[Silicon Defense logo]

SnortSnarf start page

All Snort signatures

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

91123 alerts found using input module SnortFileInput, with sources: Earliest alert at 14:12:43.300986 on 04/17/2003
Latest alert at 08:59:41.672112 on 06/17/2003

PrioritySignature (click for sig info)# Alerts# Sources# DestsDetail link
N/A(spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection111Summary
N/A(spp_stream4) STEALTH ACTIVITY (unknown) detection727Summary
N/A(snort_decoder): Short UDP packet, length field > payload length811Summary
N/A(snort_decoder): T/TCP Detected3811Summary
3FTP LIST directory traversal attempt [sid] [BUGTRAQ]111Summary
3Virus - Possible pif Worm [sid]211Summary
3SCAN SolarWinds IP scan attempt [sid]313Summary
3Virus - Possible MyRomeo Worm [sid]411Summary
3Virus - Possible scr Worm [sid]811Summary
3SCAN UPNP service discover attempt [sid]8021Summary
3ICMP Destination Unreachable (Communication Administratively Prohibited) [sid]117134Summary
2WEB-IIS ISAPI .printer access [sid] [arachNIDS]111Summary
2DDOS shaft synflood [sid] [arachNIDS]111Summary
2SNMP trap tcp [sid] [CVE]111Summary
2SCAN Proxy (8080) attempt [sid]111Summary
2WEB-CGI formmail access [sid] [arachNIDS]211Summary
2ICMP PING NMAP [sid] [arachNIDS]311Summary
2WEB-MISC bad HTTP/1.1 request, Potentially worm attack [securityresponse.symantec.com] [sid]331Summary
2WEB-CGI newdesk access [sid]331Summary
2SNMP private access udp [sid] [CVE]311Summary
2SHELLCODE x86 setgid 0 [sid] [arachNIDS]867Summary
2SNMP Broadcast request [sid] [CVE]811Summary
2SHELLCODE x86 setuid 0 [sid] [arachNIDS]976Summary
2ATTACK RESPONSES 403 Forbidden [sid]29118Summary
2WEB-IIS view source via translate header [sid] [arachNIDS]58161Summary
2ICMP Large ICMP Packet [sid] [arachNIDS]6253Summary
2BAD TRAFFIC same SRC/DST [sid] [CVE]8011Summary
2ICMP L3retriever Ping [sid] [arachNIDS]16852Summary
2WEB-IIS _mem_bin access [sid]3081841Summary
2WEB-FRONTPAGE /_vti_bin/ access [sid]3161901Summary
2WEB-MISC robots.txt access [cgi.nessus.org] [sid]786691Summary
2SNMP public access udp [sid] [CVE]2256831Summary
2SNMP request udp [sid] [CVE]5865731Summary
1SHELLCODE x86 EB OC NOOP [sid]111Summary
1SMTP HELO overflow attempt [sid] [CVE]221Summary
1SHELLCODE x86 unicode NOOP [sid]333Summary
1SHELLCODE x86 stealth NOOP [sid] [arachNIDS]411Summary
1WEB-IIS WEBDAV nessus safe scan attempt [sid] [BUGTRAQ]441Summary
1WEB-CLIENT javascript URL host spoofing attempt [sid] [BUGTRAQ]1155Summary
1SHELLCODE x86 inc ebx NOOP [sid]1903711Summary
1WEB-IIS CodeRed v2 root.exe access [www.cert.org] [sid]6802041Summary
1WEB-IIS ISAPI .ida attempt [sid] [arachNIDS]9303041Summary
1WEB-IIS multiple decode attempt [sid] [CVE]9521761Summary
1SHELLCODE x86 NOOP [sid]13334014Summary
1WEB-IIS unicode directory traversal attempt [sid] [CVE]15001911Summary
1WEB-IIS cmd.exe access [sid]21694981Summary

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:46 2003