Custom firmware build for R7800 v. 1.0.2.74.2SF & v. 1.0.2.74.3SF

[frisky]

How did you get the DDOS summary report you posted?

I have my Voxel firmware based 7800 auto email me its logs everyday. I noticed I was getting numerous DOS attacks in succession recently. However, the DOS attacks are listed separately as opposed to the summary you posted.

I've written a shell script that parses the /var/log/messages, greps the ddos attack lines , groups and counts the individual ip's involved into file /opt/var/log/totalled

it goes something like this

get-logs.sh
<<
#!/bin/sh
LOGFILE="/var/log/messages"
COMBINED="/opt/var/log/combined"
TOTALLED="/opt/var/log/totalled"

get_logs()
{
grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -o $LOGFILE >> $COMBINED
cat $COMBINED | sort | uniq -c > $TOTALLED
echo "individual ddos attacks"
wc -l $COMBINED
echo "individual ddos drones"
wc -l $TOTALLED
}
get_logs
>>

I've also written a shell script to gather information about the ip's involved, like server name,
and written a script that invokes webservices of ripe, arin etc to get the abuse email address of all servers involved.
I'm pondering if it would be a good idea to send a mail to the abuse mail adresses.