On Tue, Mar 06, 2001 at 08:54:18AM -0500, Charles Galpin wrote:
>
> I do like the idea of some statistical analysis of the scans though,
> like how many times each unique port number was triggered, top
> offending IPs etc, but this could be gleaned periodically from the
> logfiles directly.
I find that quite useful. I've run across a nifty little perl script
for this: http://glycerine.dyndns.org/linux/chainlysis/. I am sure
there are others (this is udp summary of last week for here):
Rejected udp packets by destination port
port count
53 1443
68 12
Rejected udp packets by source address
address count
209.225.33.187 687
216.34.94.8 588
209.67.29.9 27
216.33.87.10 18
209.225.33.189 18
206.251.19.89 15
209.225.33.188 12
216.78.196.1 12
206.251.19.88 12
216.33.87.8 12
216.33.87.9 12
167.8.29.92 12
209.67.29.10 9
209.67.29.8 9
167.8.29.52 9
167.8.29.91 3
Rejected udp packets by destination address
address count
216.78.197.8 1455
========================================================
This is mostly some kind of obnoxious load balancing technique from F5
labs or some such, and having the summary data was nice to use when
bitching rather than 100's of lines of logs.
--
Hal B
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
