Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > aabb1c6deea3aa570b1709afcf2ae273 > files > 22

sec-2.4.2-3mdv2010.0.noarch.rpm

#Labrea tarpit events

type=Single
ptype=RegExp
pattern=\S+\s+\d+\s+\S+\s+(\S+)\s+LaBrea: Initial Connect \(tarpitting\): (\d+\.\d+\.\d+\.\d+\s\d+) \-> \d+\.\d+\.\d+\.\d+\s(.*)
desc=$0
action=add TARPIT_REPORT %t: $1 New Tarpitted Connect from $2 on port $3

#type=Single
#ptype=RegExp
#pattern=\S+\s+\d+\s+\S+\s+(\S+)\s+LaBrea: Additional Activity: (\d+\.\d+\.\d+\.\d+) \d+ \-> \d+\.\d+\.\d+\.\d+ (\d+)*
#desc=$0
#action=add TARPIT_REPORT %t: %s;
#

type=Single
ptype=RegExp
pattern=\S+\s+\d+\s+\S+\s+(\S+)\s+LaBrea: Responded to a PING: (d+\.\d+\.\d+\.\d+) \d+ \-> \d+\.\d+\.\d+\.\d+
desc=$0
action=add TARPIT_REPORT %t: PING Sweep from $@ on $3

#Send hourly tarpit report

type=Calendar
time=0 8,12,20 * * *
desc=Sending tarpit report...
action=report TARPIT_REPORT \
       /usr/bin/mail -s 'Tarpits: Tarpit Victim report' alerts@yourdomain.com; \
       delete TARPIT_REPORT

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional