SnortSnarf alert page

Source: 216.39.48.74

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

9 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:24:36.212313 on 04/18/2003
Latest: 16:25:55.157190 on 04/24/2003

1 different signatures are present for 216.39.48.74 as a source

9 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.74 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-21:24:36.212313 216.39.48.74:46870 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64913 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE90FD7AE  Ack: 0x1DC3FB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338504241 485031334 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-01:45:34.371342 216.39.48.74:34299 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24673 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBE4D07C1  Ack: 0xFB562587  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374630316 670102526 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-13:03:45.620231 216.39.48.74:39137 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:22392 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBEBE2DB0  Ack: 0xFD0CC1A5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378698471 690943385 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-18:16:06.466732 216.39.48.74:52817 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62922 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5AF1E478  Ack: 0x986AC8F1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 380572110 700541887 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:16:56.350033 216.39.48.74:45459 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53766 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2324F315  Ack: 0x61D99128  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381296926 704255068 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:41:10.690929 216.39.48.74:54397 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52463 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE27DF73B  Ack: 0x2210AB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386481126 730813355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:41:11.110485 216.39.48.74:54397 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52464 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE27DF73B  Ack: 0x2210AB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386481168 730813355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:54:29.268173 216.39.48.74:38288 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53153 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC2022EB  Ack: 0xFCD12124  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387640707 736753812 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-16:25:55.157190 216.39.48.74:48215 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39298 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF88A50E9  Ack: 0x38A15965  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388549079 741407079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

216.39.48.74	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade