SnortSnarf alert page

Source: 216.39.48.54

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

9 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 19:39:03.510258 on 04/17/2003
Latest: 07:08:53.010421 on 04/24/2003

1 different signatures are present for 216.39.48.54 as a source

9 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.54 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-19:39:03.510258 216.39.48.54:43697 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:2840 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1E1FB2FC  Ack: 0x4F582C24  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 329234939 437536378 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-19:50:28.623158 216.39.48.54:37118 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10228 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x85BAB47E  Ack: 0xB977EC1E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 337941406 482138803 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:46:15.665598 216.39.48.54:51393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53134 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xACF64056  Ack: 0xE821DE59  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371757031 655373163 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:04:01.366505 216.39.48.54:48623 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21143 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD1C7FF63  Ack: 0xD609DDE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372223492 657762800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:04:01.753496 216.39.48.54:48623 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21144 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD1C7FF63  Ack: 0xD609DDE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372223531 657762800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:28:27.188541 216.39.48.54:42185 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12589 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x870E4B7  Ack: 0x4476B120  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375969194 676951690 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:23:28.640398 216.39.48.54:36458 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39393 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA995AEB7  Ack: 0xE76A0CE2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383137655 713675069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:43:30.154015 216.39.48.54:32878 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15544 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9C4FBAD4  Ack: 0xDB533000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384337524 719821889 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:08:53.010421 216.39.48.54:45691 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3631 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC1D0DADC  Ack: 0x23282E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385209604 724289485 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

216.39.48.54	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade