Search ISC Passive DNS for IP ranges

[elhoim]

Search for IP ranges from an IP entity.

ie you have IP entity 127.0.0.1, have a transform that ask how wide you want to search (/16, /24, etc...) and then search rdata on ISC for domains pointing to that range.

Might necessitate to create an IP range entity.

I am a bit unsure of what would the most user-friendly to offer ranges to search. Listing all CIDRs? A fully customizable popup with a default value like 127.0.0.0/24 and then let the user change it if needed?

[digital4rensics]

I think the idea may be useful, but I think I'm going to move this one to the back of the list for the time being if that's alright. I worry that two things would easily occur 1.) Maltego would crash due to the crazy amount of data 2.) Depending on service levels, this has the potential to accidentally use up a large part of a customer quota.

[elhoim]

I agree with caution for 1).
For 2) do you mean API quota? AFAIK, their API quota is a number of request per 24h, they limit the response by default to 10,000 and they have a protection mechanism to time-out internally a request if it takes too long.

[krmaxwell]

(I know this is old, heh.) OK, yes, the default limit is 10k, but if you accidentally search (say) a /20, that's 4k addresses - and suddenly almost half of your daily quota is gone.

There are probably use cases for searching stuff by CIDR ranges, but I don't think this is one of them.

[elhoim]

ISC pDNS supports the syntax for searching CIDR ranges and, AFAIK, it counts only as one request per CIDR range,
In some specific cases, i had luck find secondary IOCs that are the in neighbouring range of an IP.