Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Test an IP-address against a IP-range
To test on address:
ip_in_range first_in_range last_in_range ip_to_check
To verify Received-headers:
ip_in_range < [email] first_in_range last_in_range
or
ip_in_range < [email] [range_list.txt]
where range_list.txt contains a list of IP-ranges, one per line
You can pipe-in an email-message to filter and name a text-file as only program-argument to ip_in_range. This text-file contains a simple list of IP-ranges, one per line, like:
192.168.0.1 192.168.0.255
Some Evil Exemplary Range: 192.168.2.100 192.168.2.168
192.200.12.20 192.200.12.100 I do no like this
(...)
Text outside the IP-addresses is ignored by ip_in_range and can be used to comment an entry.
Procmail can delegate tasks to external programs, either to react to a matching filter or to test a condition which depends on the exit code of a program. Such call of a program in the condition of a Procmail-filter is initiated with the ? flag. The recipe which tests if the Received-headers of a mail contain any IP-address from a range that you want to filter:
:0
* !FROM_DAEMON
* !FROM_MAILER
* !^X-Loop: my_mail@address
* 1^0 ? ip_in_range ~/.procmail/range_list.txt
/home/[path to my mail-folder]/refused/ip_refused
This way, all mail which matches the filter will be written to a mail-folder “ip_refused” in the sub-directory “refused” of my mail-folder.
ip_in_range writes to STDOUT some informative log-message, i.e. the positiv result of a test. You can thus know, which IP-address from a mail had been found in which IP-range. To make these messages appear in the procmail log-file, you can alter the condition in the above recipe to:
* 1^0 ? ip_in_range ~/.procmail/range_list.txt >> [logfile]
See the Procmail manual for more detailed explications.
If you can, you should make your Mail-Transfer-Agent (MTA) filter mail and only fetch the mail you want to read. If you do not know how to do this, then the filter described above can be an alternative. If you do not use software like Exim (sendmail), Postfix and the like be however aware of the limits of the Procmail-solutions.
Even better are server-side filters that you would not have to activate anew each time that you consult your mail-account.
Also, the author of IP_In_Range does not advocate filters against whole IP-ranges as an efficient way to fight SPAM.
IP_In_Range has been written in Ruby. As Ruby is an interpreted programming
language, the executable file and all those that it may refer to at one point
in time, are themselves the source-files of the current program-version. You
can open them in any text-editor to scrutinize the source-code. If you have
received the program as a Ruby-gem, you can also decompress a copy of the
gem-file with
tar -x, then tar -xzf.
License
IP_In_Range is distributed under the conditions of the WTF 2.0 or later version
of the license. See http://www.wtfpl.net/about/ for details.
Author
IP_In_Range has been developed by
Michael Uplawski michael.uplawski@uplawski.eu
Ω
FAQs
Unknown package
We found that ip_in_range demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.