SnortSnarf alert page

Source: 209.237.238.174

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:51:08.814456 on 04/27/2003
Latest: 16:23:57.766931 on 06/02/2003

1 different signatures are present for 209.237.238.174 as a source

16 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

209.237.238.174 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-16:51:08.814456 209.237.238.174:54358 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:6655 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF5318C3  Ack: 0x56E14A03  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 77660490 874937173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-18:56:54.675090 209.237.238.174:59325 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:54378 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xEAF050DB  Ack: 0x32552542  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78415039 878801930 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-19:16:11.308261 209.237.238.174:59635 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:49093 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x3412F7BF  Ack: 0x7AE8E287  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78530696 879394330 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:07:56.251188 209.237.238.174:53270 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:9100 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x9FAD5C5D  Ack: 0xE5E943E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 79921122 886516025 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/27-23:33:02.939420 209.237.238.174:42313 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:31199 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xFE70B588  Ack: 0x44C93567  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 80071783 887287698 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-06:54:14.780156 209.237.238.174:34653 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:65188 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x76287E04  Ack: 0xC6B5605C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 117277146 1077851796 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-10:30:39.751010 209.237.238.174:53407 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:161
***AP*** Seq: 0x8414FACF  Ack: 0x76C88077  Win: 0x16A0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-16:37:53.921821 209.237.238.174:42892 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58107 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE19372A5  Ack: 0xEE4F5616  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 293572716 1980829057 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:38:09.842817 209.237.238.174:48619 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:10922 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD3EF6D7E  Ack: 0xE52BC8E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 309413862 2061966615 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-19:29:34.297021 209.237.238.174:52119 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:40422 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE64D6C18  Ack: 0xF7A285D9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 311882240 2074609549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-10:51:28.447834 209.237.238.174:34004 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:25187 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x7E123A1B  Ack: 0x929AC343  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 317413511 2102940449 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/27-08:48:10.667700 209.237.238.174:36095 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:8266 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x28CD98B8  Ack: 0x3F340098  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 333953293 2187656376 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-14:49:18.874180 209.237.238.174:42617 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:8771 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xF74C50C0  Ack: 0x12A47F80  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 353399565 2287259197 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-15:45:42.146321 209.237.238.174:44776 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:4738 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC2AAF421  Ack: 0xE7EB45E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 23979692 2466001597 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:09:51.496572 209.237.238.174:37526 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:763 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x1E7C1E3C  Ack: 0x426B5218  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24124620 2466743920 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/02-16:23:57.766931 209.237.238.174:55432 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:55299 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x543BBF54  Ack: 0x77FC8CFB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 24209246 2467177364 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

209.237.238.174	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade