SnortSnarf alert page

Source: 216.39.48.114

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

14 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 11:23:15.591410 on 04/18/2003
Latest: 17:16:22.295578 on 04/24/2003

1 different signatures are present for 216.39.48.114 as a source

14 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.114 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-11:23:15.591410 216.39.48.114:49695 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61309 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA2EC417  Ack: 0x3DC4EDDB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 334900090 466551912 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:41:32.388653 216.39.48.114:40093 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20992 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x28569027  Ack: 0x5D673887  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338608916 485551795 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:09:40.918331 216.39.48.114:57124 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25787 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x51FDEEE  Ack: 0x41C40E8E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371898978 656092892 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:50:15.570389 216.39.48.114:39086 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28521 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x80998077  Ack: 0xBCEBBB1F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372502304 659183654 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:51:46.035538 216.39.48.114:47088 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23178 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6047A726  Ack: 0x9CCE6F91  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376110522 677668139 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-07:44:31.910218 216.39.48.114:52972 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52980 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x95B810F  Ack: 0x4738A9A6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376786953 681133422 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:08:54.147105 216.39.48.114:41672 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43384 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x98E255F6  Ack: 0xD606ABAA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379452564 694789021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:25:32.394177 216.39.48.114:37649 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62708 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x26928104  Ack: 0x644CE6A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381711870 706363192 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:11:28.357060 216.39.48.114:39504 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17170 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6906B3D  Ack: 0xF41943E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382347321 709618531 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:25:12.325691 216.39.48.114:59691 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37039 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE9EBF95C  Ack: 0x28F86164  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382429699 710040544 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:59:00.424097 216.39.48.114:51498 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34865 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD66C7F8D  Ack: 0x16046B88  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384432048 720298355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:05:22.647669 216.39.48.114:52936 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4693 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x95DF14FD  Ack: 0xD5940BA9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385550013 726025557 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:16:49.680024 216.39.48.114:58749 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4197 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x69879CA7  Ack: 0xA95CDE98  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386698452 731908879 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:16:22.295578 216.39.48.114:39269 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25024 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6FC141D  Ack: 0xF7501AF8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388855217 742957737 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

216.39.48.114	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade