1 / 5

Grepcidr in 30 minutes or less

Grepcidr in 30 minutes or less. http://www.av8.net/dist/grepcidr/ Get grepcidr-2.1.tar.gz ./configure; make; make install grepcidr –h is hopefully self explanatory. Grepcidr -h. Usage: grepcidr [OPTIONS]... [[PATTERN] [FILES]]... -h, --help Print help and exit

callie-sweet
Download Presentation

Grepcidr in 30 minutes or less

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grepcidr in 30 minutes or less • http://www.av8.net/dist/grepcidr/ • Get grepcidr-2.1.tar.gz • ./configure; make; make install • grepcidr –h is hopefully self explanatory AV8 Internet, Inc

  2. Grepcidr -h Usage: grepcidr [OPTIONS]... [[PATTERN] [FILES]]... -h, --help Print help and exit -V, --version Print version and exit -c, --count Count Lines -b, --blocks Output Matching blocks -n, --numblocks Number of matching blocks -v, --invert Invert match -e, --pattern=STRING Pattern -f, --file=STRING Pattern file -i, --ipaddr Output matching IP -1, --no-filename Suppress prefixing filename for multiple files -s, --sb Square brackets around IP to matched --cb Curly braces around IP to be matched -p, --pb Parentheses around IP to be matched --vb Vertical Bars around IP to be matched --lb=STRING custom left bracket --rb=STRING custom right bracket AV8 Internet, Inc

  3. Pattern Formats CIDR format: a.b.c.d/n IP range: a.b.c.d-e.f.g.h IP range : a.b.c.d+size Single IP: a.b.c.d Just like grep: one pattern on command line or multiple –e <pattern> options multiple –f file options AV8 Internet, Inc

  4. Uses • Log analysis • Technique: get bad login worst offenders • grep badlogin logfiles | grepcidr –i 0.0.0.0/0 | sort –u > xx • grepcidr –bf xx logfile #count of badlogins per ip • Traffic analysis • Blacklist management • Technique: expire rehabilitated abusers • grepcidr –vbf blacklist maillogs > notseenrecently • Technique: make sure we aren’t in blacklist • grepcidr –f ourblocks blacklist • Spam filtering • Now from Ronco… AV8 Internet, Inc

  5. Where to get allocation info ftp.arin.net://pub/stats/{RIR} /delegated-{RIR}-latest RIR = afrinic apnic arin lacnic ripencc • Currently allocated blocks: • afrinic 1513 • apnic 16616 • arin 40841 • lacnic 2384 • ripencc 37482 • Total 98836 TODO: Don’t have LIR data AV8 Internet, Inc

More Related