grep DPT=3389 /var/log/firewall.log | awk '{print $9}' | sort | uniq -c
[root@nethsecurity ~]# grep DPT=3389 /var/log/firewall.log | awk '{print $9}' | sort | uniq -c
82 SRC=185.156.74.10
112 SRC=185.156.74.11
100 SRC=185.156.74.12
18 SRC=185.156.74.13
79 SRC=185.156.74.14
100 SRC=185.156.74.15
98 SRC=185.156.74.16
81 SRC=185.156.74.17
24 SRC=185.156.74.18
105 SRC=185.156.74.19
block destinati a portforward
iptables -I FORWARD -s 185.193.88.0/24 -j DROP
block destinati firewall
iptables -I INPUT -s 45.146.0.0/16 -j DROP
Suricata:
[root@cntr ~]# grep Non-standard /var/log/suricata/fast.log |awk '{print $21}' | cut -d ':' -f 1 |sort |uniq -c
20429 103.127.206.228 110 103.159.51.88 23545 103.200.23.65 152 103.42.253.66 25520 103.62.95.9