[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.64

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

7 such alerts found using input module SnortFileInput, with sources:
Earliest: 03:55:19.766597 on 04/25/2003
Latest: 18:22:58.340870 on 04/25/2003

1 different signatures are present for 216.39.50.64 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.64 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-03:55:19.766597 216.39.50.64:38922 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61918 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x23071D88 Ack: 0x6504DC44 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 392686697 762593077
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-07:32:56.417654 216.39.50.64:58723 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16448 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x58D99756 Ack: 0x9B3ADFDC Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 393992056 769280317
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-10:03:39.573664 216.39.50.64:52566 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42381 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x91BA0699 Ack: 0xD3EC6F66 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394896160 773911959
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-12:17:17.919299 216.39.50.64:51189 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:57216 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8B7701FD Ack: 0xCD092ECE Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 395697807 778018723
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-14:41:51.027713 216.39.50.64:51905 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64173 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xACBAE30F Ack: 0xEEF1AAB6 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 396564914 782460831
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-16:13:13.138921 216.39.50.64:40522 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19943 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7143B7E Ack: 0x4877326B Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 397112997 785268611
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-18:22:58.340870 216.39.50.64:52484 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:54671 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEF378378 Ack: 0x327B2B0E Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 397891335 789255959
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003