Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Anyone good with sed, awk, perl, php for a script request.....

From: "Donofrio, Lewis" <donofrio () umich edu>
Date: Thu, 1 Aug 2002 15:26:41 -0400
2.) Does anyone have the ability to craft up a php script or
awk or sed or grep script that would create the following 
email's from the snort logs?  The current script analyzes the 
'Attack-list.cvs" to get the info needed then it does a whois 
on the attacker's IP and queries for Administrative Contact 
for that subnet and sends them this email....first it emails 
me so I can authorize that its not a 'False Positive'

***SNIPPED****

****** Mail sent to: stievano () windnet it at: 7/28/2002 10:55:18 AM
Administrative Contact: stievano () windnet it

On 11:44:04 PM,Sunday, July 28, 2002, there were several

unauthorized

attempts to access servers here at the University of Michigan, USA.
The attempts appear to have originated from 212.94.129.152, 

a host in

your domain. I'm sending you the portion of our log files

that alerted

us to this breakin attempt. The times indicated are Eastern

Daylight

Time.

 Since this activity amounts to trying to gain illegal access to a
government machine across state lines, I appreciate your 

assistance in

preventing future intrusion attempts from this machine. Thanks.

http://advice.networkice.com/advice/Intrusions/2003013/?port=1
433&reason=RSTsent
********SNIPPED FROM ATTACKLIST.CVS********
Severity            1
Timestamp (GMT)     2002-07-28 23:44:44
IssueId             2003013
IssueName           SQL port probe
IntruderIp          212.94.129.152
IntruderName        SUPROBY
VictimIp            198.111.227.57
VictimName
Attack Parameters   port=1433&reason=RSTsent
Attack Count        8
Intruder Port       2654
Victim Port         1433
********SNIPPED FROM ATTACKLIST.CVS********

--Thanks.



______________________________________________________________________

Lewis       Donofrio () umich edu   College of Literature, 

Science, & Arts

1007 East Huron, Room 201,  BetaID:243340   Cell: (734) 323-8776
Ann Arbor,MI 48104-1690     www.umich.edu/~donofrio Fax:
(734) 647-8333

***SNIPPED****

2.5) note above the ATTACK COUNT is Eight!



______________________________________________________________________ 
Lewis   Donofrio () umich edu   College of Literature, Science, & Arts 
1007 East Huron, Room 201,      BetaID:243340   Cell: (734) 323-8776
Ann Arbor,MI 48104-1690 www.umich.edu/~donofrio  Fax: (734) 647-8333 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: