X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/d6dd88f5fe5213e6d5bdf944791e331edf283426..83610d8aa07970a77bcb27f0cffe9db38b09cc1d:/logtrawl

diff --git a/logtrawl b/logtrawl
new file mode 100755
index 0000000..8153acc
--- /dev/null
+++ b/logtrawl
@@ -0,0 +1,27 @@
+#! /bin/bash
+
+set -e
+
+## DNS DDOS victims.
+dns_victims=$(
+  sed -n '
+    /^.*named.*client \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)#.*:.*view inet.*NS\/IN.*denied.*$/ s//\1/p
+  ' /var/log/daemon.log |
+  sort -u |
+  while read addr; do
+    if ! ipset -qT ddos-evil-dns "$addr"; then
+      echo "$addr"
+    fi
+  done
+)
+case "$dns_victims" in
+  "") ;;
+  *)
+    echo 'DNS DDOS victim addresses:'
+    ipset -N ddos-evil-dns iphash >/dev/null 2>&1 || :
+    for addr in $dns_victims; do
+      echo "  $addr"
+      ipset -A ddos-evil-dns "$addr" || :
+    done
+    ;;
+esac