SnortSnarf alert page

Source: 209.237.238.173

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

14 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 17:02:35.688871 on 04/27/2003
Latest: 08:41:45.278192 on 06/08/2003

1 different signatures are present for 209.237.238.173 as a source

14 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

209.237.238.173 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-17:02:35.688871 209.237.238.173:44535 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:46614 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x3B35B8FB  Ack: 0x826A53C5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77729531 875288961 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:05:08.326875 209.237.238.173:49653 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:61780 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9FBB4F0  Ack: 0x50481E34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78464765 879054731 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:17:14.913957 209.237.238.173:47041 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:5864 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x38FC745A  Ack: 0x7ED6D6CF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78537421 879426898 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:12:23.746800 209.237.238.173:36092 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:32436 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xB012977A  Ack: 0xF73A41A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79948246 886653031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-12:16:40.498011 209.237.238.173:41503 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:34114 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x44D806F5  Ack: 0x544CBB33  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 300647360 2017053798 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-13:17:57.475036 209.237.238.173:57103 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:26943 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x2CA776C4  Ack: 0x3BF5BE61  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 301015052 2018937073 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-10:32:33.444375 209.237.238.173:51568 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:63030 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x3824500F  Ack: 0x4A91CEA2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 317302342 2102359120 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:15:14.139121 209.237.238.173:40701 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:48090 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xA85B9D5  Ack: 0x1F73D58C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 320078361 2116577636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-10:49:52.515971 209.237.238.173:58685 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:51285 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xB601D92B  Ack: 0xCBC6E64E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326046086 2147143781 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-12:47:20.213921 209.237.238.173:44233 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:19718 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xAFE2EACE  Ack: 0xC7559188  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335390679 2195005923 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/30-04:40:02.157720 209.237.238.173:42504 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:59012 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x39376C59  Ack: 0x562C5B2A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 358386405 2312787954 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:48:11.163823 209.237.238.173:34756 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:42052 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xCB9184C0  Ack: 0xF1969940  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23994632 2466077929 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:08:44.606233 209.237.238.173:55181 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:45577 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x1A0FB0C3  Ack: 0x3F13F06A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24117971 2466709649 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/08-08:41:45.278192 209.237.238.173:54816 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22747 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF3C64E7F  Ack: 0x2481B638  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73275059 2718487810 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

209.237.238.173	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade