I am running fastnetmon and so far its doing great job and notifying me on time to take action, currently we are not using any BGP auto-null routing so i am planning to use some kind of script which will block IP address on core router using IP address and destination target port port that way not whole target IP get block instead just specific port.
This is what i am planning, following script giving me detail output and sample of attack which i can use to extract destination port so i can supply IP:DST_PORT info to my script to add ACL on my core router. (following script only provide IP info but not port, can someone explain how does this script sending me all detail email with all packets information from where its obtaining that information?)
notify_about_attack.sh https://github.com/pavel-odintsov/fastnetmon/blob/master/src/notify_about_attack.sh
I can see "cat" command which feed that info but from where that info coming from and how?
No comments:
Post a Comment