North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Smurf amp detection and notification scripts
- From: Stephen Sprunk
- Date: Tue Mar 16 10:54:40 1999
Since no scripts to do what I was looking for have been forthcoming, I broke
down and decided to prove to myself I still know perl. Find attached the
following:
flow-smurf.pl
Takes a sorted output (simple unix sort) from "sh ip cache flow" and finds
what it believes are smurf amplifiers. The thresholds for number of bytes,
number of flows, prefix length, etc are all tunable. Outputs a list of
suspect prefixes.
smurf-email.pl
Takes a list of prefixes, looks them up in whois, and prints a list of
contact email addresses and the associated prefixes. Also emails the
contacts if you specify a return address. Requires ipw.
Stephen
ObRandy: "no ip routing" will stop smurf attacks
| | Stephen Sprunk, K5SSS, CCIE #3723
:|: :|: NSA, Network Consulting Engineer
:|||: :|||: 14875 Landmark Blvd #400; Dallas, TX
.:|||||||:..:|||||||:. Pager: 800-365-4578 / 800-901-6078
C I S C O S Y S T E M S Email: ssprunk@cisco.com
Attachment:
flow-smurf.pl
Description: Binary data
Attachment:
smurf-email.pl
Description: Binary data
|
