Checking for the IP reputation is not a new idea, however it is useful when one wants to know that an IP is safe for communication (email, vpn, etc…). Basically, all DNS Blacklists operate the same way.
Given an IP address format (a.b.c.d), one should send the DNS request following this format d.c.b.a.dns.blacklist.tld.
For instance, the IP address 185.130.5.207 and cbl.abuseat.org list result in: 207.5.130.185.cbl.abuseat.org
Using Net::DNS::Simple:
use Net::DNS::Simple; # original IP: 185.130.5.207 my $res = Net::DNS::Simple->new("207.5.130.185.cbl.abuseat.org", "A"); if ( ($res->get_rcode() eq "NOERROR") && ($res->get_ancount() >= 1) ) { foreach my $line ( $res->get_answer_section() ) { #sometimes an IP is listed with 127.0.0.[1-5] if ( $line =~ /127/ ) { print "Found IP: " , $line , "\n"; exit 0; } } }
Another very easy solution is to use DIG:
dig +short 207.5.130.185.cbl.abuseat.org A
Be First to Comment