Last active
May 30, 2018 08:37
-
-
Save oskar456/fe5ad8662b9b7a7e149f8d44b4fb3072 to your computer and use it in GitHub Desktop.
Analyse the uceprotect.net DNS poisoning using RIPE atlas
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import requests | |
from ripe.atlas.sagan import DnsResult | |
meas_id = 6917800 | |
source = "https://atlas.ripe.net/api/v1/measurement-latest/{}/".format(meas_id) | |
response = requests.get(source).json() | |
out = [] | |
for probe_id, result in response.items(): | |
result = result[0] | |
parsed = DnsResult(result) | |
if len(parsed.responses) > 0 and parsed.responses[0].abuf \ | |
and len(parsed.responses[0].abuf.answers)>0: | |
answer = parsed.responses[0].abuf.answers[0] | |
ip = answer.address | |
ttl = answer.ttl | |
out.append((probe_id, ip, ttl)) | |
for r in sorted(out, key=lambda x: x[1], reverse=True): | |
print(r) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import requests | |
from ripe.atlas.sagan import DnsResult | |
meas_id = 6919176 | |
source = "https://atlas.ripe.net/api/v2/measurements/{}/results?format=json".format(meas_id) | |
response = requests.get(source).json() | |
out = [] | |
fixed_probes = set() | |
for result in response: | |
parsed = DnsResult(result) | |
if len(parsed.responses) > 0 and parsed.responses[0].abuf \ | |
and len(parsed.responses[0].abuf.answers)>0: | |
answer = parsed.responses[0].abuf.answers[0] | |
ip = answer.address | |
ttl = answer.ttl | |
out.append((parsed.probe_id, parsed.created, ip, ttl)) | |
if ip == "217.23.49.178" and parsed.probe_id not in fixed_probes: | |
fixed_probes.add(parsed.probe_id) | |
print("Probe {} fixed on {:%Y-%m-%d %H:%M:%S}".format(parsed.probe_id, parsed.created)) | |
for prb, d, ip, ttl in sorted(out): | |
if prb in fixed_probes: | |
continue | |
print("{}\t{:%Y-%m-%d %H:%M:%S}\t{}\t{}".format(prb, d, ip, ttl)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment