[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.94

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

5 such alerts found using input module SnortFileInput, with sources:
Earliest: 00:48:13.860735 on 04/25/2003
Latest: 04:39:06.313854 on 04/26/2003

1 different signatures are present for 216.39.50.94 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.94 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-00:48:13.860735 216.39.50.94:42632 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59756 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x610D375B Ack: 0xA13BB567 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 391568959 756843495
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-01:06:55.107000 216.39.50.94:42246 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:59862 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA72C7DDC Ack: 0xE7D85954 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 391681058 757417738
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:34:04.844238 216.39.50.94:48763 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9918 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3F97A49D Ack: 0x81F84690 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394363437 771159180
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-21:30:09.755827 216.39.50.94:50144 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49499 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB2B14AD9 Ack: 0xF5BFDF47 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 399018894 795008357
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/26-04:39:06.313854 216.39.50.94:40237 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56124 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x58D15A5 Ack: 0x49AB7C28 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 401591979 808189855
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003