Week 1/Server Hosting, Firewalls

Getting the server up and running was a very smooth process as was equipping the ufw. I would like to sped more time with port settings to fully understand exactly what rules I was setting, but for now I have used the most basic set. This server was only running for 24 hours and because of that I was worried if there would be usable data to play with, but there was plenty.

Screenshot 2025-09-07 at 1.36.42 PM.png

How many different attempts were there to connect to your server?

4,717 attempts

sudo wc -l /var/log/ufw.log

Screenshot 2025-09-08 at 3.52.17 PM.png

How many different IP addresses attempted to connect to your

server?

2,403 different IP’s attempted connection, did this using the following series of commands:

1. sudo grep SRC= /var/log/ufw.log > raw_ips.txt

- pulling out every line that has “src=“, after which the IP comes in the line. Save that into text file “raw_ips.txt

2. head raw_ips.txt

- used to take a smaller look at the larger file of logs to make sure it has sorted ok. “Head” command shows the first 10 entries of a file. Lots of other data still in the log lines.

3. sudo grep -o 'SRC=[0-9.]*' /var/log/ufw.log | cut -d= -f2 > ips.txt

- cuts out info from the log files other than the IP address

- grep -o ‘src=[0-9]* looks for any pattern of text with the SRC= that comes before the IP’s in the logs and then for any string of characters made from numbers 0-9 and periods.

- cut -d=f2>ips.txt removes text before the = that comes after SRC, trimming the logs down further. -d acts as a delimiter. -f2 tells it to keep the second field (after the delimiter, -f1 would be before the =)

4. sort ips.txt | uniq | wc -l

- removes any duplicates and then counts the lines which should represent unique IP’s

- sort will organize the Ip’s in numerical order so that uniq can delete consecutive duplicate ips, wc -l will count the lines after

How many times did each IP address attempt to connect?

Where are they located?

(Use services like ipinfo.io or other GeoIP lookups.)

The two that made the most connection attempts were one in Sofia, Bulgaria with 93 attempts, and the second with 57 in Hangzhou, China with 57 attempts

- sort ips.txt | uniq -c | sort -nr > ip_counts.txt,

Screenshot 2025-09-08 at 4.30.39 PM.png

What organizations are they associated with, if any?

(Tools: whois, nslookup.)