Statement: There are two files. One file, "badIP_list.txt" has a listing of known bad IP addresses. These addresses were extract

Question

4 years ago

8

Statement: There are two files. One file, "badIP_list.txt" has a listing of known bad IP addresses. These addresses were extract

ed from Talos Threat Hunting listings for 26 Jul 2018. The second file, "server_logs.txt", is a listing of IP addresses pulled off of your firewall logs, representing computers which have attempted entry into your network through network services, such as http, ssh and ftp. You will find which bad actors have attempted to enter your network for the purpose of tuning your firewalls and IDS's. Challenge: Write a program which reads in both files and checks the IP addresses from your server logs against the know bad IP's. If there is a match, write the bad IP address to a file titled "filter_list.txt". List unique IP's, do not list duplicates. Also, at the end of the "filter_list.txt" there should be a total of "Known bad IP's detected", and the percentage of IP addresses from your logs which are bad. (Divide the number of bad IP's by the number of total IP's)

Computers and Technology

1 answer:

lapo4ka [179] · Answer 1 · 2021-12-11T16:03:17+03:00

Answer:

See explaination

Explanation:

SOURCE CODE IN PYTHON:

inp=open('badIP_list.txt', 'r') #opening file for input

badIPs=[i.rstrip('\n') for i in inp.readlines()] #reading bad IPs

inp.close() #closing file

inp=open('server_logs.txt', 'r') #opening file for input

IPs=[i.rstrip('\n') for i in inp.readlines()] #reading all IPs from log

inp.close() #closing file

uniqueBadIPs=[] #to store unique bad IPs

countBadIPs=0 #to store count of bad IPs

countIPs=0 #to store count of all IPs

for IP in IPs: #iterating through the log of IPs

if IP in badIPs: #checking if IP is bad

countBadIPs+=1

if IP not in uniqueBadIPs: #checking if bad IP is unique

uniqueBadIPs.append(IP)

countIPs+=1

out=open('filter_list.txt', 'w') #opening file for output

out.write('_________________________________________________________\n')

out.write('Date : 26/07/2018\nName : Last, First\nMajor: CS\n\n')

out.write('Server logs contained these known bad IP addresses:\n')

for IP in uniqueBadIPs: #output the unique bad IPs

out.write(IP+'\n')

out.write('\n')

out.write('Total unique known bad IP\'s detected:\n'+str(len(uniqueBadIPs))+'\n\n')

out.write('Percentage of bad IP addresses in server logs:\n{:.2f}%\n'.format(countBadIPs*100/countIPs))

out.write('_________________________________________________________')

out.close() #closing file