User:Sfiggins/Broadworks Controlled Registration
From Labrats.us
< User:Sfiggins
Jump to navigationJump to searchRevision as of 00:31, 27 May 2019 by Sfiggins (talk | contribs) (→Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts.)
Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts.
Log into cn10-inverness-co.suburbanbroadband.net and run the following commands:
# DATE=`date +%Y-%m-%d-%H%M`
# sudo timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 and dst 64.1.10.130 > /tmp/sbc-$DATE.pcap
# echo "ip access-list extended SCB-Security-$DATE"; cat /tmp/sbc-$DATE.pcap \
| awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort \
| uniq -c | sort -n | tail -n 110 | awk '{print " deny ip host "$2" host 64.1.10.130"}' \
| sort -V | uniq; echo "permit ip any any"; echo "interface vlan80"; \
echo " ip access-class SCB-Security-$DATE out"
