[Silicon Defense logo]

SnortSnarf alert page

Source: 192.168.1.92

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

4 such alerts found using input module SnortFileInput, with sources:
Earliest: 13:11:31.721082 on 04/29/2003
Latest: 21:59:12.798921 on 06/11/2003

1 different signatures are present for 192.168.1.92 as a source

There are 4 distinct destination IPs in the alerts of the type on this page.

192.168.1.92 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade
See also 192.168.1.92 as an alert destination [10 alerts]

[**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**]
04/29-13:11:31.721082 192.168.1.92:49161 -> 64.12.24.58:5190
TCP TTL:64 TOS:0x0 ID:13104 IpLen:20 DgmLen:46 DF
***APR** Seq: 0xD7D6D2B7 Ack: 0xC2BFD5E2 Win: 0x84D0 TcpLen: 20
[**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**]
04/29-13:11:34.222236 192.168.1.92:49163 -> 205.188.10.229:5190
TCP TTL:64 TOS:0x0 ID:13125 IpLen:20 DgmLen:46 DF
***APR** Seq: 0xB5D738E2 Ack: 0x774084A5 Win: 0x84D0 TcpLen: 20
[**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**]
05/05-14:52:12.428860 192.168.1.92:53705 -> 64.12.24.56:5190
TCP TTL:64 TOS:0x0 ID:6713 IpLen:20 DgmLen:52 DF
***APR** Seq: 0xE82520F3 Ack: 0xC01BA090 Win: 0x84D0 TcpLen: 20
[**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**]
06/11-21:59:12.798921 192.168.1.92:50226 -> 205.188.9.9:5190
TCP TTL:64 TOS:0x0 ID:3533 IpLen:20 DgmLen:45 DF
***APR** Seq: 0x823C711E Ack: 0x4421606A Win: 0x84D0 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003