Difference between revisions of "User:Sfiggins/Broadworks Controlled Registration"
From Labrats.us
Jump to navigationJump to search (Created page with " === Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts. # timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/s...") |
|||
| Line 1: | Line 1: | ||
| − | + | ||
| − | === Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts. | + | === Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts. === |
# timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc.pcap; cat /tmp/pcap | awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort | uniq -c | sort -n | tail -n 110 | awk '{print "deny ip host "$2" host 64.1.10.130"}' | sort -n | uniq | # timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc.pcap; cat /tmp/pcap | awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort | uniq -c | sort -n | tail -n 110 | awk '{print "deny ip host "$2" host 64.1.10.130"}' | sort -n | uniq | ||
Revision as of 00:16, 27 May 2019
Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts.
# timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc.pcap; cat /tmp/pcap | awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort | uniq -c | sort -n | tail -n 110 | awk '{print "deny ip host "$2" host 64.1.10.130"}' | sort -n | uniq
