recent activity
junkview 2008-12-07a iptables log analysis
Timestamp filter:
24 hours from 2010 Mar 11 02:03:01 to 2010 Mar 12 02:03:01 (+1100)
Reading /var/log/messages
Log records found from Mar 7 07:38:43 to Mar 12 02:02:46
Checked 10201 records plus 0 repeats to find 376 from deltree.
Protocol summary: 360 TCP, 10 UDP, 6 ICMP
8.0/icmp 5 |( . . . . 1.3
22/tcp 10 |(( . . . . 2.7
23/tcp 31 |((((( . . . . 8.2
80/tcp 4 |( . . . . 1.1
135/tcp 5 |( . . . . 1.3
139/tcp 18 |((( . . . . 4.8
445/tcp 212 |(((((((((((((((((((((((((((((((((((((( . 56.4
1433/tcp 5 |( . . . . 1.3
2967/tcp 10 |(( . . . . 2.7
9415/tcp 3 |( . . . . 0.8
16756/tcp 10 |(( . . . . 2.7
30747/tcp 2 | . . . . 0.5
51046/tcp 3 |( . . . . 0.8
51757/tcp 4 |( . . . . 1.1
54356/tcp 20 |(((( . . . . 5.3
59444/tcp 2 | . . . . 0.5
others 32 |(((((( . . . . 8.5
total 376 + - - - - + - - - - + - - - - + - - - - + - - -
0 15.0% 30.0% 45.0% 60.0%
Top offenders by host, destination ports:
hits code host name/dest ports
17 CN 121.14.153.168 noname: nxdomain
9 54356/tcp-as, 8 16756/tcp-as
9 CN 123.129.255.178 noname: nxdomain
2 59444/tcp-ar, 2 30747/tcp-ar, 2 29431/tcp-ar
2 10535/tcp-ar, 1 4597/tcp-as
9 AU 123.2.68.33 123-2-68-33.static.dsl.dodo.com.au
9 139/tcp-s
9 AU 123.2.31.144 123-2-31-144.static.dsl.dodo.com.au
9 139/tcp-s
7 AU 123.2.77.98 123-2-77-98.static.dsl.dodo.com.au
2 138/udp, 2 10426/udp, 2 10421/udp, 1 161/udp
4 CN 202.106.121.66 www.miit.gov.cn
4 54356/tcp-as
4 US 72.14.203.113 tx-in-f113.1e100.net
4 51757/tcp-af
4 CN 61.129.251.7 srv04.spillgroupasia.com
4 2967/tcp-s
3 CN 222.45.112.221 noname: nxdomain
2 2967/tcp-s, 1 135/tcp-s
3 RU 188.19.157.49 noname: nxdomain
3 445/tcp-s
2 MX 189.223.255.6 189.223.255.6.ded.telnor.net
2 22/tcp-s
2 FR 80.13.124.36 LLagny-156-36-9-36.w80-13.abo.wanadoo.fr
2 22/tcp-s
2 CN 59.37.54.52 noname: nxdomain
2 22/tcp-s
1 US 209.160.24.108 noname: nxdomain
1 22/tcp-s
1 CN 123.108.208.67 noname: servfail
1 22/tcp-s
1 CN 115.182.34.34 noname: nxdomain
1 22/tcp-s
1 CN 60.28.110.61 noname: nxdomain
1 22/tcp-s
Top offenders by network, host, destination ports:
hits code network/host lookup/dest ports country
30 AU 123.2.0.0/16 123.2.0.0/16 Australia
9 123.2.31.144 9 139/tcp-s
9 123.2.68.33 9 139/tcp-s
2 123.2.77.91 2 8.0/icmp
7 123.2.77.98 2 138/udp, 2 10426/udp, 2 10421/udp, 1 161/udp
3 123.2.251.147 3 445/tcp-s
17 CN 121.14.153.168/30 121.8.0.0/13 China
121.14.153.168 9 54356/tcp-as, 8 16756/tcp-as
9 CN 123.129.255.176/30 123.128.0.0/13 China
123.129.255.178 2 59444/tcp-ar, 2 30747/tcp-ar, 2 29431/tcp-ar
2 10535/tcp-ar, 1 4597/tcp-as
7 AU 123.3.0.0/16 123.3.0.0/16 Australia
1 123.3.72.0 1 445/tcp-s
1 123.3.108.121 1 80/tcp-s
1 123.3.162.111 1 445/tcp-s
1 123.3.177.248 1 8.0/icmp
3 123.3.186.85 3 445/tcp-s
6 RU 95.24.0.0/13 95.24.0.0/13 Russian Federation
1 95.24.228.160 1 445/tcp-s
1 95.25.30.228 1 445/tcp-s
1 95.25.245.225 1 445/tcp-s
1 95.29.101.194 1 445/tcp-s
1 95.29.130.43 1 445/tcp-s
1 95.30.243.159 1 445/tcp-s
4 US 72.14.203.112/30 72.14.192.0/18 United States
72.14.203.113 4 51757/tcp-af
4 CN 61.129.251.4/30 61.128.0.0/15 China
61.129.251.7 4 2967/tcp-s
4 TW 220.136.0.0/13 220.136.0.0/13 Taiwan
2 220.137.20.103 2 445/tcp-s
2 220.141.185.210 2 445/tcp-s
4 CN 202.106.121.64/30 202.106.0.0/16 China
202.106.121.66 4 54356/tcp-as
4 RU 188.19.128.0/17 188.16.0.0/14 Russian Federation
3 188.19.157.49 3 445/tcp-s
1 188.19.206.64 1 445/tcp-s
key: tcp: a ack, c cwr, e ece, f fin, p psh, r rst, s syn
download source
- latest tarball
- see the archive
data source
- ip2country
- http://software77.net/
provide the CIDR block to country database.
- Note that since late 2007 junkshow uses a database derived from
the various registries, see the firewall
page for download links.
notes
- database accuracy
- Database sources may contain errors, the above sites offer
feedback forms for you to report errors you find.
- geolocation
- Some European CIDR blocks may be reported as being in an
neighbouring country (for example FR reported as DE), due to
registry data differing from whois data in the EU.
- suggestions
- Presentation errors, bugs, feature requests to the address
below.
related projects
- sf4sf log firewall log pretty printer
- tail -f /var/log/messages | sf4sf -f /etc/sf4sf.conf
- Displays firewall activity and also optionally reports country
code and name for connections, see it on the firewall tools page.
more information
- about
- information about the junkview project, author
- download
- download the GPLv2 source tarball, view history
- junkview
- junkview project source files, GPLv2