On Fri, 05 Aug 2011 11:59:51 -0400, shawn wilson wrote: > 1. How are you figuring the source country? If you're looking at the ip > in the handshake and comparing this to a db of ip / country, you're only > looking at half of the story. If you're a bit smarter and have a list of > border routers that country owns and are looking at that for the source > country, this is probably better.
My router emails me with its log when it fills, with entries like these: Aug 4 07:52:42 | Drop TCP packet from WAN (src:58.218.199.250:12200, dst:nnn.nnn.nnn.nnn:nn) by default rule Aug 4 06:25:53 | Drop PING request from WAN (ip:200.164.216.90). I just have a small shell script which reads the emails, extracts the IP addresses and does a lookup on my Geo IP database. Nothing elaborate. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
