Vous n'êtes pas identifié(e).

Top posteurs

Statistiques

Partenaires

  • eXolia Hosting
  • Eggdrop.fr

#1 10/03/2012 11:55:09

iZy
Nouveau IRCzien
Inscription : 27/08/2011
Messages : 17

(haskell) Exemple de DNSBL

Je poste ce petit code pour l'exemple, il s'agit d'un module HASKELL permettant d'effectuer une requête sur les listes noires DNS. Ce programme utilise celle du projet HoneyPot (initialement, c'était pour la détection de SMTP de spam, mais ça peut être utilisé pour la detection de différents types d'IP douteuses)

http://www.projecthoneypot.org/home.php

Code: Haskell
module HTTP.BL (check,Answer) where
 
import Network.BSD
import Control.Monad
import Data.Word
import Data.List
import System.Exit
 
{---------------------------------------------------------
          DNSBL example - iZy [#TeH PariaH]
 
DNSBL request for IP Source analysis.
  You just have to specify your user API Key (registration needed) and the blacklist you want to use
  (e.g. dnsbl.httpbl.org) 
 
  usage : check "127.0.0.1"
          check "127.1.1.7" 
-----------------------------------------------------------}
 
-- Conf.
user_key = "xxxxxxxxxxxxxxx" -- Set your API Key
user_domain = "dnsbl.httpbl.org"
 
 
data DNSBlacklist = DNSBlacklist { key :: String,
                                  domain :: String }
 
data ThreatType = SearchEngine | Suspicious | Harvester | CommentSpammer
                deriving Show
data Answer = Answer {lastActivity :: Word32,
                      threatScore :: Word32,
                      threatType :: [ThreatType]}
instance Show Answer where
  show (Answer x y z) = "Last activity was " ++ show x ++ ".\n" ++ "." ++
                        "Threat score is " ++ show y  ++ ".\n" ++ "." ++
                        "Threat type is " ++ unsplit " and " (map show z) ++ "."
split pred [] = []
split pred str = [raw] ++ if null reste then [] else (split pred (tail reste))
    where (raw,reste) = span pred str
 
unsplit val [] = []
unsplit val (x:xs) = x ++ foldl (\acc el -> acc ++ val ++ el) [] xs
 
 
initBL = DNSBlacklist user_key user_domain
 
mkquery ip dnsbl = key dnsbl ++ "." ++ reversedIP ++ "." ++ domain dnsbl
    where reversedIP = unsplit "." (reverse ip) 
mkquery _ _ = error "Please write the IP addresse properly (e.g. [xxx,xxx,xxx,xxx])."
 
 
-- Basical DNS lookup
getIPAddrFromName name = do
  putStrLn $ "Requesting " ++ name ++ "..."
  x <- getAddrAsWords name
  let (a1,r1) = x `divMod` 256
      (a2,r2) = a1 `divMod` 256
      (a3,r3) = a2 `divMod` 256
      (a4,r4) = a3 `divMod` 256
  putStrLn $ show [r1,r2,r3,r4]
  return (r1,r2,r3,r4)
  where getAddrAsWords fname = liftM hostAddress $ getHostByName fname
 
 
answerAnalysis ans = case ans of 
  (127,x,y,z) -> Answer x y (getThreatType z)
  otherwise -> error "Invalid answer : maybe the IP address isn't properly formatted."
  where getThreatType x = case x of
          0 -> [SearchEngine]
          1 -> [Suspicious]
          2 -> [Harvester]
          3 -> [Suspicious, Harvester]
          4 -> [CommentSpammer]
          5 -> [Suspicious, CommentSpammer]
          6 -> [Harvester, CommentSpammer]
          7 -> [Suspicious, Harvester, CommentSpammer]
 
 
check ip = do
  x <- getIPAddrFromName (mkquery (split (/= '.') ip) initBL)  `catch` handle
  let ans = answerAnalysis x
  putStrLn $ show ans
  return ans
  where handle e = case e of
          isDoesNotExistErrorType -> putStrLn (ip ++ " is clean.") >> exitWith ExitSuccess
          otherwise -> ioError e

Cordialement,

iZy


i love mankind ; it's people i can't stand
[Charles M. Schulz]

Hors ligne

Pied de page des forums

475324 visites ( 151 aujourd'hui ) 6 visiteurs en ligne
Copyright © 2004 - 2013 IRCz