Re: [GLLUG] Finding IP ranges (similar to dig)??

Benjamin Cathey benjamincathey at catheycompany.com
Mon Nov 5 08:49:04 EST 2007 

Actually that is how I had it setup up before - with a transparent proxy and Dansguardian with ClamAV setup (a smoothie)

However, after I reloaded it a few months back, I didn't bother setting any of that up anymore.  I got tired of the bitching and no action from the employees.  People don't understand that reactive firewalls with content filtration need to be HONED in.  When you explain it they just roll their eyes and don't tell you about the sites they need access to which they can't get (for work that is) - they sure as hell tell you when their AOL mail doesn't work though.  Otherwise they just sit in their offices and do nothing and complain about you to everyone else.

Am I too bitter?  I just hate petty BS.  Regardless, I know it can be setup that way, that is what I had originally.  At this point I am just using simple IP table rules with Snort and Guardian for the reactive firewall - also Dshield daily updates and I make sure our system automails our logs to help the community.

Wow - anyway, just had a fight with my wife on the way to work and the day is crappy already - sorry to take it out here

I should probably just keep my mouth shut 


Benjamin Cathey
System Administrator
Cathey Company
4917 Tranter St.
Lansing, MI 48910 USA
Phone:     517.393.4720
Fax:       517.393.4225
Toll Free: 800.333.1972
"Service is Our Profession"


----- Original Message -----
From: Richard Houser
[mailto:rick at divinesymphony.net]
To: Benjamin Cathey
[mailto:benjamincathey at catheycompany.com]
Cc: linux-user at egr.msu.edu
Sent:
Wed, 31 Oct 2007 20:24:53 -0400
Subject: Re: [GLLUG] Finding IP ranges
(similar to dig)??


>->> -----BEGIN PGP SIGNED MESSAGE-----
>->> Hash: SHA1
>->> 
>->> Benjamin Cathey wrote:
>->> > Is there a tool to allow you to find ALL variations of IPs for a certain
>->> domain?  For instance, lcc.edu, angel.lcc.edu and starport.lcc.edu - all
>->> different IPs.  Is there a way (online or with a tool) to get all variations
>->> on the www that they use and all the IPs associated with it?  
>->> > 
>->> > The reason I ask I have a locked down public terminal (using the a
>->> firewall box (running smoothwall 2.0) and I need to open it up so people can
>->> check their grades, etc.  I know of those 3 ips but there MUST be others as
>->> well.
>->> 
>->> 
>->> I think the bigger question is WHY?  If you are trying to allow web
>->> traffic, just handle it at the application layer with a transparent http
>->> proxy.  At that point, you can just allow any access to the domain in
>->> question regardless of the IP.  If this is outside of ftp or http and
>->> the protocol in question doesn't support domain names, things can get
>->> more difficult, but you could still find a way to trap new outgoing DNS
>->> requests and dynamically unblock anything returned for lcc.edu.
>->> -----BEGIN PGP SIGNATURE-----
>->> Version: GnuPG v1.4.7 (GNU/Linux)
>->> Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
>->> 
>->> iD8DBQFHKRzTUMkt1ZRwL1MRAunnAJ9kQV+wVyXnDwcpsSoD3Vn2MGuhcQCfbK5S
>->> 7tcElGS3ZAH54IAFThww7pg=
>->> =DPzG
>->> -----END PGP SIGNATURE-----
>->> 

**********************
**  LEGAL DISCLAIMER   **
**********************

This E-mail message and any attachments may contain legally privileged, confidential or proprietary information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this E-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this E-mail message from your computer.

More information about the linux-user mailing list