Under Linux, we can use the following command to find the IP address connected to port 80 of our server, in descending order:
We can see the connection of all IPs and find out the malicious IP, that is, the attacker, but how to achieve it under Windows?
Knowing that there is PowerShell under Windows, I think it should be similar to the shell under Linux...
Before, I had never learned Powershell or Linux, I was learning and using it now.
The code may not be written well, please don't be surprised。。。。。 Please be considerate.
We can use PowerShell to find the IP connected to our port 80 and arrange it in descending order to find out the attacker...
The code is as follows:
$_. Count -ge 2 is to find the number of connections greater than or equal to 2, it is recommended that you set it to 50, according to your actual situation.
Alibaba Cloud's WINDOWS2008 log events are all 8 hours late
Attached is a script from the god, which is to read the IIS log and then seal the IP, which is much better than what I wrote.
Script download:
Tourists, if you want to see the hidden content of this post, please Reply
| 
Posted on 12/22/2016 4:04:10 PM
|
|
|
|
Landlord|
Posted on 12/22/2016 4:30:29 PM
|
Posted on 3/20/2020 3:47:56 PM
|
It's fun, it's very interesting