[Silicon Defense logo]

SnortSnarf alert page

Source: 209.237.238.172

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

12 such alerts found using input module SnortFileInput, with sources:
Earliest: 11:00:28.602058 on 04/27/2003
Latest: 16:15:17.618007 on 06/02/2003

1 different signatures are present for 209.237.238.172 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

209.237.238.172 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade
See also 209.237.238.172 as an alert destination [1 alerts]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/27-11:00:28.602058 209.237.238.172:40145 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:54185 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE361D886 Ack: 0x2A416BFE Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 75565870 864161000
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/27-16:59:17.809422 209.237.238.172:54196 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:165
***AP*** Seq: 0x76640286 Ack: 0x2FDDD8E7 Win: 0x16A0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/27-18:58:42.779878 209.237.238.172:49107 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:57709 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF22032CB Ack: 0x38CFFD09 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 78435245 878857301
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/27-19:08:51.418253 209.237.238.172:50122 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:23181 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x19119BEC Ack: 0x5E5C8837 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 78496108 879169027
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/27-23:17:04.989257 209.237.238.172:43405 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:32544 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC1E5040B Ack: 0x9110D90 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 79985443 886797055
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/23-19:19:12.693029 209.237.238.172:56658 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:20872 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x80B23D80 Ack: 0x90C9EFEC Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 303197445 2030038725
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/24-19:24:52.205396 209.237.238.172:44494 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:41315 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xD4B466B6 Ack: 0xE5C2ACE5 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 311871455 2074465069
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/25-18:22:09.983517 209.237.238.172:57215 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:54769 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x2532359A Ack: 0x38A19332 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 320135299 2116790616
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-12:46:20.162563 209.237.238.172:35131 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:49341 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAB870D66 Ack: 0xC3CDC2AA Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 335400428 2194975171
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-10:08:30.282478 209.237.238.172:52644 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:23631 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD3D85B5F Ack: 0xEFBA81BA Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 351733536 2278629671
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/30-07:31:10.138814 209.237.238.172:39532 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:44907 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xBE61DADD Ack: 0xDBD730C1 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 359429569 2318047021
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/02-16:15:17.618007 209.237.238.172:49790 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:62683 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x32DE4CF1 Ack: 0x576A81B4 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 24164403 2466910957
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003