[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.24

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

11 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:52:02.556109 on 04/24/2003
Latest: 11:30:26.591966 on 04/26/2003

1 different signatures are present for 216.39.50.24 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.24 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-21:52:02.556109 216.39.50.24:35027 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57510 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC7EF06B0 Ack: 0x8839FF8 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 372499992 751429187
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-01:50:41.276632 216.39.50.24:34812 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31467 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4CB1C701 Ack: 0x8E490374 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 373931512 758762809
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-03:06:01.127041 216.39.50.24:33799 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33791 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x699F20F7 Ack: 0xAA13364B Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 374383386 761077744
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-06:26:45.643847 216.39.50.24:48854 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15960 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5F133C9F Ack: 0xA1807D8C Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 375587541 767246603
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-09:21:10.802172 216.39.50.24:56389 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53284 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF18F2999 Ack: 0x336E99AB Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 376633799 772606553
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-16:13:32.698904 216.39.50.24:43619 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49053 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x82A07BE Ack: 0x4939BA87 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 379107379 785278629
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-22:51:46.860984 216.39.50.24:32774 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:484 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE6852A61 Ack: 0x2A90A4E4 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 381496207 797516508
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-01:02:17.095121 216.39.50.24:51657 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60983 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD3FBF35C Ack: 0x17670354 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 382279038 801526905
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-03:29:11.145666 216.39.50.24:36309 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18314 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFD69C81E Ack: 0x41E331CC Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 383160226 806041213
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-08:40:49.078262 216.39.50.24:44851 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42017 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x96C5B1B6 Ack: 0xDA074959 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 385029559 815617741
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-11:30:26.591966 216.39.50.24:45976 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21444 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x17D7CF85 Ack: 0x5C1B9957 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 386047059 820830360
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003