... ciao:
: : A total of 5711 sites probed the server
: : 1.152.198.116
: : 1.22.185.5
: : 1.23.105.130
: : 1.38.24.232 ...
i have for some time, used a script that looks for such information, and
mails it to me.
"Subject: Dec 23 Probes: 655 on 483 ports ...
# Scans Port No:
9 22
75 23
... .. and so on."
i have massaged it somewhat, for human consumption.
if it useful, great.
included as an attachment ...
--
... it's not what you see ,
but in stead , notice ...#!/bin/sh
# aniota.com twhite@
# ports: cron event
# 11-16-2009
# scanned 'ports' report for yesterday
# 01-01-2010
# fixed "Jan 1" date problem: +"%b %_d"
# 12-24-2011
# for general consumption
#
# ASSUMED:
# LOG="/var/log/kernel"
# MAIL="root@localhost"
#
# 'Packet' entry looks (something) like:
# "Dec 23 23:43:04 aniota kernel: Packet log: input REJECT ppp0
# PROTO=17 198.41.0.4:53 63.225.163.150:29496 L=450 S=0x00
# I=48767 F=0x0000 T=57 (#182)"
#################################
# user dependant #
#################################
# flavour to taste
LOG="/var/log/kernel"
MAIL="root@localhost"
#################################
# not'sa much #
#################################
# temp file(s)
FILE="$RANDOM"
COUNT="$FILE-C"
# "Dec 23" "12-23-2011"
Y="`date -d "yesterday" +"%b %_d"`"
T="`date -d "yesterday" +"%m-%d-%y"`"
# 62415, 5928, 21595, ... list of ports
grep "$Y" $LOG | \
grep "Packet" | cut -d ":" -f 7 | \
cut -d " " -f 1 > $FILE
# number of scans ... in above list
NOS="`cat $FILE | wc -l`"
# 1 64861; count, port ... from above list
sort -n $FILE | uniq -c > $COUNT
# number of ports ... cough , cough
NOP="`cat $COUNT | wc -l`"
# mail pretty printing
echo "# Scans Port No:" > $FILE
cat $COUNT >> $FILE
# mail the damn thing ...
cat $FILE | mail $MAIL -s "$Y Probes: $NOS on $NOP ports ..."
rm -f $FILE*
exit
