[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.84

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

7 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:43:05.440086 on 04/24/2003
Latest: 19:46:59.133631 on 04/25/2003

1 different signatures are present for 216.39.50.84 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.84 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-21:43:05.440086 216.39.50.84:58178 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50541 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA5C50B14 Ack: 0xE6D8B077 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 390450824 751154077
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/24-23:56:52.639219 216.39.50.84:46150 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:64220 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9F01F785 Ack: 0xDF72E9A3 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 391253355 755265387
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:47:10.701566 216.39.50.84:49942 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4831 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x727885C0 Ack: 0xB39524C5 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394434415 771561672
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-12:11:44.965699 216.39.50.84:44821 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9021 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x75ED73E0 Ack: 0xB85E0E29 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 395661554 777848192
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-18:29:31.119361 216.39.50.84:34611 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49882 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x8862611 Ack: 0x4A84A860 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 397927637 789457125
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-18:37:26.493774 216.39.50.84:38266 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4512 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x25F98FF2 Ack: 0x695A00F0 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 397975164 789700602
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-19:46:59.133631 216.39.50.84:41727 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24877 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2D819AD7 Ack: 0x6EDCFE80 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 398392330 791837704
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003