in reply to Ideas solicited: Using Perl to sort through Toxic CIDR blocks

Regarding the Puppet output, I found a post about iptables and Puppet that might be helpful.

As to testing the blocks, when I tried to test the following code snippet, 

perl -MData::Dumper -MNet::Whois::IP -le '$Data::Dumper::Deepcopy = 1;
$Data::Dumper::Sortkeys = 1;
my ( $response, $array_of_responses ) 
  = whoisip_query( q{4.2.2.1}, 1, undef ); 
print Data::Dumper->Dump( 
    [ \$response, \$array_of_responses, ], 
    [ qw( *response *array_of_responses ) ] );'

[download]
the response I received was only links to the ARIN terms of service: 
$response = \{
        '# available at' => [
                'https://www.arin.net/whois_tou.html',
                'https://www.arin.net/whois_tou.html'
                            ]
              };
$array_of_responses = \undef;

[download]

Hope that helps, though.

Replies are listed 'Best First'.
Re^2: Ideas solicited: Using Perl to sort through Toxic CIDR blocks
by Anonymous Monk on May 31, 2014 at 03:22 UTC

    I suppose I should have guessed that ARIN would be useless. Heck, they're not even the only people passing out IPs. I suppose the real answer here is either "you blindly trust your spam service and follow their blacklist" or you don't.

    I don't really think things are quite that dire but it seems that all you can do is the "brute force" approach.

[reply]

      I did have two additional thoughts:

      • ARIN apparently has an API for accessing WHOIS data, which may be useful, and
      • Could you (and, would you want to) perhaps look up SPF records for domains your mail server contacts frequently and if present specifically "white-list" some of those in this system?

      Just thoughts, in case they might prove useful.

[reply]

In Section Seekers of Perl Wisdom