recent activity
junkview 2008-12-07a iptables log analysis
Timestamp filter:
24 hours from 2010 Jul 29 19:03:01 to 2010 Jul 30 19:03:01 (+1000)
Reading /var/log/messages
Log records found from Jul 25 04:40:01 to Jul 30 19:02:42
Checked 9602 records plus 0 repeats to find 445 from deltree.
Protocol summary: 369 TCP, 75 UDP, 1 ICMP
22/tcp 5 |( . . . . 1.1
23/tcp 119 |((((((((((((((((((((((((((((((((( . 26.7
80/tcp 7 |(( . . . . 1.6
128/tcp 4 |( . . . . 0.9
135/tcp 11 |((( . . . . 2.5
138/udp 20 |(((((( . . . . 4.5
161/udp 6 |(( . . . . 1.3
445/tcp 135 |(((((((((((((((((((((((((((((((((((((( . 30.3
1433/tcp 13 |(((( . . . . 2.9
2967/tcp 7 |(( . . . . 1.6
3389/tcp 17 |((((( . . . . 3.8
9415/tcp 8 |(( . . . . 1.8
10421/udp 20 |(((((( . . . . 4.5
10426/udp 20 |(((((( . . . . 4.5
10623/tcp 5 |( . . . . 1.1
54356/tcp 9 |((( . . . . 2.0
others 39 |((((((((((( . . . 8.8
total 445 + - - - - + - - - - + - - - - + - - - - + - - -
0 8.0% 16.0% 24.0% 32.0%
Top offenders by host, destination ports:
hits code host name/dest ports
74 AU 123.2.77.98 123-2-77-98.static.dsl.dodo.com.au
20 138/udp, 20 10426/udp, 20 10421/udp
6 161/udp, 2 80/tcp-s, 2 445/tcp-s
2 139/tcp-s, 2 137/udp
11 AU 123.2.91.164 123-2-91-164.static.dsl.dodo.com.au
11 445/tcp-s
10 US 97.72.114.246 host9772246114.direcpc.com
9 3389/tcp-s, 1 3389/tcp-ar
8 CN 112.91.146.170 noname: nxdomain
4 128/tcp-as, 4 10623/tcp-as
6 US 74.86.65.36 74.86.65.36-static.reverse.softlayer.com
6 54356/tcp-as
5 AU 123.2.57.252 123-2-57-252.static.dsl.dodo.com.au
5 445/tcp-s
5 US 74.86.117.129 74.86.117.129-static.reverse.softlayer.com
2 4385/tcp-as, 1 355/tcp-as, 1 31132/tcp-as
1 28452/tcp-as
4 AU 202.136.40.141 noname: nxdomain
1 9855/udp, 1 60749/udp, 1 48996/udp
1 41338/udp
4 US 174.36.203.32 sorf.org
1 7924/tcp-as, 1 63894/tcp-as, 1 54360/tcp-as
1 46871/tcp-as
4 AU 123.2.215.44 123-2-215-44.static.dsl.dodo.com.au
4 445/tcp-s
2 MA 41.248.154.53 noname: nxdomain
1 23/tcp-s, 1 22/tcp-s
1 CN 112.65.249.143 noname: nxdomain
1 22/tcp-s
1 RU 89.190.232.7 7-232-190-89.baltnet.ru
1 22/tcp-s
1 DE 85.114.141.22 s022.silver.fastwebserver.de
1 22/tcp-s
1 US 69.50.217.53 noname: nxdomain
1 22/tcp-s
Top offenders by network, host, destination ports:
hits code network/host lookup/dest ports country
102 AU 123.2.0.0/16 123.2.0.0/16 Australia
5 123.2.57.252 5 445/tcp-s
74 123.2.77.98 20 138/udp, 20 10426/udp, 20 10421/udp
6 161/udp, 2 80/tcp-s, 2 445/tcp-s
2 139/tcp-s, 2 137/udp
11 123.2.91.164 11 445/tcp-s
3 123.2.119.248 3 445/tcp-s
4 123.2.169.152 4 445/tcp-s
4 123.2.215.44 4 445/tcp-s
1 123.2.237.183 1 445/tcp-s
14 AU 123.3.0.0/16 123.3.0.0/16 Australia
1 123.3.17.245 1 445/tcp-s
2 123.3.21.208 2 445/tcp-s
1 123.3.67.80 1 445/tcp-s
1 123.3.79.46 1 445/tcp-s
2 123.3.80.80 2 445/tcp-s
1 123.3.86.95 1 445/tcp-s
1 123.3.93.184 1 445/tcp-s
1 123.3.129.29 1 445/tcp-s
1 123.3.130.174 1 8.0/icmp
2 123.3.156.122 2 445/tcp-s
1 from 1 more addr
14 PK 116.71.0.0/16 116.71.0.0/16 Pakistan
1 116.71.148.25 1 23/tcp-s
1 116.71.169.19 1 23/tcp-s
1 116.71.173.33 1 23/tcp-s
1 116.71.175.192 1 23/tcp-s
1 116.71.179.19 1 23/tcp-s
1 116.71.180.29 1 23/tcp-s
1 116.71.184.158 1 23/tcp-s
1 116.71.191.75 1 23/tcp-s
1 116.71.218.239 1 23/tcp-s
1 116.71.245.159 1 23/tcp-s
4 from 4 more addr
11 US 74.86.64.0/18 74.86.0.0/16 United States
6 74.86.65.36 6 54356/tcp-as
5 74.86.117.129 2 4385/tcp-as, 1 355/tcp-as, 1 31132/tcp-as
1 28452/tcp-as
10 US 97.72.114.244/30 97.72.0.0/15 United States
97.72.114.246 9 3389/tcp-s, 1 3389/tcp-ar
9 CN 112.91.144.0/21 112.88.0.0/13 China
8 112.91.146.170 4 128/tcp-as, 4 10623/tcp-as
1 112.91.148.35 1 10623/tcp-as
8 JM 72.27.0.0/16 72.27.0.0/17 Jamaica
1 72.27.39.197 1 23/tcp-s
1 72.27.51.51 1 23/tcp-s
1 72.27.51.236 1 23/tcp-s
1 72.27.69.15 1 23/tcp-s
1 72.27.70.56 1 23/tcp-s
1 72.27.147.160 1 23/tcp-s
1 72.27.167.20 1 23/tcp-s
1 72.27.183.61 1 23/tcp-s
6 AE 92.96.0.0/14 92.96.0.0/14 United Arab Emirates
1 92.96.130.124 1 23/tcp-s
1 92.96.174.210 1 23/tcp-s
1 92.96.212.190 1 23/tcp-s
1 92.99.133.18 1 23/tcp-s
1 92.99.230.150 1 23/tcp-s
1 92.99.254.122 1 23/tcp-s
6 BR 189.0.0.0/11 189.0.0.0/11 Brazil
1 189.12.61.173 1 445/tcp-s
2 189.19.27.151 2 445/tcp-s
1 189.19.203.101 1 135/tcp-s
1 189.28.197.198 1 445/tcp-s
1 189.30.126.171 1 23/tcp-s
6 US 174.36.0.0/16 174.36.0.0/15 United States
1 174.36.100.210 1 65334/tcp-as
1 174.36.172.88 1 54356/tcp-as
4 174.36.203.32 1 7924/tcp-as, 1 63894/tcp-as, 1 54360/tcp-as
1 46871/tcp-as
key: tcp: a ack, c cwr, e ece, f fin, p psh, r rst, s syn
download source
- latest tarball
- see the archive
data source
- ip2country
- http://software77.net/
provide the CIDR block to country database.
- Note that since late 2007 junkshow uses a database derived from
the various registries, see the firewall
page for download links.
notes
- database accuracy
- Database sources may contain errors, the above sites offer
feedback forms for you to report errors you find.
- geolocation
- Some European CIDR blocks may be reported as being in an
neighbouring country (for example FR reported as DE), due to
registry data differing from whois data in the EU.
- suggestions
- Presentation errors, bugs, feature requests to the address
below.
related projects
- sf4sf log firewall log pretty printer
- tail -f /var/log/messages | sf4sf -f /etc/sf4sf.conf
- Displays firewall activity and also optionally reports country
code and name for connections, see it on the firewall tools page.
more information
- about
- information about the junkview project, author
- download
- download the GPLv2 source tarball, view history
- junkview
- junkview project source files, GPLv2