nanog mailing list archives
Re: Disabling QAZ (was Re: Port 139 scans)
From: Bennett Todd <bet () rahul net>
Date: Sat, 30 Sep 2000 09:50:48 -0400
2000-09-29-18:51:16 Ben Browning:
On a side note, if anyone knows a good logfile parsing perl script that pulls out all the IP addresses in a log, I'd love a copy.
How about perl -lne 'print $1 for /(\d+\.\d+\.\d+\.\d+)/g' Take the output of that and feed it through dnsfilter (from djbdns, <URL:http://djbdns.org/>) and you can get the reverse lookups easy. Fast, too, especially if you're running dnscache for your recursive resolver. -Bennett
Attachment:
_bin
Description:
Current thread:
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- <Possible follow-ups>
- RE: Disabling QAZ (was Re: Port 139 scans) Carter, Gregory (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Alex Bligh (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Ben Browning (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Roland Dobbins (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Bennett Todd (Sep 30)
- Re: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dan Hollis (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Dana Hudes (Sep 29)
- RE: Disabling QAZ (was Re: Port 139 scans) Roeland M.J. Meyer (Sep 29)
- Re: Disabling QAZ (was Re: Port 139 scans) Ben Browning (Sep 29)