[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.33

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

5 such alerts found using input module SnortFileInput, with sources:
Earliest: 23:18:53.565776 on 04/24/2003
Latest: 17:47:11.216933 on 04/25/2003

1 different signatures are present for 216.39.50.33 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.33 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-23:18:53.565776 216.39.50.33:50720 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17352 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x10161611 Ack: 0x504E296F Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 381769187 754098112
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-05:14:11.470101 216.39.50.33:54760 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28230 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4CE9B498 Ack: 0x8ED865DB Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 383900384 765016522
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:36:44.679454 216.39.50.33:56932 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21648 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4A693055 Ack: 0x8B8454FC Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 385115367 771241043
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-15:11:24.613908 216.39.50.33:46578 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:33623 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1CD5076B Ack: 0x5DF9E4CC Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 387482700 783369213
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-17:47:11.216933 216.39.50.33:45880 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:2286 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6887CED8 Ack: 0xAB5939C0 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 388417101 788156246
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003