User:Sfiggins/Broadworks Controlled Registration
From Labrats.us
< User:Sfiggins
Jump to navigationJump to searchRevision as of 00:36, 27 May 2019 by Sfiggins (talk | contribs) (→Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts.)
Grab packet capture from cn10-inverness-co on eth1, and format into the top 110 hosts.
Log into cn10-inverness-co.suburbanbroadband.net and run the following commands:
# DATE=`date +%Y-%m-%d-%H%M`; sudo timeout 60s /usr/sbin/tcpdump -n -i eth1 port 5060 \
and dst 64.1.10.130 > /tmp/sbc-$DATE.pcap
# echo "ip access-list extended SCB-Security-$DATE"; cat /tmp/sbc-$DATE.pcap \
| awk '{print $3}' | perl -npe 's/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*$/$1/g' | sort \
| uniq -c | sort -n | tail -n 110 | awk '{print " deny ip host "$2" host 64.1.10.130"}' \
| sort -V | uniq; echo " permit ip any any"; echo "interface vlan80"; \
echo " ip access-class SCB-Security-$DATE out"; rm -f /tmp/sbc-$DATE.pcap
This will generate a configuration that looks like this:
ip access-list extended SCB-Security-2019-05-26-1728 deny ip host 12.44.24.2 host 64.1.10.130 deny ip host 12.70.162.58 host 64.1.10.130 deny ip host 12.119.159.66 host 64.1.10.130 deny ip host 24.149.3.162 host 64.1.10.130 deny ip host 24.196.104.14 host 64.1.10.130 deny ip host 24.234.156.148 host 64.1.10.130 deny ip host 35.130.74.43 host 64.1.10.130 deny ip host 38.76.99.26 host 64.1.10.130 deny ip host 40.131.51.194 host 64.1.10.130 deny ip host 47.44.70.163 host 64.1.10.130 deny ip host 50.234.168.98 host 64.1.10.130 deny ip host 50.234.168.174 host 64.1.10.130 deny ip host 63.225.119.2 host 64.1.10.130 deny ip host 63.248.254.18 host 64.1.10.130 deny ip host 63.249.33.34 host 64.1.10.130 deny ip host 63.249.43.58 host 64.1.10.130 deny ip host 64.6.11.61 host 64.1.10.130 deny ip host 64.64.154.144 host 64.1.10.130 deny ip host 64.64.154.205 host 64.1.10.130 deny ip host 64.92.130.162 host 64.1.10.130 deny ip host 65.114.218.19 host 64.1.10.130 deny ip host 65.158.61.2 host 64.1.10.130 deny ip host 66.160.212.190 host 64.1.10.130 deny ip host 66.160.219.2 host 64.1.10.130 deny ip host 66.160.223.26 host 64.1.10.130 deny ip host 66.160.255.66 host 64.1.10.130 deny ip host 66.185.12.38 host 64.1.10.130 deny ip host 66.211.11.196 host 64.1.10.130 deny ip host 67.202.159.242 host 64.1.10.130 deny ip host 67.217.11.105 host 64.1.10.130 deny ip host 67.237.218.163 host 64.1.10.130 deny ip host 69.169.254.178 host 64.1.10.130 deny ip host 69.170.67.222 host 64.1.10.130 deny ip host 69.197.98.22 host 64.1.10.130 deny ip host 70.166.203.100 host 64.1.10.130 deny ip host 71.237.0.218 host 64.1.10.130 deny ip host 72.19.129.42 host 64.1.10.130 deny ip host 72.19.143.166 host 64.1.10.130 deny ip host 72.19.143.190 host 64.1.10.130 deny ip host 72.19.147.229 host 64.1.10.130 deny ip host 72.19.179.138 host 64.1.10.130 deny ip host 72.19.183.78 host 64.1.10.130 deny ip host 72.19.183.86 host 64.1.10.130 deny ip host 72.19.183.122 host 64.1.10.130 deny ip host 72.19.184.211 host 64.1.10.130 deny ip host 72.19.185.122 host 64.1.10.130 deny ip host 72.164.199.218 host 64.1.10.130 deny ip host 72.250.209.146 host 64.1.10.130 deny ip host 72.250.209.147 host 64.1.10.130 deny ip host 72.250.209.156 host 64.1.10.130 deny ip host 72.250.212.203 host 64.1.10.130 deny ip host 72.250.213.133 host 64.1.10.130 deny ip host 72.250.219.56 host 64.1.10.130 deny ip host 72.250.220.99 host 64.1.10.130 deny ip host 72.250.221.41 host 64.1.10.130 deny ip host 72.250.221.150 host 64.1.10.130 deny ip host 72.250.221.194 host 64.1.10.130 deny ip host 72.250.222.164 host 64.1.10.130 deny ip host 73.8.213.51 host 64.1.10.130 deny ip host 73.63.8.101 host 64.1.10.130 deny ip host 74.84.74.74 host 64.1.10.130 deny ip host 74.205.144.106 host 64.1.10.130 deny ip host 74.205.144.211 host 64.1.10.130 deny ip host 74.205.144.218 host 64.1.10.130 deny ip host 74.205.145.122 host 64.1.10.130 deny ip host 74.205.146.219 host 64.1.10.130 deny ip host 74.205.147.42 host 64.1.10.130 deny ip host 74.205.148.78 host 64.1.10.130 deny ip host 74.205.148.126 host 64.1.10.130 deny ip host 74.205.148.171 host 64.1.10.130 deny ip host 75.87.37.174 host 64.1.10.130 deny ip host 76.77.241.166 host 64.1.10.130 deny ip host 96.66.68.142 host 64.1.10.130 deny ip host 97.64.160.82 host 64.1.10.130 deny ip host 98.158.33.10 host 64.1.10.130 deny ip host 98.158.33.26 host 64.1.10.130 deny ip host 104.201.67.26 host 64.1.10.130 deny ip host 147.92.49.189 host 64.1.10.130 deny ip host 162.17.54.34 host 64.1.10.130 deny ip host 173.198.165.166 host 64.1.10.130 deny ip host 173.198.166.66 host 64.1.10.130 deny ip host 173.198.166.70 host 64.1.10.130 deny ip host 173.225.234.10 host 64.1.10.130 deny ip host 173.240.87.182 host 64.1.10.130 deny ip host 173.244.141.22 host 64.1.10.130 deny ip host 199.19.115.248 host 64.1.10.130 deny ip host 199.168.68.171 host 64.1.10.130 deny ip host 199.168.71.118 host 64.1.10.130 deny ip host 204.28.241.58 host 64.1.10.130 deny ip host 204.28.241.90 host 64.1.10.130 deny ip host 204.28.241.150 host 64.1.10.130 deny ip host 204.28.242.2 host 64.1.10.130 deny ip host 204.28.242.38 host 64.1.10.130 deny ip host 204.28.242.42 host 64.1.10.130 deny ip host 204.28.242.62 host 64.1.10.130 deny ip host 204.28.253.32 host 64.1.10.130 deny ip host 204.235.44.3 host 64.1.10.130 deny ip host 205.170.23.26 host 64.1.10.130 deny ip host 205.185.94.42 host 64.1.10.130 deny ip host 205.185.94.238 host 64.1.10.130 deny ip host 206.248.58.243 host 64.1.10.130 deny ip host 207.109.154.114 host 64.1.10.130 deny ip host 208.73.252.226 host 64.1.10.130 deny ip host 208.81.199.22 host 64.1.10.130 deny ip host 208.123.252.72 host 64.1.10.130 deny ip host 209.206.65.254 host 64.1.10.130 deny ip host 216.73.236.30 host 64.1.10.130 deny ip host 216.114.45.2 host 64.1.10.130 deny ip host 216.114.62.146 host 64.1.10.130 deny ip host 216.228.69.74 host 64.1.10.130 permit ip any any interface vlan80 ip access-class SCB-Security-2019-05-26-1728 out
