Verified Commit 5b5bfeb5 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

amihacked: Omit strange IP addresses

Omit addresses that shouldn't be on the wide internet. This is things
like local-network addresses, multicasts, etc. These just make little
sense as sources of attacks and it usually means something else than
attacks.
parent 9b75ddfc
......@@ -32,10 +32,19 @@ sub flush() {
undef $object;
}
my $ip6_strange = NetAddr::IP->new("f000::/8");
my $ip4_strange = NetAddr::IP->new("224.0.0.0/4");
while (<>) {
chomp;
my ($ip, $date, $cnt, $kind) = split /,/;
$ip = NetAddr::IP->new($ip) or die "Bad IP: $ip\n";
# Skip addresses that are not interesting:
# • Localhost
# • Private IPv4 ranges (RFC 1918)
# • Multicast IPv4 ranges
# • f* IPv6 addresses (there are several kinds of strange addresses, like fe* local ones, ff*multicast ones, etc.
next if $ip->is_local() or $ip->is_rfc1918() or $ip->within($ip4_strange) or $ip->within($ip6_strange);
if ($last_ip ne $ip) {
flush;
$last_ip = $ip;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment