recent activity
junkview 2008-12-07a iptables log analysis
Timestamp filter:
24 hours from 2010 Sep 06 11:03:01 to 2010 Sep 07 11:03:01 (+1000)
Reading /var/log/messages
Log records found from Sep 5 04:40:01 to Sep 7 11:00:56
Checked 3458 records plus 0 repeats to find 408 from deltree.
Protocol summary: 378 TCP, 30 UDP
22/tcp 8 |(( . . . . 2.0
23/tcp 94 |((((((((((((((((((((((( . . 23.0
80/tcp 21 |((((( . . . . 5.1
135/tcp 20 |((((( . . . . 4.9
138/udp 6 |( . . . . 1.5
161/udp 3 |( . . . . 0.7
445/tcp 162 |(((((((((((((((((((((((((((((((((((((((( 39.7
1433/tcp 8 |(( . . . . 2.0
3389/tcp 6 |( . . . . 1.5
5060/udp 4 |( . . . . 1.0
9415/tcp 12 |((( . . . . 2.9
10421/udp 6 |( . . . . 1.5
10426/udp 6 |( . . . . 1.5
39205/tcp 7 |(( . . . . 1.7
48088/tcp 4 |( . . . . 1.0
54356/tcp 6 |( . . . . 1.5
others 35 |(((((((((. . . . 8.6
total 408 + - - - - + - - - - + - - - - + - - - - + - - -
0 10.0% 20.0% 30.0% 40.0%
Top offenders by host, destination ports:
hits code host name/dest ports
21 AU 123.2.77.98 123-2-77-98.static.dsl.dodo.com.au
6 138/udp, 6 10426/udp, 6 10421/udp, 3 161/udp
13 AU 203.171.77.188 203.171.77.188.static.rev.aanet.com.au
13 80/tcp-af
10 TR 77.223.143.83 77-223-143-83.netdirekt.com.tr
1 9340/tcp-as, 1 8482/tcp-as, 1 59265/tcp-as
1 54030/tcp-as, 1 33800/tcp-as, 1 29964/tcp-as
1 22409/tcp-as, 1 21868/tcp-as, 1 11615/tcp-as ~
5 US 207.46.12.110 msnbot-207-46-12-110.search.msn.com
5 80/tcp-af
5 AU 123.3.89.20 123-3-89-20.static.dsl.dodo.com.au
5 445/tcp-s
4 AU 123.3.175.24 123-3-175-24.static.dsl.dodo.com.au
4 445/tcp-s
4 US 72.14.213.16 pv-in-f16.1e100.net
1 58517/tcp-r, 1 58515/tcp-r, 1 58265/tcp-r
1 55533/tcp-r
3 AU 203.171.95.52 203.171.95.52.static.rev.aanet.com.au
3 80/tcp-af
3 AU 202.136.40.141 noname: nxdomain
1 61650/udp, 1 42320/udp, 1 18170/udp
3 TW 123.195.121.32 123-195-121-32.dynamic.kbronet.com.tw
3 445/tcp-s
2 BR 189.1.164.80 noname: nxdomain
2 22/tcp-s
2 US 130.245.191.106 esl.cewit.stonybrook.edu
2 22/tcp-s
2 FR 80.13.169.26 LRouen-151-72-10-26.w80-13.abo.wanadoo.fr
1 23/tcp-s, 1 22/tcp-s
1 CN 222.73.242.68 noname: nxdomain
1 22/tcp-s
1 CN 218.1.114.75 noname: nxdomain
1 22/tcp-s
1 IR 91.98.179.27 91.98.179.27.pol.ir
1 22/tcp-s
Top offenders by network, host, destination ports:
hits code network/host lookup/dest ports country
40 AU 123.3.0.0/16 123.3.0.0/16 Australia
2 123.3.19.45 2 445/tcp-s
3 123.3.70.82 3 445/tcp-s
2 123.3.84.218 2 445/tcp-s
5 123.3.89.20 5 445/tcp-s
2 123.3.131.5 2 445/tcp-s
2 123.3.157.177 2 135/tcp-s
3 123.3.171.138 3 445/tcp-s
2 123.3.174.74 2 445/tcp-s
4 123.3.175.24 4 445/tcp-s
2 123.3.182.240 2 445/tcp-s
13 from 13 more addr
29 AU 123.2.0.0/16 123.2.0.0/16 Australia
21 123.2.77.98 6 138/udp, 6 10426/udp, 6 10421/udp, 3 161/udp
3 123.2.91.164 3 445/tcp-s
2 123.2.119.248 2 445/tcp-s
3 123.2.212.193 2 135/tcp-s, 1 445/tcp-s
16 AU 203.171.64.0/19 203.171.64.0/18 Australia
13 203.171.77.188 13 80/tcp-af
3 203.171.95.52 3 80/tcp-af
10 TR 77.223.143.80/30 77.223.128.0/19 Turkey
77.223.143.83 1 9340/tcp-as, 1 8482/tcp-as, 1 59265/tcp-as
1 54030/tcp-as, 1 33800/tcp-as, 1 29964/tcp-as
1 22409/tcp-as, 1 21868/tcp-as, 1 11615/tcp-as ~
9 PK 116.71.0.0/16 116.71.0.0/16 Pakistan
1 116.71.14.183 1 23/tcp-s
1 116.71.28.72 1 23/tcp-s
1 116.71.31.187 1 23/tcp-s
1 116.71.59.77 1 23/tcp-s
1 116.71.145.249 1 23/tcp-s
1 116.71.169.199 1 23/tcp-s
1 116.71.173.168 1 23/tcp-s
1 116.71.183.237 1 23/tcp-s
1 116.71.245.32 1 23/tcp-s
8 TW 123.192.0.0/14 123.192.0.0/14 Taiwan
2 123.192.168.7 2 135/tcp-s
1 123.193.185.115 1 135/tcp-s
3 123.195.121.32 3 445/tcp-s
2 123.195.126.82 2 445/tcp-s
7 EG 41.232.0.0/13 41.232.0.0/13 Egypt
1 41.233.153.50 1 23/tcp-s
1 41.233.191.122 1 23/tcp-s
1 41.234.91.167 1 23/tcp-s
1 41.234.228.62 1 23/tcp-s
1 41.234.229.205 1 23/tcp-s
1 41.238.143.82 1 23/tcp-s
1 41.239.28.115 1 23/tcp-s
6 KW 78.154.224.0/19 78.154.224.0/19 Kuwait
1 78.154.226.240 1 23/tcp-s
1 78.154.230.185 1 23/tcp-s
1 78.154.234.155 1 23/tcp-s
1 78.154.245.13 1 23/tcp-s
1 78.154.247.249 1 23/tcp-s
1 78.154.254.163 1 23/tcp-s
6 PK 119.152.0.0/14 119.152.0.0/13 Pakistan
1 119.152.128.157 1 23/tcp-s
2 119.154.120.229 2 445/tcp-s
1 119.155.7.108 1 23/tcp-s
1 119.155.17.21 1 23/tcp-s
1 119.155.99.105 1 23/tcp-s
5 RU 95.24.0.0/14 95.24.0.0/13 Russian Federation
1 95.24.194.86 1 445/tcp-s
2 95.26.39.195 2 445/tcp-s
1 95.26.158.183 1 445/tcp-s
1 95.27.219.253 1 445/tcp-s
key: tcp: a ack, c cwr, e ece, f fin, p psh, r rst, s syn
download source
- latest tarball
- see the archive
data source
- ip2country
- http://software77.net/
provide the CIDR block to country database.
- Note that since late 2007 junkshow uses a database derived from
the various registries, see the firewall
page for download links.
notes
- database accuracy
- Database sources may contain errors, the above sites offer
feedback forms for you to report errors you find.
- geolocation
- Some European CIDR blocks may be reported as being in an
neighbouring country (for example FR reported as DE), due to
registry data differing from whois data in the EU.
- suggestions
- Presentation errors, bugs, feature requests to the address
below.
related projects
- sf4sf log firewall log pretty printer
- tail -f /var/log/messages | sf4sf -f /etc/sf4sf.conf
- Displays firewall activity and also optionally reports country
code and name for connections, see it on the firewall tools page.
more information
- about
- information about the junkview project, author
- download
- download the GPLv2 source tarball, view history
- junkview
- junkview project source files, GPLv2