[Tutor] IP numbers and Python

dman dsh8290@rit.edu
Wed, 27 Feb 2002 21:01:29 -0500

On Wed, Feb 27, 2002 at 02:19:38PM -0600, Kojo Idrissa wrote:
| On Wed, 27 Feb 2002 09:54:01 -0800
| >Another alternative is a self-contained router. I've seen a 4-port
| >from LinkSys that has a firewall for a couple-hundred dollars.  Has
| >a nice browser-based interface, etc.
| I saw one of these at my local MicroCenter.  $99 for a four port-er.
| I'm in the process of building a home network and I considered
| getting one to share my DSL with the network.  

At a local shop one can obtain a Pentium-class machine (ie P133, 48MB
RAM, couple hundred MB hard drive, NIC, case, power supply) for $99 or
less (depends on the exact specs).  If you wanted to, you could put a
*nix system on it and have full control over your firewall.  You would
also want to get a hub or switch to connect the rest of the LAN to it.

| Now, (to bring this back on topic) what would be interesting would
| be a Python script that parsed your firewall log files for the IPs
| (and/or any other info you wanted), then used the DNS lookup site
| Llyod (I think) mentioned to get some idea of where the scans are
| coming from.  You could even get fancy and have it create a graph of
| some sort...percentage of scans/attacks from various addresses or
| address block owners or ISPs.  You could even keep track of the
| information over time, to see what trends develop.  I'm pretty sure
| all the functionality for this exists in various Python modules.  
| Hmmm...I just might try that myself once I get my home network up
| and running.  Sounds like a good project for someone wanting to get
| into Networking.  (That would be me...)

Are you going to include a parser for iptables' logs?  :-)



the nice thing about windoze is - it does not just crash,
it displays a dialog box and lets you press 'ok' first.