[Silicon Defense logo]

SnortSnarf alert page

Source: 209.208.134.37

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

6 such alerts found using input module SnortFileInput, with sources:
Earliest: 20:23:41.715313 on 05/31/2003
Latest: 17:06:43.871724 on 06/05/2003

1 different signatures are present for 209.208.134.37 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

209.208.134.37 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/31-20:23:41.715313 209.208.134.37:80 -> 192.168.1.100:3076
TCP TTL:112 TOS:0x0 ID:31177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2265357F Ack: 0x5C5CB084 Win: 0x2091 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/31-20:23:42.324180 209.208.134.37:80 -> 192.168.1.100:3076
TCP TTL:112 TOS:0x0 ID:48585 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2265B2F7 Ack: 0x5C5CB084 Win: 0x2091 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/31-20:23:42.764732 209.208.134.37:80 -> 192.168.1.100:3076
TCP TTL:112 TOS:0x0 ID:458 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x22660883 Ack: 0x5C5CB084 Win: 0x2091 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/31-20:23:43.259226 209.208.134.37:80 -> 192.168.1.100:3076
TCP TTL:112 TOS:0x0 ID:16842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x226674DF Ack: 0x5C5CB084 Win: 0x2091 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/31-20:23:43.871064 209.208.134.37:80 -> 192.168.1.100:3076
TCP TTL:112 TOS:0x0 ID:36810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2266F80B Ack: 0x5C5CB084 Win: 0x2091 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/05-17:06:43.871724 209.208.134.37:80 -> 192.168.1.100:4602
TCP TTL:112 TOS:0x0 ID:26754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3A3DE8A4 Ack: 0xC1417013 Win: 0x20A5 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003