SnortSnarf start page

All Snort signatures

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

91123 alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest alert at 14:12:43.300986 on 04/17/2003
Latest alert at 08:59:41.672112 on 06/17/2003

Priority	Signature (click for sig info)	# Alerts	# Sources	# Dests	Detail link
N/A	(spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection	1	1	1	Summary
N/A	(spp_stream4) STEALTH ACTIVITY (unknown) detection	7	2	7	Summary
N/A	(snort_decoder): Short UDP packet, length field > payload length	8	1	1	Summary
N/A	(snort_decoder): T/TCP Detected	38	1	1	Summary
3	FTP LIST directory traversal attempt [sid] [BUGTRAQ]	1	1	1	Summary
3	Virus - Possible pif Worm [sid]	2	1	1	Summary
3	SCAN SolarWinds IP scan attempt [sid]	3	1	3	Summary
3	Virus - Possible MyRomeo Worm [sid]	4	1	1	Summary
3	Virus - Possible scr Worm [sid]	8	1	1	Summary
3	SCAN UPNP service discover attempt [sid]	80	2	1	Summary
3	ICMP Destination Unreachable (Communication Administratively Prohibited) [sid]	117	13	4	Summary
2	WEB-IIS ISAPI .printer access [sid] [arachNIDS]	1	1	1	Summary
2	DDOS shaft synflood [sid] [arachNIDS]	1	1	1	Summary
2	SNMP trap tcp [sid] [CVE]	1	1	1	Summary
2	SCAN Proxy (8080) attempt [sid]	1	1	1	Summary
2	WEB-CGI formmail access [sid] [arachNIDS]	2	1	1	Summary
2	ICMP PING NMAP [sid] [arachNIDS]	3	1	1	Summary
2	WEB-MISC bad HTTP/1.1 request, Potentially worm attack [securityresponse.symantec.com] [sid]	3	3	1	Summary
2	WEB-CGI newdesk access [sid]	3	3	1	Summary
2	SNMP private access udp [sid] [CVE]	3	1	1	Summary
2	SHELLCODE x86 setgid 0 [sid] [arachNIDS]	8	6	7	Summary
2	SNMP Broadcast request [sid] [CVE]	8	1	1	Summary
2	SHELLCODE x86 setuid 0 [sid] [arachNIDS]	9	7	6	Summary
2	ATTACK RESPONSES 403 Forbidden [sid]	29	1	18	Summary
2	WEB-IIS view source via translate header [sid] [arachNIDS]	58	16	1	Summary
2	ICMP Large ICMP Packet [sid] [arachNIDS]	62	5	3	Summary
2	BAD TRAFFIC same SRC/DST [sid] [CVE]	80	1	1	Summary
2	ICMP L3retriever Ping [sid] [arachNIDS]	168	5	2	Summary
2	WEB-IIS _mem_bin access [sid]	308	184	1	Summary
2	WEB-FRONTPAGE /_vti_bin/ access [sid]	316	190	1	Summary
2	WEB-MISC robots.txt access [cgi.nessus.org] [sid]	786	69	1	Summary
2	SNMP public access udp [sid] [CVE]	22568	3	1	Summary
2	SNMP request udp [sid] [CVE]	58657	3	1	Summary
1	SHELLCODE x86 EB OC NOOP [sid]	1	1	1	Summary
1	SMTP HELO overflow attempt [sid] [CVE]	2	2	1	Summary
1	SHELLCODE x86 unicode NOOP [sid]	3	3	3	Summary
1	SHELLCODE x86 stealth NOOP [sid] [arachNIDS]	4	1	1	Summary
1	WEB-IIS WEBDAV nessus safe scan attempt [sid] [BUGTRAQ]	4	4	1	Summary
1	WEB-CLIENT javascript URL host spoofing attempt [sid] [BUGTRAQ]	11	5	5	Summary
1	SHELLCODE x86 inc ebx NOOP [sid]	190	37	11	Summary
1	WEB-IIS CodeRed v2 root.exe access [www.cert.org] [sid]	680	204	1	Summary
1	WEB-IIS ISAPI .ida attempt [sid] [arachNIDS]	930	304	1	Summary
1	WEB-IIS multiple decode attempt [sid] [CVE]	952	176	1	Summary
1	SHELLCODE x86 NOOP [sid]	1333	40	14	Summary
1	WEB-IIS unicode directory traversal attempt [sid] [CVE]	1500	191	1	Summary
1	WEB-IIS cmd.exe access [sid]	2169	498	1	Summary

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:46 2003