View Single Post
Old 12-13-2017, 05:17 PM  
porn-update
Confirmed User
 
porn-update's Avatar
 
Industry Role:
Join Date: Apr 2014
Posts: 380
I turned on the iptables logs (I didn't even know existed)

But how do I read them?

Code:
Dec 14 00:00:45 ubuntu-1gb-nyc3-01 kernel: [519730.097997] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=163.172.12.194 DST=104.236.230.48 LEN=437 TOS=0x00 PREC=0x00 TTL=56 ID=37739 DF PROTO=UDP SPT=5084 DPT=5060 LEN=417 
Dec 14 00:00:56 ubuntu-1gb-nyc3-01 kernel: [519741.342892] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=40.117.185.56 DST=104.236.230.48 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=19982 DF PROTO=TCP SPT=39018 DPT=8118 WINDOW=29200 RES=0x00 SYN URGP=0 
Dec 14 00:01:34 ubuntu-1gb-nyc3-01 kernel: [519779.127039] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=119.57.159.10 DST=104.236.230.48 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=24611 DF PROTO=TCP SPT=2725 DPT=8118 WINDOW=14600 RES=0x00 SYN URGP=0 
Dec 14 00:02:13 ubuntu-1gb-nyc3-01 kernel: [519818.274003] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=62.210.140.28 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=5586 DF PROTO=TCP SPT=59827 DPT=8118 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:02:14 ubuntu-1gb-nyc3-01 kernel: [519818.881408] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=62.210.140.28 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=5627 DF PROTO=TCP SPT=59827 DPT=8118 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:02:14 ubuntu-1gb-nyc3-01 kernel: [519819.489873] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=62.210.140.28 DST=104.236.230.48 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=5682 DF PROTO=TCP SPT=59827 DPT=8118 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:02:31 ubuntu-1gb-nyc3-01 kernel: [519836.242574] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=201.243.135.218 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=27360 DF PROTO=TCP SPT=56286 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:02:32 ubuntu-1gb-nyc3-01 kernel: [519837.072353] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=201.243.135.218 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=27373 DF PROTO=TCP SPT=56286 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:02:36 ubuntu-1gb-nyc3-01 kernel: [519841.555419] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=123.151.148.53 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=42706 DF PROTO=TCP SPT=59911 DPT=8118 WINDOW=13600 RES=0x00 SYN URGP=0 
Dec 14 00:03:00 ubuntu-1gb-nyc3-01 kernel: [519865.240407] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=185.53.154.126 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=18507 DF PROTO=TCP SPT=63111 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:03:01 ubuntu-1gb-nyc3-01 kernel: [519865.861936] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=185.53.154.126 DST=104.236.230.48 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=18527 DF PROTO=TCP SPT=63111 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
Dec 14 00:03:10 ubuntu-1gb-nyc3-01 kernel: [519875.416271] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=77.72.82.158 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=28755 PROTO=TCP SPT=55887 DPT=5411 WINDOW=1024 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389328] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=89 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389491] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=1081 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389515] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8282 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389747] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=1082 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389766] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=1818 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389784] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=1801 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389817] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=7978 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389935] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8082 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.389955] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8189 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.390300] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=91 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.390321] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8181 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.393088] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8081 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.393916] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8080 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.394452] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=88 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.394740] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=8090 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.395412] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=104 ID=256 PROTO=TCP SPT=6000 DPT=9098 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.398840] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8008 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.399290] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=9191 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.399640] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:08:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=9898 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:17 ubuntu-1gb-nyc3-01 kernel: [519882.402208] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=219.133.31.126 DST=104.236.230.48 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8989 WINDOW=16384 RES=0x00 SYN URGP=0 
Dec 14 00:03:43 ubuntu-1gb-nyc3-01 kernel: [519908.182049] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=114.239.184.31 DST=104.236.230.48 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=13078 DF PROTO=TCP SPT=2324 DPT=8118 WINDOW=64240 RES=0x00 SYN URGP=0
In the logs I see the requests that are blocked?

According to "my theory" I should only block the IP of Baidu and the bastard who clones me sites, but I did the whois of some IP in the logs and they seem to arrive from England, Australia, Ireland, Japan etc.

I did not understand how to read the logs or my iptables is blocking half the world?


Something else, Ipset.
Trying to figure out how the iptables logs work I saw ipset that is often used along with iptables, but almost all the tutorials I find are for Ubuntu 10.04 or 12.04, is it old and outdated or still works the same way?
porn-update is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote