| View previous topic :: View next topic |
| Author |
Message |
lysergicacid
Guru
Joined: 25 Nov 2003
Posts: 352
Location: The Universe,Virgo Super Cluster,Milky Way,Earth
|
 Posted: Thu Nov 23, 2006 3:06 am Post subject: ddoss |
 |
|
hello everyone 
ive being constantly ddossed and was wondering if anyone knows a way to parse the log files from a netgear router using the syslog broadcast to syslog server function in the router to a gentoo comp on the lan then parse the log file for ip's | Code: | 00:37:38 [DOS]INpp0 OUT= MAC= SRC=81.226.35.205 DST=82.9.168.100 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=47219 DF PROTO=TCP SPT=59749 DPT=2000 WINDOW=64240 RES=0x00 SYN URGP=0
00:37:38 [DOS]INpp0 OUT= MAC= SRC=172.158.89.139 DST=82.9.168.100 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=43886 DF PROTO=TCP SPT=4308 DPT=411 WINDOW=16384 RES=0x00 SYN URGP=0
00:37:38 [DOS]INpp0 OUT= MAC= SRC=84.255.224.255 DST=82.9.168.100 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=9792 DF PROTO=TCP SPT=3142 DPT=7778 WINDOW=65535 RES=0x00 SYN URGP=0 |
do a whois per ip that is listed in there and then email abuse@isp per ip address please ????
like the router sends log to my gentoo server comp then the gentoo server comp use some kinda script to parse said log files generate emails or something ?
or something simular its a nightmare trying to keep up with the ips in there 
_________________
[img]http://valid.canardpc.com/cache/banner/2040927.png[/img]
Desktop:
[img]http://valid.canardpc.com/cache/banner/2703952.png[/img] |
|
| Back to top |
|
 |
phajdan.jr
Retired Dev
Joined: 23 Mar 2006
Posts: 1777
Location: Poland
|
| Posted: Thu Nov 23, 2006 3:10 pm Post subject: |
|
|
Pipe it through something like this:
| Code: |
| awk '{print $6}' | sed -e 's/=/ /g' | awk '{print $2}'
|
|
|
| Back to top |
|
|
|
Networking & Security
