Re: Intrusion Statistics

To: debian-user@lists.debian.org
Subject: Re: Intrusion Statistics
From: Walter Hurry <walterhurry@lavabit.com>
Date: Fri, 5 Aug 2011 17:03:51 +0000 (UTC)
Message-id: <[🔎] j1h7pm$df9$2@dough.gmane.org>
References: <[🔎] j1gnme$cjh$1@dough.gmane.org> <[🔎] j1gnvv$cjh$2@dough.gmane.org> <[🔎] CAH_OBic+o+X7tm71sjmchN69VcZJ6zgDrfJRC2qwC4=XOD3yyw@mail.gmail.com>

On Fri, 05 Aug 2011 11:59:51 -0400, shawn wilson wrote:

> 1. How are you figuring the source country? If you're looking at the ip
> in the handshake and comparing this to a db of ip / country, you're only
> looking at half of the story. If you're a bit smarter and have a list of
> border routers that country owns and are looking at that for the source
> country, this is probably better.

My router emails me with its log when it fills, with entries like these:
Aug  4 07:52:42  |  Drop TCP packet from WAN (src:58.218.199.250:12200, 
dst:nnn.nnn.nnn.nnn:nn) by default rule
Aug  4 06:25:53  |  Drop PING request from WAN (ip:200.164.216.90).

I just have a small shell script which reads the emails, extracts the IP 
addresses and does a lookup on my Geo IP database. Nothing elaborate.

Reply to:

Follow-Ups:
- Re: Intrusion Statistics
  - From: shawn wilson <ag4ve.us@gmail.com>

References:
- Intrusion Statistics
  - From: Walter Hurry <walterhurry@lavabit.com>
- Re: Intrusion Statistics
  - From: Walter Hurry <walterhurry@lavabit.com>
- Re: Intrusion Statistics
  - From: shawn wilson <ag4ve.us@gmail.com>

Prev by Date: Re: Graphics Driver for XGI Volari Z9M card?
Next by Date: Re: Intrusion Statistics
Previous by thread: Re: Intrusion Statistics
Next by thread: Re: Intrusion Statistics
Index(es):
- Date
- Thread