从 Nslookup 结果确定域基名称

从 Nslookup 结果确定域基名称

我正在尝试搜索连接到我的服务器的所有 IP 地址,并希望从nslookup结果中找到滥用的服务器。

nslookup 31.204.150.10 | grep "in-addr"

一些示例结果:

209.190.54.154          154.54.190.209.in-addr.arpa name = 9a.36.be.static.xlhost.com.
209.51.199.34           34.199.51.209.in-addr.arpa  name = 22.c7.33.static.xlhost.com.
209.51.197.234          234.197.51.209.in-addr.arpa name = ea.c5.33.static.xlhost.com.
31.204.150.10           10.150.204.31.in-addr.arpa  name = hosted-by-i3d.net.
209.51.197.218          218.197.51.209.in-addr.arpa name = da.c5.33.static.xlhost.com.
207.46.13.25            25.13.46.207.in-addr.arpa   name = msnbot-207-46-13-25.search.msn.com.
200.105.189.165         165.189.105.200.in-addr.arpa    name = static-200-105-189-165.acelerate.net.
198.62.109.139          139.109.62.198.in-addr.arpa name = jangan.sebok.share.
78.187.209.209          209.209.187.78.in-addr.arpa name = 78.187.209.209.static.ttnet.com.tr.
197.33.99.78            78.99.33.197.in-addr.arpa   name = host-197.33.99.78.tedata.net.
197.157.0.45            ** server can't find 45.0.157.197.in-addr.arpa.: NXDOMAIN
180.76.15.6             6.15.76.180.in-addr.arpa    name = baiduspider-180-76-15-6.crawl.baidu.com.
176.10.104.243          243.104.10.176.in-addr.arpa name = tor2e1.privacyfoundation.ch.
174.129.237.157         157.237.129.174.in-addr.arpa    name = ec2-174-129-237-157.compute-1.amazonaws.com.
174.102.192.129         129.192.102.174.in-addr.arpa    name = cpe-174-102-192-129.wi.res.rr.com.

举个例子,对于nslookup 97.33.99.78结果

97.33.99.78         78.99.33.197.in-addr.arpa   name = host-197.33.99.78.tedata.net.

我想提取tedata.net域名库。

但某些域库有 3 或 4 个组成部分:wi.res.rr.comstatic.ttnet.com.tr

另外,对于XLHOST,我不确定选择static.xlhost.comxlhost.com来搜索重复模式。

209.190.54.154          154.54.190.209.in-addr.arpa name = 9a.36.be.static.xlhost.com.
209.51.199.34           34.199.51.209.in-addr.arpa  name = 22.c7.33.static.xlhost.com.
209.51.197.234          234.197.51.209.in-addr.arpa name = ea.c5.33.static.xlhost.com.

您建议如何检测从特定服务器生成的滥用 IP?

答案1

您用于查找的 IP 地址对于阻止至关重要。主机名可以有(就您而言)任意名称,这些名称可能暗示地址,但就这些名称的含义而言,它们可能仅表示该主机上的某些内容当地的网络。

一个给定的服务器可能只是一个网关服务器,并且(相对)无辜。

相关内容