[31611] in North American Network Operators' Group
Re: Disabling QAZ (was Re: Port 139 scans)
daemon@ATHENA.MIT.EDU (Bennett Todd)
Sat Sep 30 09:52:11 2000
Date: Sat, 30 Sep 2000 09:50:48 -0400
From: Bennett Todd <bet@rahul.net>
To: Ben Browning <benb@oz.net>
Cc: nanog@merit.edu
Message-ID: <20000930095048.C597@oven.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="jy6Sn24JjFx/iggw"
Content-Disposition: inline
In-Reply-To: <5.0.0.25.2.20000929152638.00a2d650@mail.oz.net>; from benb@oz.net on Fri, Sep 29, 2000 at 03:51:16PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
--jy6Sn24JjFx/iggw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
2000-09-29-18:51:16 Ben Browning:
> On a side note, if anyone knows a good logfile parsing perl script
> that pulls out all the IP addresses in a log, I'd love a copy.
How about
perl -lne 'print $1 for /(\d+\.\d+\.\d+\.\d+)/g'
Take the output of that and feed it through dnsfilter (from djbdns,
<URL:http://djbdns.org/>) and you can get the reverse lookups easy.
Fast, too, especially if you're running dnscache for your recursive
resolver.
-Bennett
--jy6Sn24JjFx/iggw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE51e+4L6KAps40sTYRArUtAJ44Qrwzg2FDjcY+eXPfemO1Ppp0tACgj3Ie
394+FctLVsQuvwTwOJE/OLs=
=rHmJ
-----END PGP SIGNATURE-----
--jy6Sn24JjFx/iggw--
