[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.48.4

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

6 such alerts found using input module SnortFileInput, with sources:
Earliest: 22:25:41.745488 on 04/17/2003
Latest: 00:51:46.900510 on 04/23/2003

1 different signatures are present for 216.39.48.4 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.4 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/17-22:25:41.745488 216.39.48.4:51786 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16499 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x935108D2 Ack: 0xC3F94092 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 29575344 442657167
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/17-23:03:53.479929 216.39.48.4:57184 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3408 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2372CAED Ack: 0x5528ABCD Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 29804464 443830940
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/18-13:34:29.822269 216.39.48.4:39990 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6393 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFB396F6C Ack: 0x2D6053F5 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 35026858 470584857
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/22-16:13:30.330130 216.39.48.4:39601 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:36524 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4D70EEA4 Ack: 0x899A6DA0 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 70541334 652522764
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/22-19:56:43.591871 216.39.48.4:37296 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44248 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x992E6252 Ack: 0xD522FE56 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 71880342 659382385
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-00:51:46.900510 216.39.48.4:56965 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39065 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF39048A9 Ack: 0x2FD100A1 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 73650252 668449510
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003