offtopic (need your advice)
hi, Hoping someone can lend advice.I am looking for an application that would restrict/allow access to a single website for dialup users. (i.e. they will be able to visit the site on their office but not at home, however, their office uses dialup so that makes it harder to base it on their ip address for the access list and there would be multiple offices using different dialup providers accessing the site too. Im thinking of using registration keys on the client side but that would be tedious if the number of pc's start to grow. any thoughts? thnx in advnce __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: whats wrong with this grep?
Hi first of all, thanks to those who helped. Sorry to karsten who seem to dislike yahoo mail, I'll get a decent mua nxt time. However, I still need a bit more help. Here's the list of my scripts that clearly needs cleaning/fixing... (see below), I've included the data for clarity. data: scans.txt Jun 9 00:03:09 MY.NET.98.162:6112 - 24.130.240.72:6112 UDP Jun 9 00:03:09 MY.NET.98.162:6112 - 172.158.9.12:6112 UDP Jun 9 00:03:10 MY.NET.98.162:6112 - 24.190.43.195:6112 UDP Jun 9 00:15:31 144.51.17.1:53 - MY.NET.98.126:1219 UDP Jun 9 00:15:31 144.51.17.1:53 - MY.NET.98.126:1220 UDP Jun 9 00:15:31 144.51.17.1:53 - MY.NET.98.126:1221 UDP Jun 9 00:15:32 144.51.17.1:53 - MY.NET.98.126:1222 UDP #tally number of src ips $ grep '..:..:' scans.txt | cut -d '' -f 1 | cut -d ' ' -f 4 | cut -d ' :' -f 1 | tr -d ' ' | sort | uniq -c | sort -nr scan_src_ips_test.log #tally number of dst ips $ grep '..:..:' scans.txt | cut -d '' -f 2 | cut -d ':' -f 1 | tr -d ' ' | sort | uniq -c | sort -nr scan_dst_ips_test.log #tally number of dst ports $ grep '..:..:' scans.txt | cut -d '' -f 2 | cut -d ':' -f 2 | cut -d ' ' -f 1 | tr -d ' ' | sort | uniq -c | sort -nr scan.dst.ports.log data: alert.txt 08/28-00:00:06.008691 [**] SMB Name Wildcard [**] 200.187.133.51:137 - MY.NET.132.10:137 08/28-00:16:52.761152 [**] spp_portscan: PORTSCAN DETECTED from MY.NET.201.42 (THRESHOLD 7 connections in 2 seconds) [**] 08/28-00:16:57.561511 [**] spp_portscan: portscan status from MY.NET.201.42: 21 connections across 19 hosts: TCP(0), UDP(21) [**] 08/28-00:17:03.490019 [**] spp_portscan: portscan status from MY.NET.201.42: 2 connections across 2 hosts: TCP(0), UDP(2) [**] 08/28-00:17:05.644140 [**] spp_portscan: PORTSCAN DETECTED from 142.179.38.136 (STEALTH) [**] 08/28-16:48:30.119883 [**] Possible trojan server activity [**] MY.NET.202.42:3530 - 128.60.33.72:27374 08/28-16:48:30.119933 [**] Possible trojan server activity [**] MY.NET.202.42:3527 - 128.60.33.69:27374 08/28-17:58:58.378913 [**] Watchlist 000220 IL-ISDNNET-990517 [**] 212.179.43.225:32532 - MY.NET.225.22:6346 08/28-17:59:00.641257 [**] Watchlist 000220 IL-ISDNNET-990517 [**] 212.179.43.225:32532 - MY.NET.225.22:6346 08/28-17:59:02.299542 [**] Watchlist 000220 IL-ISDNNET-990517 [**] 212.179.43.225:32532 - MY.NET.225.22:6346 03/24-00:16:03.220881 [**] spp_portscan: PORTSCAN DETECTED from MY.NET.11.8 (THRESHOLD 4 connections exceeded in 6 seconds) [**] 03/24-00:16:03.515447 [**] spp_portscan: portscan status from MY.NET.11.8: 9 connections across 9 hosts: TCP(0), UDP(9) [**] 03/24-00:16:03.843841 [**] spp_portscan: portscan status from MY.NET.11.8: 8 connections across 8 hosts: TCP(0), UDP(8) [**] 03/24-00:16:04.105264 [**] spp_portscan: portscan status from MY.NET.11.8: 3 connections across 3 hosts: TCP(0), UDP(3) [**] #tally number of spp_portscans and the corresponding ips help? #tally number of destination ips grep \[\*\*\] alerts.txt | grep -v spp_portscan | cut -d \ -f 2 | cut -d : -f 1 | sed s/\ //g | sort | uniq -c | sort -nr alerts.dstips.log #tally number of destination ports grep \[\*\*\] alerts.txt | grep -v spp_portscan | grep -v Tiny\ Fragments | grep -v ICMP\ SRC | cut -d \ -f 2 | cut -d : -f 2 | sed s/\ //g | sort | uniq -c | sort -nr alerts.dstports.log #tally number of src ips grep \[\*\*\] alerts.txt | grep -v spp_portscan | cut -d \] -f 3 | cut -d \- -f 1 | cut -d : -f 1 | sed s/\ //g alerts.srcips.log.unsorted grep PORTSCAN alerts.txt | cut -d \] -f 2 | cut -d \ -f 6 | sed s/\ //g alerts.srcips.log.unsorted cat alerts.srcips.log.unsorted | sort | uniq -c | sort -nr alerts.srcips.log __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
whats wrong with this grep?
grep ..\/..\-..\:..\: oos.txt | cut -d \ -f 1 | cut -d \ -f 2 | cut -d \: -f 1 | sed s/\ //g | sort | uniq -c | sort -nr oos.log __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: whats wrong with this grep?
Craig, Sorry about not being clear on my question. It's because I'm having a hard time analysing large amount of traffic logs and the fact that I'm not an expert at scripting and what I was looking for was a quick way to get the number of src ips. How do you expect anyone to know what's wrong with it if you don't tell us what you expect it to do? The main comment I have about this thing is that it's nearly unreadable because rather than properly quote things, you escape everything in sight, including things that don't need to be escaped. The computer may not care one way or the other, but humans attempting to read this are at a disadvantage. Here's something I think (without actually testing) is functionally equivalent, but much easier to read: grep '../..-..:..:' oos.txt | cut -d '' -f 1 | cut -d ' ' -f 2 | cut -d ':' -f 1 | tr -d ' ' | sort | uniq -c | sort -nr oos.log So, what will this do? Grep oos.txt for lines containing any two characters followed by a slash, followed by any two characters, followed by a dash, followed by any two characters, followed by a colon, followed by any two characters, followed by another colon; matching lines are piped to cut, which outputs only the text prior to the first greater-than; the result is then piped to another cut, which outputs only the text between the first and second space characters; then another cut, which outputs only the text prior to the first colon; then all space characters are removed. The final result of all this is then sorted, uniqued (with counts added), sorted again (reverse, by frequency), and written to oos.log. Whether this is what you want is quite unclear, since you didn't bother to tell us what you want, or how the script is failing. The utter lameness of that fact accounts for the poor temper of this reply. A general note on script debugging: If you aren't getting what you want out of a script, especially a complex pipe like this one, try testing the individual components to figure out what isn't working. Just do the grep, first. Do you get the lines you expect? If so, add the first cut, then the second, and so on, confirming at each stage that you are getting what you want. __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
quick snortsnarf question
Anybody installed snortsnarf onto debian? pls. tell me how, also, do I need snort for snortsnarf to work? I have a couple of gunzipped alert files and I don't want to be overwhelmed when I analyze them so I want to use snortsnarf for this... Pls don't forget to CC me since I'm not in the list right now. Thanks __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
help on make
help trying to compile something and I get stuck on this error [EMAIL PROTECTED]:/test$ make c++ -I. -O -Ilinux-include -c Func.cc Func.cc: In function `void do_fmt(const char *, Val *, ODesc *)': Func.cc:247: implicit declaration of function `int localtime(...)' Func.cc:247: implicit declaration of function `int strftime(...)' make: *** [Func.o] Error 1 Any Ideas? pls CC me... __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
stumped on xfonts-terminus
uh, how can I make use of xfonts-terminus? I've installed it but there was no readme or man page to help out... I'd like to use it for my reading xterm text.. thanks __ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ip checksum (offtopic)
Hey, Can someone show me an working example on how ip checksum is computed? I'm having a hard time figuring it out... thanks please CC me if you guys don't mind __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/
Copying a whole subdirectory possible?
I need to copy a whole subdirectory to another subdirectory...possible? (i.e. cp /home/user1/file /home/user2/file) as a regular user. __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
Re: Copying a whole subdirectory possible?
not access denied errors. I need to copy a subdirectory located in a public directory to my home directory...I can copy the files one by one but I'd rather copy the whole subdirectory itself to my home directory... __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
mozilla questions
couple of mozilla-related question (0.9.4) 1. cannot access hotmail...i.e. when I click on sign-in status bar just says done but nothing happened 2. can mozilla use postscript fonts? 3. (offtopic) where can I get free postscript fonts? hehehe __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com
