To get a report of volume of connects per IP, reverse sorted by qty of
connects, wraps:
egrep -i "smtpd.*connect" sys0624.txt | gawk "{print $6}" | unixsort -nf |
uniq -ic | unixsort -rnf | less
... to see which individual IPs are attacking.
duh, forgot to show some results:
4142 xxx IMGate 1
3909 xxx IMGate 2
120 69.43.143.57
120 xxx local server
97 xxx local server
26 12.30.212.142
15 xxx local server
14 xxx local server
9 69.8.166.10
9 66.193.106.205
4 63.251.239.251
3 64.84.20.11
3 206.71.51.24
2 69.27.254.14
2 66.249.28.34
2 66.17.227.139
2 64.136.98.192
2 63.85.86.40
2 63.209.156.87
2 61.175.142.200
2 213.28.196.145
2 209.89.216.13
2 208.179.153.141
1 83.73.255.170
1 83.69.168.152
1 83.32.110.32
1 82.81.1.155
1 82.67.228.51
1 82.51.191.202
1 82.40.30.52
1 82.143.154.194
1 81.220.148.121
1 81.218.62.159
To get a report of volume of connects per IP, sorted by IP, wraps:
egrep -i "smtpd.*connect" sys0624.txt | gawk "{print $6}" | unixsort -nf |
uniq -ic | unixsort -rnf | less
... which facilitates identifying Class C's to block.
note the IPs sorted in ascending order:
1 68.205.147.233
1 68.251.46.13
1 68.40.47.224
1 68.45.103.69
1 68.58.132.243
1 68.61.108.14
1 68.74.205.39
1 69.11.214.245
1 69.110.92.206
1 69.148.101.185
2 69.27.254.14
1 69.42.77.185
1 69.42.77.209
120 69.43.143.57
1 69.56.59.245
1 69.59.191.41
1 69.6.66.15
1 69.6.7.179
1 69.6.79.110 <
1 69.6.79.114 <
1 69.6.79.124 <<< 6 IPs grouped by sorting
1 69.6.79.131 <
1 69.6.79.133 <
1 69.6.79.139 <
1 69.60.98.163
1 69.8.178.105
1 69.8.178.108
1 69.8.178.120
1 69.8.178.121
9 69.8.166.10
1 80.15.23.144
1 80.161.19.237
1 80.179.0.130
1 81.155.175.152
1 81.218.132.92
1 81.218.166.81
1 81.218.62.159
1 81.220.148.121
Len
_____________________________________________________________________
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
