What's new

Custom firmware build for R7800 v. 1.0.2.74.2SF & v. 1.0.2.74.3SF

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

How did you get the DDOS summary report you posted?

I have my Voxel firmware based 7800 auto email me its logs everyday. I noticed I was getting numerous DOS attacks in succession recently. However, the DOS attacks are listed separately as opposed to the summary you posted.

I've written a shell script that parses the /var/log/messages, greps the ddos attack lines , groups and counts the individual ip's involved into file /opt/var/log/totalled

it goes something like this

get-logs.sh
<<
#!/bin/sh
LOGFILE="/var/log/messages"
COMBINED="/opt/var/log/combined"
TOTALLED="/opt/var/log/totalled"

get_logs()
{
grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o $LOGFILE >> $COMBINED
cat $COMBINED | sort | uniq -c > $TOTALLED
echo "individual ddos attacks"
wc -l $COMBINED
echo "individual ddos drones"
wc -l $TOTALLED
}
get_logs
>>

I've also written a shell script to gather information about the ip's involved, like server name,
and written a script that invokes webservices of ripe, arin etc to get the abuse email address of all servers involved.
I'm pondering if it would be a good idea to send a mail to the abuse mail adresses.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top