martedì, Marzo 19, 2024

Spamhaus Drop List Alerter

Gianluca Lini
Gianluca Linihttp://www.gianlucalini.it
Technology Enthusiast. I'm a System Engineer and sometimes an independent Security Researcher. IEEE member.

Questo script in Python scarica la DROP (Don’t Route Our Peer) list di SpamHaus e invia una mail con le modifiche da effetture nella forma:

ip route xxxx xxxx null0
no ip route xxxx xxxx null0

pronte per essere inserite in un router, magari un Black Hole Trigger router.

import urllib
import os
import re
import smtplib
class DROP:
global netmask
netmask = {"/0" : "0.0.0.0","/1" : "128.0.0.0","/2" : "192.0.0.0","/3" : "224.0.0.0","/4" : "240.0.0.0","/5" : "248.0.0.0","/6" : 
"252.0.0.0","/7" : "254.0.0.0","/8" : "255.0.0.0","/9" : "255.128.0.0","/10" : "255.192.0.0","/11" : "255.224.0.0","/12" : 
"255.240.0.0","/13" : "255.248.0.0","/14" : "255.252.0.0","/15" : "255.254.0.0","/16" : "255.255.0.0","/17" : 
"255.255.128.0","/18" : "255.255.192.0","/19" : "255.255.224.0","/20" : "255.255.240.0","/21" : "255.255.248.0","/22" :
 "255.255.252.0","/23" : "255.255.254.0","/24" : "255.255.255.0","/25" : "255.255.255.128","/26" : "255.255.255.192","/27" :
 "255.255.255.224","/28" : "255.255.255.240","/29" : "255.255.255.248","/30" : "255.255.255.252","/31" : "255.255.255.254","/32" : 
"255.255.255.255"
}
def savefile(self, data):
dlist = open("droplist.new", "w")
dlist.write(data)
dlist.close()
return 1
def readfile(self,name):
list = open(name, "r")
file = list.read()
list.close()
return file
def download(self):
try:
sock = urllib.urlopen("http://www.spamhaus.org/drop/drop.lasso")
droplist = sock.read()
sock.close()
self.savefile(droplist)
return 1
except:
return 0
def savebckup(self, data):
dlist = open("droplist.bkp", "w")
dlist.write(data)
dlist.close()
return 1
def prepare(self, data):
matcher = re.compile('\d+\.\d+\.\d+\.\d+.\d+')
matched = matcher.findall(data)
#print matched
return matched
def route2insert(self, newlist,oldlist):
com = filter( lambda x: x in oldlist, newlist)
return filter( lambda x: x not in com, newlist)
def route2delete(self, newlist,oldlist):
com = filter( lambda x: x in oldlist, newlist)
return filter( lambda x: x not in com, oldlist)
def sendmail(self, to, msg):
fromaddr = "sdaa@somewhere"
toaddrs = to
subject = "SpamHaus DropList Automated Alert"
headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
message = headers + msg
server = smtplib.SMTP('smtp.somewhere')
#debug level
#server.set_debuglevel(1)
server.sendmail(fromaddr, toaddrs, message)
server.quit()
def sendmailauth(self, to, msg, login, passwd):
fromaddr = "sdaa@somewhere"
toaddrs = to
subject = "SpamHaus DropList Automated Alert"
headers = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n" % (fromaddr, toaddrs, subject)
message = headers + msg
server = smtplib.SMTP('smtp.somewhere')
#debug level
#server.set_debuglevel(1)
server.login(login,passwd)
server.sendmail(fromaddr, toaddrs, message)
server.quit()
def rotteadd(self, data):
strrotte = ""
for i in data:
matcher = re.compile('\/\d+')
matched = matcher.search(i)
nmask = netmask[matched.group()]
matcher = re.compile('\d+\.\d+\.\d+\.\d+')
matched = matcher.search(i)
strrotte += "ip route " + matched.group() + " " + nmask + " Null0\n"
return strrotte
def rottedel(self, data):
strrotte = ""
for i in data:
matcher = re.compile('\/\d+')
matched = matcher.search(i)
nmask = netmask[matched.group()]
matcher = re.compile('\d+\.\d+\.\d+\.\d+')
matched = matcher.search(i)
strrotte += "no ip route " + matched.group() + " " + nmask + " Null0\n"
return strrotte
null0 = DROP()
null0.download()
if not os.path.isfile('droplist.bkp'):
null0.savebckup("")
newlist = null0.prepare(null0.readfile('droplist.new'))
oldlist = null0.prepare(null0.readfile('droplist.bkp'))
r2in = null0.route2insert(newlist,oldlist)
r2del = null0.route2delete(newlist,oldlist)
mailbody = null0.rotteadd(r2in) + null0.rottedel(r2del)
print mailbody
if not mailbody:
mailbody = "Nessuna modifica alla lista"
null0.sendmail("someone@somewhere", mailbody)
else:
null0.sendmail("someone@somewhere", mailbody)
null0.savebckup(null0.readfile('droplist.new'))

Occorre solo cambiare il server smtp di riferimento, smtp.somewhere, con il vostro; l’indirizzo di destinazione someone@somewhere con quello da voi prescelto e l’indirizzo da cui vi arriva la mail sdaa@somewhere, in questo caso io ho utilizzato sdaa@mioprovider con sdda acronimo di spamhaus droplist automated alerter. La logica utilizzata per ricavare le rotte da inserire e da rimuovere è quella degli insiemi:
sdl_ins.jpg
utilizzando le funzioni filter e lambda di Python.
La parte in giallo nella figura rappresenta l’intersezione dei due insiemi e la ricaviamo in python con com = filter( lambda x: x in oldlist, newlist), qui l’ordine dei fattori nella funziane lambda non ha importanza. Per trovare le rotte da aggiungere uso return filter( lambda x: x not in com, newlist), operazione di sottrazione sugli insiemi newlist e com, qui l’ordine dei fattori è fondamentale!, in questo caso ritorniamo newlist – com. Scrivendo return filter( lambda x: x not in newlist, com) ritorneremmo com – newlist.
Vediamo un esempio:

C:\Python25>python
ActivePython 2.5.1.1 (ActiveState Software Inc.) based on
Python 2.5.1 (r251:54863, May 1 2007, 17:47:05) [MSC v.1310 32 bit (Intel)] on
win32
Type "help", "copyright", "credits" or "license" for more information.
>>> a=[1,2,3]
>>> b=[1,2,9]
>>> print filter( lambda x: x not in a,b )
[9]
>>> print filter( lambda x: x not in b,a )
[3]
>>> print filter( lambda x: x in b,a )
[1, 2]
>>> print filter( lambda x: x in a,b )
[1, 2]
>>>

Articoli correlati

Il caso “Medusa Ransomware”

I ransomware stanno diventando sempre più una minaccia di rilevanza importante, quasi da non far dormire sonni tranquilli ad aziende sia pubbliche che private,...

Digital Transformation


 

Noleggia una Tesla per il tuo evento ICT!

Categorie