[nflug] need idea
Roelant Ossewaarde
rao3 at buffalo.edu
Mon Feb 20 11:33:09 EST 2006
I had the same problem. I now have one machine that has scp enabled. I
have my client scp to that machine, but with a wrong username/password
(in my case: hifrombuffalo). Since the username doesn't exist, the IP
shows up in my ftp and auth-log, together with the username that tried
to log on.
I do that every two hours (which is my rotation time for auth/ftp-logs),
so if I ever need to check the IP-number, I just grep hifrombuffalo in
auth.log. Voila!
Nate Byrnes wrote:
> How about matching the message id in your mail logs to see what the
> hostname or IP of the sender was. If using sendmail grep
> /var/log/maillog (or your configured location) for the message id from
> the email header. The last entry in the brackets should be the system
> which passed the email to your mailserver. Hope this helps.
>
> Cyber Source wrote:
>
>> Darin Perusich wrote:
>>
>>> why not just have the cron job that runs email you the info from
>>> ifconfig? assuming that your clients are using unix routes then
>>> "ifconfig -a |mail peter at thecybersource.com" should send you that
>>> info your looking for.
>>>
>>> Cyber Source wrote:
>>>
>>>> Hello All,
>>>> I need an idea where I can find the originating IP of an email. I
>>>> monitor alot of my clients servers, etc. and I have the cron jobs
>>>> and such email me, which I have filters for and then sort them by
>>>> who they are so things are organized. I also like to be able to help
>>>> my clients out from time to time and ssh in to do things and I would
>>>> like to not have to tell them to do a /sbin/ifconfig or if they are
>>>> behind a router, to go to my web site and then I have a look at
>>>> /var/log/httpd/access.
>>>> For most of my clients, if I look at the message headers of the cron
>>>> emails, I can see the IP and then use that to log in, mostly cable
>>>> dhcp clients. However, I am finding more and more dsl dhcp clients
>>>> to be a problem because not only do they change alot (and normally
>>>> not a problem because each day has a new email) but when I look at
>>>> the dsl clients message headers I see something like this
>>>>
>>>> Return-Path: <root at thecybersource.com>
>>>> Received: from localhost.localdomain
>>>> (pool-71-251-164-250.bflony.east.verizon.net [71.251.164.250])
>>>> by thecybersource.com (8.13.1/8.13.1) with ESMTP id k1K9AHeL024738
>>>>
>>>> If this were cable, the ip would be 71.251.164.250 but this does not
>>>> seem to work with dsl, it is not reporting the actual ip that the
>>>> client used when the box sent the email.
>>>>
>>>> So, I am looking for a way to have a cron run or something on the
>>>> box that can send me a daily email showing the public ip they are
>>>> using. I initially thought of doing a cron that could do a
>>>> traceroute but I that doesnt work either. I don't know if something
>>>> has changed on routers today to block such a process but when I use
>>>> traceroute today, alot of it just times out with multiple ***.
>>>> Anyway, ideas anyone?
>>>> _______________________________________________
>>>> nflug mailing list
>>>> nflug at nflug.org
>>>> http://www.nflug.org/mailman/listinfo/nflug
>>>
>>>
>> That doesnt help when they are behind routers, it only shows the
>> internal stuff, I need to know the public IP.
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>> !DSPAM:43f9d66b47272099511928!
>>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list