SnortSnarf alert page

Source: 192.168.1.3

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

49 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 14:58:29.801086 on 04/26/2003
Latest: 16:30:49.102336 on 05/21/2003

1 different signatures are present for 192.168.1.3 as a source

49 instances of ICMP L3retriever Ping

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.1.3 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.3 as an alert destination [57 alerts]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:29.801086 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:660 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10241  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:31.956642 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:666 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10497  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:40.052268 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:675 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10753  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:42.457816 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:679 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11009  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:08.664690 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:700 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11265  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:10.960617 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:701 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11521  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:20.212588 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:709 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11777  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:22.461197 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:710 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:12033  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:00:57.008507 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41392 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:13824  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:00:59.131495 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41393 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14080  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:35.808841 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41414 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14336  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:38.135372 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41415 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14592  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:47.388022 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41423 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14848  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:49.636784 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41424 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15104  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:40.612369 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41431 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15360  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:42.641391 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41432 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15616  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:45.142998 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41434 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15872  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:47.642027 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41436 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:16128  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:09.095389 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43219 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24064  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:11.451469 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43220 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24320  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:48.207137 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43236 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24576  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:50.455564 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43237 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24832  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:59.707959 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43244 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:25088  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:24:01.956630 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43245 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:25344  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:07.602395 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53779 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:4866  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:10.021708 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53781 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5122  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:18.852075 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53791 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5378  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:21.022960 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53794 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5634  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:46.745745 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53812 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5890  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:49.025811 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53813 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:6146  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:58.278259 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53821 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:6402  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:52:00.526818 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53822 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:6658  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:32:53.497866 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62469 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32514  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:32:55.540980 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62491 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32770  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:32:58.042706 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62516 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33026  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:33:00.541490 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62540 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33282  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:40.289947 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46698 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23554  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:42.490176 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46699 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23810  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:44.991735 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46701 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24066  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:47.490694 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46702 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24322  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:32:53.205026 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:7912 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:30210  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:12.654407 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2421 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:60160  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:15.068041 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2423 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:60416  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:29:56.114954 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2649 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20231  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:29:58.597631 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2650 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20487  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:35.337054 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2677 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20743  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:37.601239 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2678 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20999  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:46.853592 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2685 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:21255  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:49.102336 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2686 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:21511  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

192.168.1.3	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.3 as an alert destination [57 alerts]