SnortSnarf alert page

Source: 209.237.238.161

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:50:26.626821 on 04/27/2003
Latest: 15:55:12.658947 on 06/02/2003

1 different signatures are present for 209.237.238.161 as a source

10 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

209.237.238.161 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 209.237.238.161 as an alert destination [3 alerts]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:50:26.626821 209.237.238.161:2711 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:23878 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE8445187  Ack: 0x5442C991  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 124930466 874915549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:19:59.301973 209.237.238.161:2644 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:27647 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x855E8A27  Ack: 0x881EE7DE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 125827598 879511069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:06:00.219555 209.237.238.161:2858 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:61877 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x5B3F5C7C  Ack: 0xDF6AC9E4  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 127183485 886456577 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-11:07:19.464416 209.237.238.161:1345 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:57721 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x38471FA3  Ack: 0xD688FBD  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373397257 2147680009 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-14:59:36.411010 209.237.238.161:4539 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:59696 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC72FE5E4  Ack: 0x7B301535  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374790776 2154818257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:16:36.258024 209.237.238.161:1822 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:17902 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x9AE0D8A9  Ack: 0xDA3E4EFB  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431045420 2442981173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-03:55:07.264701 209.237.238.161:1355 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:21893 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x7EC722D7  Ack: 0x6B488FC2  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431276492 2444164834 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-05:00:07.990461 209.237.238.161:2553 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34987 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x71C72BBA  Ack: 0x610DAFFE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 431666512 2446162702 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-13:31:18.019660 209.237.238.161:3748 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:41304 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x138538AA  Ack: 0xEBC28038  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 434733118 2461871316 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:55:12.658947 209.237.238.161:3563 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:1570 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x352B7E97  Ack: 0xB31BA10  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 435596468 2466293798 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

209.237.238.161	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 209.237.238.161 as an alert destination [3 alerts]