找回密码
 立即註冊
查看: 5743|回复: 0

来自海外DNS的攻击

[复制链接]
发表于 2014-11-18 12:14:00 | 显示全部楼层 |阅读模式
cat messages|grep named|grep 'client'|wc -l
Nov 15 13:05:35 ai2 named[23036]: client 46.113.166.31#259 (hvtpcwk.dl.dlryjzm.com): query (cache) 'hvtpcwk.dl.dlryjzm.com/A/IN' denied
tail messages|grep named|grep 'client '|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|uniq -c |sort

tail messages|grep named|grep 'client'
cat messages|grep named|grep 'client '|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|awk '$1>100'

cat messages|grep named|grep 'client '|awk '$3>"12:00:00"' | awk '$3<"14:00:00"'|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|sort
cat messages|grep named|grep 'client '|awk '$3>"12:00:00"' | awk '$3<"14:00:00"'|awk '{print $7}'|sed 's/#/ /g'|awk '{print $1}'|sort|uniq -c|awk '$1>10'

10.10.10.1
cat /var/log/maillog | grep 'Nov 13' | grep 'to=<' | awk '$3>"15:00:00"' | awk '$3<"21:00:00"' > /maillog20141114.log
10.10.10.71
cat /var/log/maillog | grep 'Nov 13' | grep 'to=<' | awk '$3>"15:00:00"' | awk '$3<"24:00:00"' > /maillog20141114.log

攻击流量图

攻击流量图
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即註冊

本版积分规则

Archiver|手機版|小黑屋|masterkuo.com

GMT+8, 2025-2-9 22:45 , Processed in 0.022836 second(s), 9 queries , MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表