{"id":1147,"date":"2006-07-05T23:53:33","date_gmt":"2006-07-06T02:53:33","guid":{"rendered":"http:\/\/www.hoogervorst.ca\/arthur\/?p=1147"},"modified":"2006-07-05T23:53:33","modified_gmt":"2006-07-06T02:53:33","slug":"more-stuff","status":"publish","type":"post","link":"http:\/\/www.hoogervorst.ca\/arthur\/?p=1147","title":{"rendered":"More stuff"},"content":{"rendered":"<p><span class=\"dropcap\">Y<\/span>esterday, I mentioned the logs that I imported into a Postgres database: today some minor cleanup and indexing\/reindexing. The full monty:\n<\/p>\n<p>The hardest hit day was on September 7th of 2004: 86803 hits in 2 hours only. I&#8217;m still collecting data about ports, but here some quick data: You need to read beyond the fold for this one.\n<\/p>\n<p><!--more--><\/p>\n<table border=\"1\">\n<caption>Top 10 incoming hits from single IP addresses<\/caption>\n<thead>\n<tr>\n<th>source_ip<\/th>\n<th>min<\/th>\n<th>max<\/th>\n<th>count<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>68.186.67.114<\/td>\n<td>9\/7\/2004 7:12:30 PM<\/td>\n<td>9\/7\/2004 8:58:56 PM<\/td>\n<td>12770<\/td>\n<\/tr>\n<tr>\n<td>66.171.67.43<\/td>\n<td>12\/8\/2004 8:34:46 PM<\/td>\n<td>12\/8\/2004 10:39:34 PM<\/td>\n<td>7431<\/td>\n<\/tr>\n<tr>\n<td>64.113.126.64<\/td>\n<td>9\/7\/2004 7:12:30 PM<\/td>\n<td>9\/7\/2004 8:58:54 PM<\/td>\n<td>6385<\/td>\n<\/tr>\n<tr>\n<td>65.102.84.220<\/td>\n<td>9\/7\/2004 7:12:32 PM<\/td>\n<td>9\/7\/2004 8:58:56 PM<\/td>\n<td>6385<\/td>\n<\/tr>\n<tr>\n<td>192.189.102.2<\/td>\n<td>9\/7\/2004 7:12:30 PM<\/td>\n<td>9\/7\/2004 8:58:54 PM<\/td>\n<td>6379<\/td>\n<\/tr>\n<tr>\n<td>68.12.116.252<\/td>\n<td>9\/7\/2004 7:12:32 PM<\/td>\n<td>9\/7\/2004 8:58:56 PM<\/td>\n<td>6344<\/td>\n<\/tr>\n<tr>\n<td>24.60.108.255<\/td>\n<td>9\/7\/2004 7:12:32 PM<\/td>\n<td>9\/7\/2004 8:58:56 PM<\/td>\n<td>6322<\/td>\n<\/tr>\n<tr>\n<td>64.252.39.109<\/td>\n<td>9\/7\/2004 7:12:30 PM<\/td>\n<td>9\/7\/2004 8:58:54 PM<\/td>\n<td>6300<\/td>\n<\/tr>\n<tr>\n<td>68.12.37.97<\/td>\n<td>9\/7\/2004 7:12:32 PM<\/td>\n<td>9\/7\/2004 8:58:54 PM<\/td>\n<td>6293<\/td>\n<\/tr>\n<tr>\n<td>69.132.232.23<\/td>\n<td>9\/7\/2004 7:12:30 PM<\/td>\n<td>9\/7\/2004 8:58:54 PM<\/td>\n<td>6248<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;\n<\/p>\n<table border=\"1\">\n<caption>Top 10 of <em>source<\/em> ports\/protocols<\/caption>\n<thead>\n<tr>\n<th>source_port<\/th>\n<th>protocol<\/th>\n<th>count<\/th>\n<th>min<\/th>\n<th>max<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>6346<\/td>\n<td>UDP<\/td>\n<td>2361<\/td>\n<td>3\/14\/2004 12:44:46 PM<\/td>\n<td>4\/9\/2005 6:01:58 PM<\/td>\n<\/tr>\n<tr>\n<td>1025<\/td>\n<td>UDP<\/td>\n<td>1510<\/td>\n<td>2\/23\/2004 11:08:34 PM<\/td>\n<td>4\/9\/2005 8:23:42 PM<\/td>\n<\/tr>\n<tr>\n<td>6348<\/td>\n<td>UDP<\/td>\n<td>1412<\/td>\n<td>4\/3\/2004 9:27:10 AM<\/td>\n<td>4\/9\/2005 2:27:16 PM<\/td>\n<\/tr>\n<tr>\n<td>1026<\/td>\n<td>UDP<\/td>\n<td>1378<\/td>\n<td>2\/23\/2004 11:01:14 PM<\/td>\n<td>4\/9\/2005 6:52:34 PM<\/td>\n<\/tr>\n<tr>\n<td>0<\/td>\n<td>ICMP (type:8\/subtype:0)<\/td>\n<td>1330<\/td>\n<td>2\/24\/2004 7:45:34 PM<\/td>\n<td>4\/13\/2005 2:25:26 PM<\/td>\n<\/tr>\n<tr>\n<td>1027<\/td>\n<td>UDP<\/td>\n<td>1261<\/td>\n<td>2\/23\/2004 11:01:42 PM<\/td>\n<td>4\/8\/2005 8:16:46 PM<\/td>\n<\/tr>\n<tr>\n<td>1028<\/td>\n<td>UDP<\/td>\n<td>985<\/td>\n<td>2\/23\/2004 10:58:52 PM<\/td>\n<td>4\/9\/2005 8:49:54 AM<\/td>\n<\/tr>\n<tr>\n<td>1029<\/td>\n<td>UDP<\/td>\n<td>956<\/td>\n<td>2\/23\/2004 11:10:40 PM<\/td>\n<td>4\/9\/2005 8:10:46 PM<\/td>\n<\/tr>\n<tr>\n<td>137<\/td>\n<td>UDP<\/td>\n<td>683<\/td>\n<td>3\/5\/2004 10:07:16 AM<\/td>\n<td>4\/9\/2005 10:10:22 AM<\/td>\n<\/tr>\n<tr>\n<td>1030<\/td>\n<td>UDP<\/td>\n<td>628<\/td>\n<td>2\/23\/2004 11:11:44 PM<\/td>\n<td>4\/8\/2005 8:30:44 PM<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;\n<\/p>\n<table border=\"1\">\n<caption>Top 10 of <em>destination<\/em> ports\/protocols<\/caption>\n<thead>\n<tr>\n<th>destination_port<\/th>\n<th>protocol<\/th>\n<th>count<\/th>\n<th>min<\/th>\n<th>max<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>20301<\/td>\n<td>TCP (flags:S)<\/td>\n<td>86465<\/td>\n<td>9\/7\/2004 7:12:30 PM<\/td>\n<td>9\/7\/2004 8:58:56 PM<\/td>\n<\/tr>\n<tr>\n<td>1264<\/td>\n<td>TCP (flags:S)<\/td>\n<td>78855<\/td>\n<td>6\/12\/2004 2:33:14 PM<\/td>\n<td>12\/31\/2004 4:39:04 PM<\/td>\n<\/tr>\n<tr>\n<td>6346<\/td>\n<td>TCP (flags:S)<\/td>\n<td>33912<\/td>\n<td>2\/23\/2004 10:32:14 PM<\/td>\n<td>4\/9\/2005 9:08:06 PM<\/td>\n<\/tr>\n<tr>\n<td>1214<\/td>\n<td>TCP (flags:S)<\/td>\n<td>14260<\/td>\n<td>2\/25\/2004 7:43:00 PM<\/td>\n<td>4\/8\/2005 5:57:36 PM<\/td>\n<\/tr>\n<tr>\n<td>137<\/td>\n<td>UDP<\/td>\n<td>12571<\/td>\n<td>2\/23\/2004 10:28:04 PM<\/td>\n<td>4\/9\/2005 10:44:06 PM<\/td>\n<\/tr>\n<tr>\n<td>4242<\/td>\n<td>TCP (flags:S)<\/td>\n<td>8216<\/td>\n<td>12\/8\/2004 8:34:46 PM<\/td>\n<td>12\/8\/2004 10:39:34 PM<\/td>\n<\/tr>\n<tr>\n<td>3955<\/td>\n<td>TCP (flags:S)<\/td>\n<td>6490<\/td>\n<td>6\/4\/2004 6:20:32 PM<\/td>\n<td>12\/19\/2004 12:47:28 AM<\/td>\n<\/tr>\n<tr>\n<td>6881<\/td>\n<td>TCP (flags:S)<\/td>\n<td>5707<\/td>\n<td>2\/25\/2004 7:41:06 AM<\/td>\n<td>4\/5\/2005 8:21:02 PM<\/td>\n<\/tr>\n<tr>\n<td>41170<\/td>\n<td>UDP<\/td>\n<td>5351<\/td>\n<td>2\/28\/2004 3:00:22 PM<\/td>\n<td>3\/15\/2005 7:27:48 AM<\/td>\n<\/tr>\n<tr>\n<td>22408<\/td>\n<td>TCP (flags:S)<\/td>\n<td>5181<\/td>\n<td>1\/21\/2005 7:23:10 AM<\/td>\n<td>1\/22\/2005 4:09:10 AM<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Yesterday, I mentioned the logs that I imported into a Postgres database: today some minor cleanup and indexing\/reindexing. The full monty: The hardest hit day was on September 7th of 2004: 86803 hits in 2 hours only. I&#8217;m still collecting &hellip; <a href=\"http:\/\/www.hoogervorst.ca\/arthur\/?p=1147\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=\/wp\/v2\/posts\/1147"}],"collection":[{"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1147"}],"version-history":[{"count":0,"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=\/wp\/v2\/posts\/1147\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1147"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1147"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.hoogervorst.ca\/arthur\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1147"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}