[Silicon Defense logo]

SnortSnarf alert page

Source: 209.237.238.160

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

4 such alerts found using input module SnortFileInput, with sources:
Earliest: 16:30:12.485916 on 05/30/2003
Latest: 05:23:51.638926 on 06/02/2003

1 different signatures are present for 209.237.238.160 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

209.237.238.160 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/30-16:30:12.485916 209.237.238.160:1768 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:35766 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x61B843DA Ack: 0xD0129D98 Win: 0xFFFF TcpLen: 32
TCP Options (3) => NOP NOP TS: 959467032 2334612148
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/02-03:21:29.598626 209.237.238.160:1043 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:59712 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x71BD771A Ack: 0xEC782E46 Win: 0xFFFF TcpLen: 32
TCP Options (3) => NOP NOP TS: 980651665 2443131415
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/02-04:25:01.171990 209.237.238.160:3981 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:25357 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x92E32513 Ack: 0xDBA6899C Win: 0xFFFF TcpLen: 32
TCP Options (3) => NOP NOP TS: 981032769 2445083642
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/02-05:23:51.638926 209.237.238.160:2921 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:47904 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB113A1A5 Ack: 0xBA493C04 Win: 0xFFFF TcpLen: 32
TCP Options (3) => NOP NOP TS: 981385761 2446891854
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003