Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env ruby
- # Generate iptables command to drop malicious (injected) DNS responses from you-know-who servers.
- # nslookup www.twitter.com 8.8.8.8 # should works
- require 'ipaddr'
- iptables_template = "iptables -I INPUT -p udp -m udp --sport 53 -m u32 --u32" \
- "'0 & 0x0F000000 = 0x05000000 && 22 & 0xFFFF@16 = %s' -j DROP"
- malicious_ips = DATA.lines.select { |line| line =~ /^(\d+\.){3}\d+$/ }
- u32_values = malicious_ips.map { |ip| "0x%x" % IPAddr.new(ip).to_i }
- command = u32_values.each_slice(10).map { |u32s| iptables_template % (u32s * ',') }
- puts command
- __END__
- # Malicious IPs can be obtained from www.jiankongmf.com
- 159.106.121.75
- 203.98.7.65
- 243.185.187.39
- 37.61.54.158
- 46.82.174.68
- 59.24.3.173
- 78.16.49.15
- 8.7.198.45
- 93.46.8.89
- 202.106.1.2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement