Verified Commit a1ecc31b authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Mirai ports into the amihacked export

parent eb6e9c3c
......@@ -11,5 +11,5 @@ q() {
q "COPY (select remote, date(start_time), count(1) as attempt_count, 'ssh' from ssh_sessions where remote is not null group by date(start_time), remote) to STDOUT with CSV;" "ssh" &
q "COPY (select remote, date, attempt_count, server from fake_attackers where attempt_count > 0) to STDOUT with CSV;" "telnet" &
q "COPY (select addr_rem as remote, date(time) as date, count, 'firewall' from firewall_packets where direction = 'I' and ((protocol = 'TCP' AND tcp_flags & 18 = 2) OR protocol = 'UDP') and port_loc in (22, 2222, 8822, 22222, 23, 445, 1433, 3306, 5432, 161, 1723, 2083, 3389, 3390, 5631, 5900, 5901, 5902, 5903, 5060, 5061, 1080, 3128, 8088, 8118, 9064, 21320, 137, 128, 139, 1900, 53413, 9333, 5000, 5001, 80, 443, 8080, 8081) AND count > 0) to STDOUT with CSV;" "firewall" &
q "COPY (select addr_rem as remote, date(time) as date, count, 'firewall' from firewall_packets where direction = 'I' and ((protocol = 'TCP' AND tcp_flags & 18 = 2) OR protocol = 'UDP') and port_loc in (22, 2222, 8822, 22222, 23, 2323, 445, 1433, 3306, 5432, 7547, 161, 1723, 2083, 3389, 3390, 5631, 5900, 5901, 5902, 5903, 5060, 5061, 1080, 3128, 8088, 8118, 9064, 21320, 137, 128, 139, 1900, 53413, 9333, 5000, 5001, 80, 443, 8080, 8081) AND count > 0) to STDOUT with CSV;" "firewall" &
wait
......@@ -159,7 +159,7 @@ if (fork == 0) {
my $destination = connect_db 'destination';
# The ports that are included in „firewall“ category. If they change, the whole export needs to be redone from archive, if we just update it here, the history won't match correctly.
my %interesting_ports = map { $_ => 1 } (22, 2222, 8822, 22222, 23, 445, 1433, 3306, 5432, 161, 1723, 2083, 3389, 3390, 5631, 5900, 5901, 5902, 5903, 5060, 5061, 1080, 3128, 8088, 8118, 9064, 21320, 137, 128, 139, 1900, 53413, 9333, 5000, 5001, 80, 443, 8080, 8081);
my %interesting_ports = map { $_ => 1 } (22, 2222, 8822, 22222, 23, 2323, 445, 1433, 3306, 5432, 7547, 161, 1723, 2083, 3389, 3390, 5631, 5900, 5901, 5902, 5903, 5060, 5061, 1080, 3128, 8088, 8118, 9064, 21320, 137, 128, 139, 1900, 53413, 9333, 5000, 5001, 80, 443, 8080, 8081);
# We get the maximum time of a packet in the destination and
# read the packets in the source from that time on. But we don't
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment