SnortSnarf alert page

Source: 216.39.48.13

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:46:04.041551 on 04/18/2003
Latest: 11:12:43.759570 on 04/24/2003

1 different signatures are present for 216.39.48.13 as a source

10 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.13 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-12:46:04.041551 216.39.48.13:49879 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20627 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x43B09D09  Ack: 0x76AC18F2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 335400361 469096587 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/19-02:49:15.804594 216.39.48.13:38209 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:36287 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB26F7612  Ack: 0xE83B3D49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 340458426 495008215 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:33:55.360222 216.39.48.13:38182 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34315 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9BA683B7  Ack: 0xD6829168  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371328462 653150181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:02:47.562175 216.39.48.13:45402 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44603 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEBBC860A  Ack: 0x27DC7936  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371861565 655881186 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:55:54.151086 216.39.48.13:36737 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16117 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF9E85B39  Ack: 0x36F6ED55  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377578970 685170465 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-10:20:16.491394 216.39.48.13:34353 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62644 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x54E45456  Ack: 0x934283CE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377725172 685919444 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-12:11:50.665635 216.39.48.13:38073 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:41404 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFBAA7688  Ack: 0x38E0EFF6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378394442 689348003 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-03:14:28.098531 216.39.48.13:60847 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16665 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4C1034D0  Ack: 0x8A8D847C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383809000 717085839 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:38:39.379503 216.39.48.13:32990 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10947 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x311C8EA3  Ack: 0x716AEE06  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385393779 725204399 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:12:43.759570 216.39.48.13:41447 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18000 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x597C7AED  Ack: 0x99665628  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386677935 731782933 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

216.39.48.13	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade