Here's my firewall's incoming access log. Notice a pattern?
IP PORT ------------------------- 217.187.133.15: 21 205.181.100.135: 113 205.181.100.135: 113 205.181.100.135: 113 141.149.180.20: 135 151.197.14.116: 135 151.201.112.178: 135 151.201.26.231: 135 151.202.16.79: 135 151.202.215.24: 135 151.202.215.44: 135 151.202.215.59: 135 151.202.215.61: 135 151.202.215.64: 135 151.203.47.97: 135 151.203.52.16: 135 151.203.52.167: 135 151.203.52.171: 135 151.203.52.176: 135 151.203.52.177: 135 151.203.52.94: 135 151.203.53.129: 135 151.203.53.28: 135 151.203.53.3: 135 151.203.54.141: 135 151.203.54.76: 135 151.203.54.80: 135 151.203.55.105: 135 151.203.55.132: 135 210.5.22.19: 135 210.5.22.20: 135 210.5.22.22: 135 69.144.221.229: 135 148.243.148.147: 137 200.158.167.235: 137 62.251.202.37: 137 64.216.69.17: 137 218.15.192.64: 1026 218.15.192.64: 1026 218.15.192.64: 1026 218.15.192.64: 1026 218.15.192.64: 1026 218.15.192.64: 1026 218.15.192.64: 1026 218.15.192.64: 1026 129.6.15.29: 4628 129.6.15.29: 4806 129.6.15.29: 4806 129.6.15.29: 4806 129.6.15.29: 4806 129.6.15.29: 4806 129.6.15.29: 4806 129.6.15.29: 4806 158.121.104.3: 44980 158.121.104.3: 44980 158.121.104.3: 45051 158.121.104.3: 45051 158.121.104.3: 45051 64.239.39.14: 45176 158.121.104.3: 45218 158.121.104.3: 45218 158.121.104.3: 45218 158.121.104.3: 45218 158.121.104.3: 45218 158.121.104.3: 45218
Thank you, MSBlaster. Thank you so f'ing much.
Dink!
Update: sobig -- you're a dink, too!
if you're on linux using ipchains or iptables, you might find my tailfilter script useful.
I'd also be interested (if you are on a BSD-variant) in learning how to make it function for that type of firewall logging.
