SnortSnarf alert page

Source: 66.196.65.35: #101-121

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 02:08:58.728188 on 06/12/2003
Latest: 22:14:20.372164 on 06/14/2003

1 different signatures are present for 66.196.65.35 as a source

121 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

66.196.65.35 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-02:08:58.728188 66.196.65.35:35953 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:37812 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA45BC3D5  Ack: 0x5800E09A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71334007 2883427064 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-03:50:43.961152 66.196.65.35:37646 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:17063 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3438AB8  Ack: 0xD817CAD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71944474 2886554001 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-07:27:39.900309 66.196.65.35:49435 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22579 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2424029  Ack: 0xBC3048F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73245972 2893220525 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-09:07:20.021995 66.196.65.35:36903 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:7149 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEC4EFFEF  Ack: 0x849222A1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73843938 2896283424 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:42:11.826981 66.196.65.35:49249 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:56674 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD5F420F  Ack: 0xB02B9ED5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75133016 2902886344 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-14:42:08.367771 66.196.65.35:51721 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:30466 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5AC48D43  Ack: 0x74D43FA6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75852615 2906572273 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-17:43:20.625181 66.196.65.35:43123 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:29689 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3CA50498  Ack: 0x221DF024  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76939830 2912141204 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-21:05:20.629869 66.196.65.35:37941 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:62566 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x87072C71  Ack: 0x1C055CD0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78151739 2918348837 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-22:43:07.117736 66.196.65.35:60479 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:20437 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA4274694  Ack: 0x8E9F3BD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78738339 2921353514 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-03:07:21.087374 66.196.65.35:36260 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:114 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8CC9576F  Ack: 0x7442FFA3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 80323608 2929473587 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-06:01:02.120096 66.196.65.35:47309 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:15291 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x355B39DD  Ack: 0x3E31CBE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 81365631 2934811040 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-07:56:59.052852 66.196.65.35:45126 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:5525 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD7029ABE  Ack: 0xB98B0A04  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 82061272 2938374250 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:08:41.396058 66.196.65.35:37310 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:12177 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6DA0D531  Ack: 0xC0FF083F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 85731226 2957172474 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-21:50:44.869594 66.196.65.35:54857 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:34935 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x26AC6270  Ack: 0x746A64F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 87063475 2963996520 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-23:05:44.180062 66.196.65.35:41833 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:27485 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x796AD4BD  Ack: 0x23758C50  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 87513371 2966300985 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:51:24.334913 66.196.65.35:47339 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18969 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDA399309  Ack: 0x95A174ED  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 88507313 2971392144 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-03:26:37.214897 66.196.65.35:40966 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:56583 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3D1C6F8C  Ack: 0xFCE51A51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 89078556 2974318173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-08:41:33.681100 66.196.65.35:53033 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38185 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6831146F  Ack: 0xA31A69B9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 90968052 2983996540 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-10:34:18.850065 66.196.65.35:48907 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:57287 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x538072C9  Ack: 0x4CA5C07B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 91644517 2987461530 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:29:37.439983 66.196.65.35:44266 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9991 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEDC5B848  Ack: 0x332B13  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 92336322 2991005093 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-22:14:20.372164 66.196.65.35:46968 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:12128 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x443D6CFD  Ack: 0xA1FE2E82  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 95844349 3008973903 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

66.196.65.35	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade