CartMetrix - Do you know yours?

« Microsoft Promotes Safari | Home | Convert Mac Line Endings »

1/4/2006

Add Banned IP DNS Info to BFD Emails

I always look up the DNS info for IPs the Brute Force Detection (BFD) alert emails to see where the attack is coming from. If several attacks come from similar places the ISP or datacenter can be notified of the attack.

I added a few lines to the BFD system to automatically supply the DNS lookup information with the alert email saving a manual lookup.

Add the following snippets to /usr/local/bfd/alert.bfd:

EB=0
EV=`nice -n 19 tail -n 25000 $LP | grep $ATT_HOST | tail -n 250`
# damonp add dig command to get IP DNS info
DIG=`dig -x $ATT_HOST`
Executed ban command:
$BCMD

DNS Info:
$DIG

The following are event logs from $ATT_HOST on service $MOD (all time stamps are GMT $TMZ):

Or just download this alert.bfd.dig file. Then rename and replace the original one at /usr/local/bfd/alert.bfd.

Popularity: 11%

Share This

» date: 4-Jan-06 18:45:38 CST
» cat: SysAdmin, Security
» popularity: 11%
» actions: comments + respond + trackback + feed + email article
» pages: linking posts
» previous: Microsoft Promotes Safari
» next: Convert Mac Line Endings

Trackback:

Related Posts

Post your opinion

Verification Image

Please type the letters you see in the picture.

Subscribe without commenting


damonparker.org is proudly powered by WordPress
Entries (RSS) and Comments (RSS).

copyright © 2002-2009 damonparker.org. all rights reserved.

Close
E-mail It