Port Probes Again
David Demland
demland@home.com
Fri, 7 Jul 2000 22:58:44 -0700
Here is what the current log looks like:
Jul 6 19:38:04 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=46 S=0x00 I=28629 F=0x0000 T=63
(#34)
Jul 6 19:38:04 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28630 F=0x0000 T=63
(#34)
Jul 6 19:38:04 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28631 F=0x0000 T=63
(#34)
Jul 6 19:38:04 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=46 S=0x00 I=28632 F=0x0000 T=63
(#34)
Jul 6 19:38:04 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28633 F=0x0000 T=63
(#34)
Jul 6 19:38:05 localhost kernel: Packet log: input DENY eth1 PROTO=17
24.8.65.123:7778 255.255.255.255:7777 L=64 S=0x00 I=63193 F=0x0000 T=128
(#34)
Jul 6 19:38:06 localhost kernel: Packet log: input DENY eth1 PROTO=17
169.254.172.44:2519 255.255.255.255:2519 L=54 S=0x00 I=45704 F=0x0000 T=128
(#34)
Jul 6 19:38:06 localhost kernel: Packet log: input DENY eth1 PROTO=17
10.10.10.10:3419 255.255.255.255:123 L=76 S=0x00 I=26896 F=0x0000 T=128
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28634 F=0x0000 T=63
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28635 F=0x0000 T=63
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=46 S=0x00 I=28636 F=0x0000 T=63
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28637 F=0x0000 T=63
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28639 F=0x0000 T=63
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28640 F=0x0000 T=63
(#34)
Jul 6 19:38:09 localhost kernel: Packet log: input DENY eth1 PROTO=17
200.1.28.20:1024 255.255.255.255:6612 L=56 S=0x00 I=28641 F=0x0000 T=63
(#34)
David
----- Original Message -----
From: Kevin Buettner <kev@primenet.com>
To: <plug-discuss@lists.PLUG.phoenix.az.us>
Sent: Friday, July 07, 2000 11:04 PM
Subject: Re: Port Probes Again
> On Jul 7, 10:36pm, David Demland wrote:
>
> > I have been getting a lot of port probes each day. To the point
> > that I am getting 100 + Meg log file. I would like to write a
> > script that will parse out only the single unique IP from the file.
> > I know I can use grep to get the lines, but how do I get the unique
> > IP from these greped lines?
>
> It should be easy to write a perl script to do what you want. How
> 'bout sending us a sample of 30-50 such lines...
>
> Kevin
>
> _______________________________________________
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss