来自海外DNS的攻击

显示全部楼层 · 发表于 2014-11-18 12:14:00

cat messages|grep named|grep 'client'|wc -l
Nov 15 13:05:35 ai2 named[23036]: client 46.113.166.31#259 (hvtpcwk.dl.dlryjzm.com): query (cache) 'hvtpcwk.dl.dlryjzm.com/A/IN' denied
tail messages|grep named|grep 'client '|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|uniq -c |sort

tail messages|grep named|grep 'client'
cat messages|grep named|grep 'client '|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|awk '$1>100'

cat messages|grep named|grep 'client '|awk '$3>"12:00:00"' | awk '$3<"14:00:00"'|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|sort
cat messages|grep named|grep 'client '|awk '$3>"12:00:00"' | awk '$3<"14:00:00"'|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|awk '$1>10'

10.10.10.1
cat /var/log/maillog | grep 'Nov 13' | grep 'to=<' | awk '$3>"15:00:00"' | awk '$3<"21:00:00"' > /maillog20141114.log
10.10.10.71
cat /var/log/maillog | grep 'Nov 13' | grep 'to=<' | awk '$3>"15:00:00"' | awk '$3<"24:00:00"' > /maillog20141114.log

		自动登录	找回密码
密码			立即註冊