SnortSnarf alert page

Source: 216.39.48.64

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

18 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:31:22.679982 on 04/18/2003
Latest: 14:07:02.543059 on 04/24/2003

1 different signatures are present for 216.39.48.64 as a source

18 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.64 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:31:22.679982 216.39.48.64:56727 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45758 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB38E6E76  Ack: 0xE7BB5447  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 336387295 474176592 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-15:54:56.420065 216.39.48.64:39025 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8485 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC4229C  Ack: 0x3FDAC7A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 336528636 474900661 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:23:06.000420 216.39.48.64:58186 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58226 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x738A10BF  Ack: 0xAE5DEDC5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371258331 652817606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:26:46.793703 216.39.48.64:44398 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43420 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x80A5E3A0  Ack: 0xBBDC1339  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371280405 652930674 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-22:57:28.990021 216.39.48.64:38133 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20426 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x439A4337  Ack: 0x8005D322  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373624077 664937081 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:34:47.272729 216.39.48.64:40289 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19488 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x94A23EEA  Ack: 0xD2D19B48  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374567684 669771101 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-03:43:11.043525 216.39.48.64:52894 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37491 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7A38A1FE  Ack: 0xB82EE37C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375337882 673716744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-06:47:22.120329 216.39.48.64:36328 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40828 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x31749025  Ack: 0x704BADD3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376442731 679376784 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-08:07:09.357568 216.39.48.64:50796 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16829 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5EE81D4B  Ack: 0x9C175EE1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376921342 681828665 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-10:54:51.918936 216.39.48.64:51706 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:840 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD8B1B5F1  Ack: 0x160E11CB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377927363 686982417 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:53:32.620210 216.39.48.64:56667 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34493 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7C3897C5  Ack: 0xB8605ACF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378999182 692473235 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-14:57:48.532687 216.39.48.64:33854 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:27960 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6EBA9E69  Ack: 0xAB429CAB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379384683 694448130 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:44:13.729679 216.39.48.64:57761 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5103 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6D0F3572  Ack: 0xAB7DAA88  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381822634 706937503 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-22:56:28.691664 216.39.48.64:38051 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10542 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7D30EABD  Ack: 0xBBB6BDFB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382256029 709157747 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:00:45.307601 216.39.48.64:55433 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51605 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFACA54F1  Ack: 0x39652D87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384081264 718508257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-06:31:06.488215 216.39.48.64:40123 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29101 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x323811DE  Ack: 0x71142B41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384983171 723128645 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:39:59.766304 216.39.48.64:44534 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:48040 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDE2E93CF  Ack: 0x1D898D1D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386476149 730777035 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-14:07:02.543059 216.39.48.64:34116 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19279 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEBE750A5  Ack: 0x2B569C31  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387718136 737139609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003

216.39.48.64	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade