Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # v1.0 2013-05-16 dle
- #set -x
- test -d $HOME/report/ || mkdir $HOME/report/
- test -d $HOME/report/.gamas || mkdir $HOME/report/.gamas
- test -d $HOME/report/.out || mkdir $HOME/report/.out
- cd $HOME/report/
- find $HOME/report/.out $HOME/report/.gamas -type f -delete
- ##############
- #if false; then
- find $HOME/reports/ -type -f -delete
- # top 8000
- head -n 8000 /srv/ddos-udp-sorted.txt | awk '{print $2}' > $HOME/top-8000.txt
- cat /srv/reject-udp.txt | awk '
- /SRC=.*SRC=/ || ! /SRC=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ / { next }
- $12 ~ /SRC/ { a=$12 ; sub(/SRC=/,"",a) ; split(a,b,".") ;
- print $0 >> "/srv/www/logs/"b[1]"/"b[2]"/"a ; close("/srv/www/logs/"b[1]"/"b[2]"/"a) ; next}
- $11 ~ /SRC/ { a=$11 ; sub(/SRC=/,"",a) ; split(a,b,".") ;
- print $0 >> "/srv/www/logs/"b[1]"/"b[2]"/"a ; close("/srv/www/logs/"b[1]"/"b[2]"/"a) }'
- # whois
- for i in `cat ../top-8000.txt `; do
- whois $i > /tmp/whois.txt
- done
- sleep 60
- # retry timout no whois
- while find . -size 0 ; do
- find . -size 0 | sed 's,\./,,g' > /tmp/9
- for i in `cat /tmp/9`; do
- echo $i
- test -s $i || whois $i> $i
- done
- sleep 60
- done
- echo "tudo ok? ctrl+z para corrigir"
- read
- # apagar whois com erros
- find . -size 35c -delete
- #fi
- ###########
- for i in *; do
- # gama de ip
- nome=`cat $i | grep "inetnum\|CIDR\|NetRange\|Netblock\|Network Number\|IPv4 Address"| head -n1 | sed 's/.*[ ]\([0-9.]*\)[ ]-[ ]*\([0-9.]*\)[ ]\?.*$/\1-\2/g; s/.*[ ]\([0-9.]*\/[0-9.]*\)/\1/g; s/.*Number\][ ]*//g' | head -n 1 `
- echo $nome | grep -q "/" && \
- nome=`ipcalc $nome| awk '
- /Address:/ { address=$2}
- /HostMax:/ { print address"-"$2}
- /Hostroute/ { host=$2 }
- /Hosts\/Net: 1/ { print host"-"host}' | head -n 1 `
- # contacto da gama
- cat $i | fgrep @ > /tmp/email.tmp
- abuse=`cat $i | grep "[a-zA-Z0-9]@[a-zA-Z0-9]" | grep -v "@example.com" > /tmp/email.tmp || ( echo null ; continue)
- cat /tmp/email.tmp | fgrep -i abuse | head -n 1 | sed 's/.*[^a-zA-Z0-9+._-]\([a-zA-Z0-9+_.-]*@[a-zA-Z0-9_.-]*\)[^a-zA-Z0-9]\?.*/\1/g' | tr [A-Z] [a-z]
- cat /tmp/email.tmp | fgrep -iq abuse || fgrep -v "changed:" /tmp/email.tmp | head -n 1 | sed 's/.*[^a-zA-Z0-9+._-]\([a-zA-Z0-9+_.-]*@[a-zA-Z0-9_.-]*\)[^a-zA-Z0-9]\?.*/\1/g' | tr [A-Z] [a-z]`
- echo $nome >> .out/$abuse
- test -f .gamas/$nome || echo "Count IP" > .gamas/$nome
- fgrep "$i" /srv/ddos-udp-sorted.txt >>.gamas/$nome || echo "++fgrep "$i" /srv/ddos-udp-sorted.txt .games/$nome"
- done
- cd .out
- n=0
- max=`ls -1 | wc -l`
- for i in *; do
- n=$((n+1))
- echo $n/$max
- if [ $i == null ]; then continue ; fi
- files=""
- TEXTO="
- INSERT YOUR EMAIL BODY HERE!
- "
- for a in `cat $i | sort | uniq `; do
- files="$files -a $HOME/report/.gamas/$a "
- done
- echo "$TEXTO" | mutt -s "DoS attack from your network (#`date +%Y%m%d-$n`)" $files -- $i
- sleep 0.6
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement