|
Logscan.py [34 KB] ftp://techweb.rfa.org/pub/utilities/logscan-0.4.tgz "Logscan is a tool to assist
in generating complaint emails in response to security probes or attacks.
Logscan scans through logs looking for patterns and if certain thresh-holds are
reached it sends a template email to the local administrators for approval. If
the administrator sees the attack is not a mistake they can forward the email
to the ISP who owns the attacking IPs. Logscan has the beginnings of an
interesting module/library called 'whois' which is loosely based on work by
Scott Hassan (http://www.dotfunk.com/hassan/).
This module traverses the tree of various whois servers untill it finds the
whois record for the ISP that owns the offending IP and then grabbing the
emails of admins responsible there. As this module evolves it will grab other
pieces of information from the whois record (unfortunately there appears to be
a variety of formats for whois records). " |
