Re: [SLE] Firewall is getting hammered...help

From: Stephen (stephen_at_mirramar.fsnet.co.uk)
Date: 09/29/03

  • Next message: Richard Bos: "[SLE] rest of kde has arrived (for 8.0 and 8.1)" 
    Date: Mon, 29 Sep 2003 20:32:05 +0100
To: "suse-linux-e@suse.com" <suse-linux-e@suse.com>

    Tom Nielsen wrote:
    > On Mon, 2003-09-29 at 11:11, Stephen wrote:
    >
    >>/I even wrote a little script to find out the worst offenders, and tried to
    >>contact them, but to no avail./
    >>
    >
    > Can I get a copy of that script?
    >
    > Tom

    Tom

    I had grep'ped for 'DPT=135' through all the accumulated messages log files
    and dumped them to a file, then ran this script against it.

    It isn't a great script as it isn't what I do, but I had a bash, or a perl,
    at it in this case, and it worked, learned something new. No doubt someone
    will improve it, probably to a one liner, but it worked for me.

    It will print out a list of IP addresses with the number of probes from
    that address. I did a reverse dns and a port scan against the worst one,
    found that some where running web sites which had a contact address on it.

    Wrote to them, but have had nothing back, except more probes.

    Change the filename to suit

    --------------------------------------------------------------------------
    #!/usr/bin/perl

    open(IPFILE, '/home/stephen/log/messages.log');
    foreach $line (<IPFILE>)
    {
       ($line) =~ /(\d+\.\d+\.\d+\.\d+)/g;
       $ip{$1}+=1;
    }
    close(IPFILE);

    foreach $key (sort keys %ip)
    {
       $rdns = `host $key`;
       print "$key($ip{$key}) => $rdns\n";
    }
    ---------------------------------------------------------------------------

    Steve 

    -- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Richard Bos: "[SLE] rest of kde has arrived (for 8.0 and 8.1)"

    Relevant Pages

    • RE: Separating a word file using executable script
      ... you good in Visual Basic Tom? ... >> I have a 200 page word document that contains information on applications. ... >> I'm hoping that the script will be an executable file. ... >> in a folder along with the script and run it from the folder. ...
      (microsoft.public.word.vba.general)
    • RE: message and batch file
      ... Tom, Thank you so much for your help. ... I have now created a second script to enable the same application that was ... file I was running has a one line command to disables the application.) ... disable the apps seleted or just run a batch file for the apps selected. ...
      (microsoft.public.windows.server.scripting)
    • Re: [SLE] electronic document storage system
      ... > I've tested the script below and it seems to work just fine. ... > # The file format you wish to change ... > echo Running $0 ... Tom Nielsen ...
      (SuSE)
    • Re: GetObject-question
      ... Tom Ogilvy ... > to test my script with 97, but the script always opens Excel 2003. ... On Error GoTo 0 ...
      (microsoft.public.excel.programming)