[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.114

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

7 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:02:27.929562 on 04/24/2003
Latest: 14:37:35.682224 on 04/26/2003

1 different signatures are present for 216.39.50.114 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.114 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-21:02:27.929562 216.39.50.114:54998 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53467 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC66F7A8 Ack: 0x4D1AD866 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 390211469 749905657
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-22:40:29.549164 216.39.50.114:55603 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20976 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7ED47196 Ack: 0xBF1F139C Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 390799496 752918063
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-01:19:07.568707 216.39.50.114:55304 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5406 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD503B087 Ack: 0x16936B24 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 391751079 757792915
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:05:44.908207 216.39.50.114:55929 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8102 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD3FFC23A Ack: 0x168D0C09 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394190252 770288514
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-14:34:55.392436 216.39.50.114:45741 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39320 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x937BE559 Ack: 0xD480A1CE Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 396524763 782247957
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-08:37:08.944010 216.39.50.114:43965 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43814 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x88C92088 Ack: 0xCCE03CE5 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 403016624 815504994
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-14:37:35.682224 216.39.50.114:32878 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:35166 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDBA60100 Ack: 0x1F116294 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 405178800 826581568
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003