[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.54

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

7 such alerts found using input module SnortFileInput, with sources:
Earliest: 22:18:52.190648 on 04/24/2003
Latest: 02:56:29.958304 on 05/09/2003

1 different signatures are present for 216.39.50.54 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.54 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-22:18:52.190648 216.39.50.54:39943 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8483 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2CFA3EE4 Ack: 0x6DA2FA2C Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 390668239 752253594
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-03:34:09.328354 216.39.50.54:58163 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:12806 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD2E1C98D Ack: 0x151A7D7E Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 392559509 761942400
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:16:42.906576 216.39.50.54:52614 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:38439 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFECC4E54 Ack: 0x40EAA31F Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394254468 770625528
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:33:36.794624 216.39.50.54:57213 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18187 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3E072361 Ack: 0x80282B01 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394355833 771144800
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-10:32:41.423658 216.39.50.54:51812 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44599 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x75E496 Ack: 0x41412489 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 395070127 774804074
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-18:16:15.756487 216.39.50.54:47605 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18691 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD70CF010 Ack: 0x1894CED6 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 397850907 789049768
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/09-02:56:29.958304 216.39.50.54:54678 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:3055 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA220C5B0 Ack: 0x1072451 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 513265232 1380306377
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003