[Silicon Defense logo]

SnortSnarf alert page

Source: 192.168.1.102

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

21 such alerts found using input module SnortFileInput, with sources:
Earliest: 18:29:16.138669 on 04/26/2003
Latest: 08:34:23.250913 on 05/12/2003

2 different signatures are present for 192.168.1.102 as a source

There are 3 distinct destination IPs in the alerts of the type on this page.

192.168.1.102 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade
See also 192.168.1.102 as an alert destination [58 alerts]

[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/26-18:29:16.138669 192.168.1.102:65090 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:3926 IpLen:20 DgmLen:161
Len: 133
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/26-18:29:41.143859 192.168.1.102:65090 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:3957 IpLen:20 DgmLen:160
Len: 132
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/26-18:29:41.143958 192.168.1.102:65090 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:3958 IpLen:20 DgmLen:161
Len: 133
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/27-18:16:10.219655 192.168.1.102:22141 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:598 IpLen:20 DgmLen:161
Len: 133
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/27-18:22:19.520143 192.168.1.102:57905 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:675 IpLen:20 DgmLen:160
Len: 132
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/27-18:22:19.520200 192.168.1.102:57905 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:676 IpLen:20 DgmLen:161
Len: 133
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/27-18:22:44.520101 192.168.1.102:57905 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:698 IpLen:20 DgmLen:160
Len: 132
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/27-18:22:44.520169 192.168.1.102:57905 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:699 IpLen:20 DgmLen:161
Len: 133
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/29-21:07:13.742154 192.168.1.102:37668 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:27646 IpLen:20 DgmLen:160
Len: 132
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/29-21:07:13.742211 192.168.1.102:37668 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:27647 IpLen:20 DgmLen:161
Len: 133
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/29-21:07:38.734686 192.168.1.102:37668 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:27681 IpLen:20 DgmLen:160
Len: 132
[**] [1:1917:3] SCAN UPNP service discover attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3]
04/29-21:07:38.734810 192.168.1.102:37668 -> 192.168.1.1:1900
UDP TTL:1 TOS:0x0 ID:27682 IpLen:20 DgmLen:161
Len: 133
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/09-16:17:46.670233 192.168.1.102 -> 192.168.1.3
ICMP TTL:32 TOS:0x0 ID:35739 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:45824 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/11-21:21:20.813011 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13604 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:27650 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/11-21:21:23.209566 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13605 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:27906 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/11-21:21:25.710512 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13607 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:28162 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/11-21:21:28.209827 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13608 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:28418 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/12-08:34:16.174734 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18808 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:39682 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/12-08:34:18.250660 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18809 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:39938 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/12-08:34:20.751399 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18811 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:40194 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/12-08:34:23.250913 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18812 IpLen:20 DgmLen:60
Type:8 Code:0 ID:512 Seq:40450 ECHO
[Xref => http://www.whitehats.com/info/IDS311]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003