論壇 › 駭客資料 › 来自海外DNS的攻击

admin 发表于 2014-11-18 12:14:00

来自海外DNS的攻击

cat messages|grep named|grep 'client'|wc -l
Nov 15 13:05:35 ai2 named: client 46.113.166.31#259 (hvtpcwk.dl.dlryjzm.com): query (cache) 'hvtpcwk.dl.dlryjzm.com/A/IN' denied
tail messages|grep named|grep 'client '|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|uniq -c |sort

tail messages|grep named|grep 'client'
cat messages|grep named|grep 'client '|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|awk '$1>100'

cat messages|grep named|grep 'client '|awk '$3>"12:00:00"' | awk '$3<"14:00:00"'|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|sort
cat messages|grep named|grep 'client '|awk '$3>"12:00:00"' | awk '$3<"14:00:00"'|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|awk '$1>10'

10.10.10.1
cat /var/log/maillog | grep 'Nov 13' | grep 'to=<' | awk '$3>"15:00:00"' | awk '$3<"21:00:00"' > /maillog20141114.log
10.10.10.71
cat /var/log/maillog | grep 'Nov 13' | grep 'to=<' | awk '$3>"15:00:00"' | awk '$3<"24:00:00"' > /maillog20141114.log

查看完整版本: 来自海外DNS的攻击