Sorry had to start a new thread (Thunderbird filters via MS + FreeBSD aren't playing nicely). For those wanting to parse out, this is what I would do if I had to/wanted to capture from the feed: (one liner) wget -qO - http://www.twitter.com/efensive |\ awk '/VoIP/{print $3}'|sed 's:>: :g'|awk '{print $2}' If you wanted to add to say iptables: wget -qO - http://www.twitter.com/efensive |\ awk '/VoIP/{print $3}'|sed 's:>: :g'|sort -u |\ awk '{print "iptables -A INPUT -s "$2" -j DROP"}' Which is a simple iptable rule: iptables -A INPUT -s x.x.x.x -j DROP I run something similar out of my crontabs @ 15 on the hou to parse out unique addresses. I would never bother to use REJECT since it wastes time/resources telling an attacker: "I'm REJECTING this packet" YMMV. The reasoning for grep'ing ('/VoIP/' in awk) is that every once in a while I may babble on, or post say APT (the big bad Chinese/German/Russian boogeyman) threats in my stream as well as malware related hosts/domains as well. This ensures that you only get information pertaining to VoIP based attackers. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF