SnortSnarf alert page

Source: 216.39.48.94

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

16 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:28:16.317715 on 04/17/2003
Latest: 18:51:37.860752 on 04/24/2003

1 different signatures are present for 216.39.48.94 as a source

16 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.48.94 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/17-18:28:16.317715 216.39.48.94:41113 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x11CC87FD  Ack: 0x443DE468  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 328814257 435361094 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/18-20:04:08.805929 216.39.48.94:44876 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12704 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB969D227  Ack: 0xECDFF130  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 338027461 482558888 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-15:44:29.953731 216.39.48.94:60578 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3789 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE147728C  Ack: 0x1D5D5E01  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371031118 651631392 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:31:06.048236 216.39.48.94:43514 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5934 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x73D52907  Ack: 0xAF6904BF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371670585 654907277 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:43:34.442336 216.39.48.94:38137 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49900 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x67339CBF  Ack: 0xA498558B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372465249 658978218 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-22:02:38.828190 216.39.48.94:56587 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25797 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x745C7DE2  Ack: 0xB1618445  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373299503 663251967 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-05:06:54.112806 216.39.48.94:44332 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6534 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6D7F7E4  Ack: 0xF31189D1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375844469 676289413 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-08:10:25.353723 216.39.48.94:60914 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23463 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6C3CE11E  Ack: 0xA938EB62  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376945349 681929052 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-09:05:20.156347 216.39.48.94:42915 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33822 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3B34456C  Ack: 0x781A24C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377274756 683616553 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-11:44:09.768601 216.39.48.94:40949 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12799 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x93337AD9  Ack: 0xD1076B29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 378227506 688497341 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-15:39:30.117129 216.39.48.94:39912 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8554 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC0DF4C4  Ack: 0x49D190F4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 379639228 695729351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-20:34:05.202867 216.39.48.94:41577 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34055 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x63D9497A  Ack: 0xA2410C2B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381406346 704782021 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:34:47.514744 216.39.48.94:37933 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:27546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x486E316B  Ack: 0x8752B135  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381770496 706647501 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:51:14.634276 216.39.48.94:35170 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34382 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF380D46C  Ack: 0x32C7E994  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383668789 716372155 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-05:42:31.397345 216.39.48.94:55974 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3986 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7BBCF00E  Ack: 0xBA0F8DBF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384696237 721635609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-18:51:37.860752 216.39.48.94:54116 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64825 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1E72C70F  Ack: 0x5EA03F57  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 389429833 745885080 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003

216.39.48.94	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade