Difference between revisions of "User:Sfiggins/Broadworks Controlled Registration"
From Labrats.us
Jump to navigationJump to search| Line 2: | Line 2: | ||
=== Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts. === | === Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts. === | ||
| − | # timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc.pcap; cat /tmp/pcap | awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort | uniq -c | sort -n | tail -n 110 | awk '{print "deny ip host "$2" host 64.1.10.130"}' | sort - | + | Log into cn10-inverness-co.suburbanbroadband.net and run the following commands: |
| + | |||
| + | # DATE=`date +%Y-%m-%d-%H%M` | ||
| + | |||
| + | # sudo timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc-$DATE.pcap | ||
| + | |||
| + | # echo "ip access-list extended SCB-Security-$DATE"; cat /tmp/sbc-$DATE.pcap \ | ||
| + | | awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort \ | ||
| + | | uniq -c | sort -n | tail -n 110 | awk '{print " deny ip host "$2" host 64.1.10.130"}' \ | ||
| + | | sort -V | uniq; echo "permit ip any any"; echo "interface vlan80"; \ | ||
| + | echo " ip access-class SCB-Security-$DATE out" | ||
Revision as of 00:31, 27 May 2019
Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts.
Log into cn10-inverness-co.suburbanbroadband.net and run the following commands:
# DATE=`date +%Y-%m-%d-%H%M`
# sudo timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc-$DATE.pcap
# echo "ip access-list extended SCB-Security-$DATE"; cat /tmp/sbc-$DATE.pcap \
| awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort \
| uniq -c | sort -n | tail -n 110 | awk '{print " deny ip host "$2" host 64.1.10.130"}' \
| sort -V | uniq; echo "permit ip any any"; echo "interface vlan80"; \
echo " ip access-class SCB-Security-$DATE out"
