[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.48.84

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

17 such alerts found using input module SnortFileInput, with sources:
Earliest: 18:34:05.737194 on 04/18/2003
Latest: 13:32:06.063119 on 04/24/2003

1 different signatures are present for 216.39.48.84 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.84 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/18-18:34:05.737194 216.39.48.84:35930 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21142 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x64D7D854 Ack: 0x9942EA00 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 337480405 479791591
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/19-03:35:50.112135 216.39.48.84:53114 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:26607 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x627A4740 Ack: 0x98996BF5 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 340730081 496439369
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-00:28:01.622430 216.39.48.84:51399 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16940 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9AC8093E Ack: 0xD62F2B3D Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 374164260 667719525
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-02:22:36.256710 216.39.48.84:43025 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57988 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4A932560 Ack: 0x8772C4D9 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 374851562 671240509
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-02:36:51.893661 216.39.48.84:57038 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18030 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8008506A Ack: 0xBDDE939F Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 374937106 671678742
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-04:25:25.190767 216.39.48.84:58768 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49352 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1A15C569 Ack: 0x56CA4437 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 375588283 675014660
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-05:51:39.537905 216.39.48.84:47046 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:14307 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5FEEDD8F Ack: 0x9CD519DB Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 376105597 677664807
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-12:02:15.930542 216.39.48.84:42425 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44880 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD6997933 Ack: 0x14BF605E Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 378328714 689053636
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-13:44:18.707823 216.39.48.84:52207 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21842 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x57AE78F4 Ack: 0x964FDC4B Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 378940848 692189547
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-20:48:50.489938 216.39.48.84:51767 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6991 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9C4A1275 Ack: 0xDAB720E1 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 381487430 705235444
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/23-23:40:56.024526 216.39.48.84:47165 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8575 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2528E8CD Ack: 0x639427D3 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 382519742 710523880
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-03:26:45.280260 216.39.48.84:40062 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:63559 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7A888D5B Ack: 0xB91F3C8C Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 383874350 717463405
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-08:24:54.242467 216.39.48.84:55188 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28685 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDFD9CF56 Ack: 0x1F48CF30 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 385662826 726625623
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-11:21:41.496436 216.39.48.84:48327 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24093 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7B66B3C2 Ack: 0xBBDA1741 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 386723303 732058348
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-12:12:00.609383 216.39.48.84:51386 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60785 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x397A6586 Ack: 0x789E4C1B Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 387025143 733604649
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-13:18:38.165198 216.39.48.84:49075 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52120 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3519698F Ack: 0x7504998C Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 387424805 735652080
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-13:32:06.063119 216.39.48.84:41393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3829 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x67C1D369 Ack: 0xA8C32B3E Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 387505576 736065863
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003