If I remember I check DNS based RBL using a simple command:
host 12.34.56.170.bl.spamcop.com (This is a fake ip)
If the DNS returns 127.0.0.2, this host is blacklisted in Spamcop.
In Proofpoint case, the host to make this check should be: safe.dnsbl.prs.proofpoint.com
So it could be:
host 12.34.56.170.safe.dnsbl.prs.proofpoint.com
But I don't know why the proofpoint doesn't work in this way.
The difference is that the Proofpoint rbl is a paid service. You can't query it without a license.
If you are curious about a particular ip, you can look it up with this web tool:
https://support.proofpoint.com/rbl-lookup.cgi
Related
I don't really know what to write in the first parameter of getservbyname().
I read that if I give the name and protocol such as TCP I get a struct back with information to the server, but what should I write in there?
So, for example, getservbyname("www.google.com", "tcp")
This is wrong but what needs to be in the first parameter to get, for example, the port from Google or other websites or am I understanding this absolutely wrong?
getservbyname looks up service names from this list and gives you back port numbers. "http" is an example of a service name that you can look up in this table.
www.google.com is a host name, not a service name. gethostbyname looks up host names and gives you IPv4 addresses; to connect to Google's web server you need its address as well as the service's port number. Nowadays it is usually better to do both lookups at once, using getaddrinfo, which also seamlessly handles IPv6.
"www.google.com" is a hostname, not a service. getservbyname() is just a fancy way to read information from the /etc/services file on your local machine, so the first argument to the function might be something like "telnet" or "ftp". i.e. it is used to find out what port a particular service is expected to be running on, on your local machine.
If you want to get information about a hostname (e.g. its IP address), you can get that via a different API call like gethostbyname(), or (for a more modern/flexible implementation) getaddrinfo().
Is there a way(a C API?), using which I can get the hostname of a remote server. Something like gethostname() but having an IP address as an argument.
I know about getnameinfo() and getaddrinfo(), however I don't want the hostname used in the DNS server. I want the hostname which you get when you use the hostname command in linux. I have a feeling that it might be impossible to do without knowing the login credentials of that remote server but I'm not sure about it.
Although you can query DNS for hostnames, there's no standard protocol to ask a machine (an interface, really) what it calls itself (if it does even have a name for itself - that's not mandatory).
You'd need to implement and deploy a simple server program onto all the hosts you're interested in (it could be something as simple as adding a line to /etc/inetd.conf to run /bin/hostname if it's a Unix-like system), and a client library to access it.
I use getaddrinfo() to get IP Address corresponding to a server using a URL. It essentially sends DNS query to the DNS server. I want to be able to send that query from a particular outbound interface. Basically I have multiple interfaces through which DNS query could be sent out. Currently, getaddrinfo() doesn't have a way to dictate which interface it should use to send out the DNS query. Is the only option to change getaddrinfo() routine? Does anyone know of any other way to achieve this?
The fundamental issue with the question is that you seem to expect getaddrinfo to work with DNS only, and then to be able to fine-tune the specifics of that DNS lookup. However, that is not what it does - it will use all name-resolving facilities on the system, which typically means it will do a hosts file lookup, and whatever else is configured in nsswitch.conf, which is usually DNS. For some of these non-DNS lookups, a source address binding may not make any sense, so it's not part of the least-common-denominator interface.
If you know that for your specific purpose you will never need the response of a name lookup from anywhere other than DNS, then you can use a DNS-specific function instead, one that will enable you to do this kind of fine-tuning.
There are several examples of DNS C libraries listed at gethostbyname dual network interfaces, select which one to use
The interface chosen to access a given IP address is dictated by the routing tables.
Since you presumably have the IP of the DNS server, it will be accessed by whatever interface the routing table says to use for that IP address, regardless of which application sends the request.
You would need to modify the routing table to force traffic over a particular interface. If it's only the DNS server that should use a fixed interface, you would add a route for that specific IP to the routing table for the interface you want.
On Linux, you can modify the routing table via the ip route command line tool.
rfc 3484 details an algorithm of which source addr (i.e. interface) to use when none is specified, but this works I think only for ipv6...
see /etc/gai.conf
In C on linux, is there a canonical way to check that an IP address corresponds to localhost?
That is, I'm looking for a function is_localhost such that if my computer has an external IP of "1.2.3.4", then calling is_localhost on any of "localhost", "127.0.0.1" or "1.2.3.4" should return true, and any other IP will return false.
On a side note, how difficult is it to spoof this information - does checking that the host is localhost in this way guarantee that the request actually came from this computer?
For context, I'm writing a management interface for a server. I'd like to make the read-only management bits, like viewing a list of connections, available over the network, but for anything dangerous, like manually killing a connection, you should be doing it by running a script on the server itself.
Thanks!
I think you may be trying to solve your problem in the wrong way - If you want to restrict access to your remotely accessible application by checking if its the local host or not then checking the IP address would be a very bad way to do it. A PC can have any number of easily configurable network interfaces with IP addresses of your own choosing. So it would be very easy to work around.
You may want to look into adding some basic authentication or simply don't allow certain functions to be run remotely. There would be many ways to achieve this, but I think the scope of the question ends here with -- Don't rely on checking for the IP address. :)
I'm writing a port scanner in C and i want to detect what service is running on an open port and its version.I've already wrote the scanner code but now i have no idea about how to detect running service.
What can i do?
If you are determined to do it in your own code, you can connect to the port, see if you get any data on it, if nothing then send a few bytes, and check again.
Then match that against expected response.
to get an idea what you are looking for, you can connect manually to the port with telnet and poke at it. In many cases (a web server is an easy example) you must send some correctly formatted data in order to get a usable response.
nmap has done all this and much more (e.g. extensive checks such as looking for byte order and timing of arp traffic)
UPDATE: several people have mentioned well known ports, but that won't help you discover standard services running on nonstandard ports, such as ssh or http servers running on custom ports.
If server sends something first, use that to identify protocol.
If not, send something according to some protocol, such as http, and see what server sends back (valid response or error). You may need to make several attempts with different protocols, and a good order is important to minimize connection count.
Some protocols may be very hard to identify, and it is easy to make custom server with unique protocol you don't know about, or even hide real server under simple fake server of other proto such as http.
If you just want to know what the port usually is, check "well known ports" and official reserved ports.
Also check nmap source code.