Options

Need Some Help

the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
I'm hoping you guys can help me out with a research project I am working on. I need firewall logs (home computers) of inbound connection attempts. Basically, I am researching where majority of the attempts are coming from and will be mapping/graphing the data. I'm not getting a ton of hits on my computers due to Verizon FiOS modem/router. If you can e-mail the logs to me (feel free to scrub your IP's as I just need the ip's of the computers trying to scan your systems). I am giving my Drexel e-mail so you know it is legit! Thanks in advance!

jrl452@drexel.edu
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
· Share on FacebookShare on Twitter

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,031 Admin
    Can you turn off the firewall on your router and use a second router to set up a DMZ for a honeypot machine? I've wanted to set up a virtual honeypot system on my own ISP's link for some time, but I've never gotten around to getting the necessary hardware together.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I have the Verizon provided router firewall set to the lowest setting, but I know that not everything is getting through. The kicker is all my stb's get IP addresses so I can't not use it. I've always hated not having just a modem, but nothing I can do about it. I really need some logs, as the research has to be in by Tuesday. At this point I have maybe 5 to 10 IP addresses, not nearly enough to do anything with.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Thanks for mentioning the DMZ! I can add one host as the DMZ so I will give that a try, though if anyone can send me some logs I would still like them!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
  • Options
    wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    install a torrent client, and start downloading stuff, I'm sure your firewall will get some events.

    here is what I have, I hope it helps.

    http://www.titansea.com/tmp/bitlord.htm
    · Share on FacebookShare on Twitter
  • Options
    L0gicB0mb508L0gicB0mb508 Member Posts: 538
    the_Grinch wrote: »
    I'm hoping you guys can help me out with a research project I am working on. I need firewall logs (home computers) of inbound connection attempts. Basically, I am researching where majority of the attempts are coming from and will be mapping/graphing the data. I'm not getting a ton of hits on my computers due to Verizon FiOS modem/router. If you can e-mail the logs to me (feel free to scrub your IP's as I just need the ip's of the computers trying to scan your systems). I am giving my Drexel e-mail so you know it is legit! Thanks in advance!

    jrl452@drexel.edu

    If you have an extra computer with two NICS you can always do an inline snort box. That will definitely grab a lot of malicious stuff. Install guides can be found online, and you can set it up in a couple hours. Best of all, its free if you have the hardware laying around. Good luck to you.
    I bring nothing useful to the table...
    · Share on FacebookShare on Twitter
  • Options
    the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Thanks for the log wd40! Also, as always, thanks for all the help guys!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
    · Share on FacebookShare on Twitter
Sign In or Register to comment.