[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.48.44

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

12 such alerts found using input module SnortFileInput, with sources:
Earliest: 01:09:24.038811 on 04/18/2003
Latest: 18:11:43.953116 on 04/24/2003

1 different signatures are present for 216.39.48.44 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.44 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/18-01:09:24.038811 216.39.48.44:38253 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56074 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFC49E996 Ack: 0x2E6BEFB0 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 321860266 447687873
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/18-21:03:59.948809 216.39.48.44:51873 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42050 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9B262E75 Ack: 0xCF7BB42F Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 329026116 484398152
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/22-18:40:21.981384 216.39.48.44:55376 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18039 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x787BF802 Ack: 0xB49B7247 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 362724994 657035828
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/22-20:02:32.445463 216.39.48.44:44359 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4044 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xAF614C3F Ack: 0xEAB2EE34 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 363217921 659561070
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-09:29:56.192520 216.39.48.44:58728 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53006 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9882E5C0 Ack: 0xD5094EB9 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 368061120 684372535
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-13:18:32.173713 216.39.48.44:50668 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18293 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF7465042 Ack: 0x35AB6BEC Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 369432384 691397450
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-16:17:21.169961 216.39.48.44:59982 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9350 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x99E15085 Ack: 0xD7FC27D6 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 370505024 696892533
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-17:24:51.807399 216.39.48.44:60187 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:11850 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x98388D60 Ack: 0xD7875D66 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 370909989 698967146
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-17:37:41.766058 216.39.48.44:46649 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56606 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC98512DB Ack: 0x8EB7363 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 370986967 699361491
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-07:26:17.838365 216.39.48.44:38680 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9987 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2FE8064 Ack: 0x4226711D Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 375957367 724824582
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-10:40:23.038539 216.39.48.44:51387 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19227 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDF82202F Ack: 0x1EF92435 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 377121604 730788953
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-18:11:43.953116 216.39.48.44:56944 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61709 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x87BA4A17 Ack: 0xC7A25C15 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 379829037 744658990
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003