Community discussions

 
drpc
just joined
Topic Author
Posts: 1
Joined: Mon Aug 26, 2019 11:09 am

How to fetch ip address from log file to address list?

Mon Aug 26, 2019 11:16 am

Hi, guys

Recently, my server is attacked by remote crack then give me a surprise, Nemesis (Cry9) Encrypt all files...

Then i checked the log by router, fond this:

aug/16 22:53:36 pptp,info TCP connection established from 92.63.194.27
aug/16 22:53:40 pptp,ppp,error <1332>: user 1 authentication failed
aug/16 22:53:41 pptp,info TCP connection established from 92.63.194.27
aug/16 22:53:42 pptp,ppp,error <1333>: user 111 authentication failed
aug/16 22:53:43 pptp,info TCP connection established from 92.63.194.27
aug/16 22:53:46 pptp,ppp,error <1334>: user 1111 authentication failed
aug/16 23:46:08 pptp,info TCP connection established from 185.232.67.13
aug/16 23:46:11 pptp,ppp,error <1335>: user 1 authentication failed
aug/16 23:46:11 pptp,info TCP connection established from 185.232.67.13
aug/16 23:46:18 pptp,ppp,error <1336>: user 111 authentication failed
aug/16 23:46:18 pptp,info TCP connection established from 185.232.67.13
aug/16 23:46:20 pptp,ppp,error <1337>: user 1111 authentication failed
aug/17 01:34:06 pptp,info TCP connection established from 59.111.29.6
aug/17 01:34:06 pptp,info TCP connection established from 59.111.29.6
aug/17 01:34:09 pptp,info TCP connection established from 59.111.29.6
aug/17 02:00:59 l2tp,info first L2TP UDP packet received from 128.199.144.181
aug/17 02:02:32 l2tp,info first L2TP UDP packet received from 117.50.63.227
aug/17 08:32:03 ipsec,info respond new phase 1 (Identity Protection): 61.155.21.3[500]<=>216.218.206.74[47102]
aug/17 08:32:03 ipsec,error 216.218.206.74 failed to get valid proposal.
aug/17 08:32:03 ipsec,error 216.218.206.74 failed to pre-process ph1 packet (side: 1, status 1).
aug/17 08:32:03 ipsec,error 216.218.206.74 phase1 negotiation failed.
aug/17 10:42:31 l2tp,info first L2TP UDP packet received from 146.88.240.4
aug/17 11:11:50 l2tp,info first L2TP UDP packet received from 180.108.192.188

So, i want someone can help me do a script to get this ip address add to /ip firewall address-list , then i can drop them automatic.


Thank you very much.

Who is online

Users browsing this forum: No registered users and 20 guests