NetNetty

Tarun Verma

Published: at 01:43 PM

I recently read somewhere that hype is not a business strategy, and I think we’d all be better off if we’re somewhat skeptical about CEOs trust-me-bro-ing us through this AI slop hellscape that no one was asking for. Now of course you could make the argument that no one was asking for sliced bread either, but sliced bread doesn’t claim to “think” and doesn’t present its opinions on a particular race, even if it’s asked nicely.

Considering that this is being shoved down my throat anyway, I’ve since decided to be a good boy and eat this terribly cooked meal. It will possibly give me food poisoning, but then it’s probably my fault anyway1. A lot of SRE work is concerned with analysis and troubleshooting, for complex distributed systems and networks. The other day I was parsing some whois output to check some registration information for some malicious IP before I could issue global blocks. The sheer amount of information in whois dumps can sometimes be overwhelming, and inspired by the Bloomberg summary box, I thought that it’d be nice to have an LLM generate a three bullet point summary for anything it found useful in the entire whois info dump.

I wrote up a script for this, it’s called NetNetty. Currently it only uses Gemini2 to generate the summary, but I might make it more general (and hopefully more useful?) down the line. Feel free to do whatever the fuck you want to do with the code, it’s somewhat shoddy, but ruff likes it. Here are a couple of sample runs:

Get SOA record for www.google.com:

netnetty) λ  netnetty git:(main) python3 netnetty.py -host google.com -r SOA
| performing DNS lookup for all possible records...
Lookup complete!

SOA: ns1.google.com. dns-admin.google.com. 784870257 900 900 1800 60

Dump all records for www.google.com, present a summary:

(netnetty) λ  netnetty git:(main) python3 netnetty.py -host google.com -a -s
\ performing DNS lookup for all possible records...
Lookup complete!

SOA: ns1.google.com. dns-admin.google.com. 784870257 900 900 1800 60
AAAA: 2a00:1450:4009:c17::64
NS: ns4.google.com.
A: 142.251.30.113
MX: 10 smtp.google.com.
CAA: 0 issue "pki.goog"
TXT: "cisco-ci-domain-verification=47c38bc8c4b74b7233e9053220c1bbe76bcc1cd33c7acf7acd36cd6a5332004b"

Gemini generated summary:
*   Google.com was originally registered on September 15, 1997.
*   The domain is registered to Google LLC and is managed by MarkMonitor, Inc., with its current expiration date set for September 13, 2028.
*   It is highly secured against unauthorized deletion, transfer, or updates by both client and server actions.

Look up relevant info for an IP:

(netnetty) λ  netnetty git:(main) python3 netnetty.py -i 151.101.20.116
Org Name: Fastly, Inc. (SKYCA-3)
Org Emails: ['abuse@fastly.com', 'rir-admin@fastly.com', 'noc@fastly.com']
Org NameServers: None

Generate summary for an IP based on whois info:

(netnetty) λ  netnetty git:(main) python3 netnetty.py --ip 1.1.1.1 -s
Org Name: One Registry
Org Emails: None
Org NameServers: ['auth.g1-dns.one', 'auth.g1-dns.com']

Gemini generated summary:
*   The domain "one.one" was created on May 20, 2015, and is set to expire on May 20, 2026.
*   It is registered to "One Registry", based in Denmark (dk).
*   The domain utilizes "auth.g1-dns.one" and "auth.g1-dns.com" as its name servers and has DNSSEC enabled.

It’s been somewhat useful.

footnotes

Footnotes

  1. Ludic’s post was a good rebuttal to this shitty article

  2. I got a Gemini subscription because the overall deal worked out better for me - 2.5Pro is fine, but it’s mostly the bundled 2 TB storage that got me.