br<br> [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>) [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)< br/> [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html) [ox");?>](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
-
The following Lookups would benefit anyone with a Local Mail Server.
Mail Server DNSRBL Lookups
SenderScore
Spamhaus Blocklist
SPAMcop Blocklist
multirbl RBL Lookup
MXToolbox[](https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go) [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>) [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>) [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html) [](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)