[Intrusions] GIAC GCIA Version 3.5 Practical Detect #1 - Scott Hazel
opiesan
opiesan at opiesan.com
Mon Oct 18 20:45:30 GMT 2004
Hello Dana.
That's an excellent question. I hadn't thought about that. I've reviewed the man page for grep and found options to specify the search pattern starts at the beginning of a word. I'll run this again using the extra parameter. The results should match but that's why we go through the peer review. Thanks for noticing.
Scott H.
---- Dana Webber <dana at dunrobin.dyn.dhs.org> wrote:
>
> On Saturday 16 October 2004 14:41, opiesan wrote:
> > This detect focuses on a destination address of 226.185.106.59. The class B range of 226.185.0.0 appears to be the home network for the sensor that created this dump file. Grep’ing the file mac2ip.txt shows this range exists in every line of the dump file:
> >
> > grep –c 226.185 mac2ip.txt
> > 209187
> >
>
> How do you know it did not incorrectly count an IP like 10.10.226.185 ?
>
> --
> Dana Webber
> dana at dunrobin.dyn.dhs.org
> http://dunrobin.dyn.dhs.org
>
> Getting a computer system to work is like banging your head against a brick wall until the wall falls down.
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
More information about the Intrusions
mailing list