[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.48.33

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

6 such alerts found using input module SnortFileInput, with sources:
Earliest: 20:01:51.864162 on 04/18/2003
Latest: 07:21:49.795947 on 04/24/2003

1 different signatures are present for 216.39.48.33 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.33 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/18-20:01:51.864162 216.39.48.33:58743 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15116 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB12D6409 Ack: 0xE41ECA26 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 328752910 482488750
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/19-03:01:10.264487 216.39.48.33:39404 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37831 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDFA32D5E Ack: 0x14CC717E Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 331268051 495374136
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-04:30:26.634277 216.39.48.33:52574 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21582 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2D4E14E0 Ack: 0x6A2FA455 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 366362784 675169050
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-14:45:22.114048 216.39.48.33:60955 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40338 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3F45154B Ack: 0x7D3C16A8 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 370051304 694065833
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-23:41:30.558584 216.39.48.33:44362 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18345 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x27B4DC82 Ack: 0x666B6851 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 373267254 710541549
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-07:21:49.795947 216.39.48.33:51817 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19733 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF153F200 Ack: 0x309C1C9A Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 376028409 724687338
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003