Check validity of PTR records for each hop

traceroute-circl now checks if the PTR record got the same IP address than the requested one. To find any suspicious differences between the PTR/A records set.
CIRCL · Feb 7, 2011 · a08f8ae · a08f8ae
1 parent 7dee0dc
commit a08f8ae
Showing 1 changed file with 33 additions and 1 deletion.
diff --git a/bin/traceroute-circl b/bin/traceroute-circl
@@ -21,6 +21,7 @@
 use strict;
 use utf8;
 
+use Socket;
 use Getopt::Compact;
 
 use Net::Whois::RIS;
@@ -105,12 +106,21 @@ while (<TRACEROUTE>) {
         my $abuse = join( ' ', Net::Abuse::Utils::get_ipwi_contacts($tip) );
         $r .= "  Abuse contact:" . $abuse . "\n";
         $ris->getIPInfo($tip);
+        my $ptr  = GetPTR($tip);
+        my $ra   = GetA($ptr);
+        my $raok = "WRONG";
+        if ( !defined($ra) )  { $raok = "No A record for PTR"; }
+        if ( $ra == $tip )    { $raok = "OK"; }
+        if ( !defined($ptr) ) { $raok = "N/A"; }
         $r .=
             "  ASN (RIS):"
           . $ris->getOrigin() . " "
           . $ris->getDescr()
           . " ASN INFO:"
-          . join( ' ', Net::Abuse::Utils::get_asn_info($tip) );
+          . join( ' ', Net::Abuse::Utils::get_asn_info($tip) ) . " PTR:"
+          . $ptr . " ("
+          . $ra . "-"
+          . $raok . ")";
 
         if ( defined( $opts->{rbl} ) ) {
             $r .= " RBL:"
@@ -143,6 +153,28 @@ if ( defined( $opts->{geomap} ) ) {
 
 close(TRACEROUTE);
 
+sub GetPTR {
+    my $ip  = shift;
+    my $iip = inet_aton($ip);
+    if ( length($iip) > 1 ) {
+        return gethostbyaddr( $iip, AF_INET );
+    }
+    else {
+        return undef;
+    }
+}
+
+sub GetA {
+    my $name = shift;
+    my $iip  = gethostbyname($name);
+    if ( length($iip) > 1 ) {
+        return inet_ntoa($iip);
+    }
+    else {
+        return undef;
+    }
+}
+
 sub GetCountryLatLng {
 
     my $country = shift;