[Silicon Defense logo]

SnortSnarf signature page

WEB-IIS _mem_bin access

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

308 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 19:49:23.625370 on 04/17/2003
Latest such alert at 04:47:01.477836 on 06/17/2003

WEB-IIS _mem_bin access 184 sources 1 destinations
Priority: 2Classification: access to a potentially vulnerable web application
[sid:1286]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
24.209.105.1561830611
24.209.39.2461632611
24.209.174.01625011
24.209.219.1621321311
24.209.11.9869911
24.209.219.9558111
24.63.13.13457611
24.209.191.91513611
24.209.18.19746511
24.93.48.9144111
24.245.2.23346611
24.126.82.2234911
24.44.2.16535111
24.35.68.6834911
24.209.113.1135211
24.98.140.13434611
24.209.42.24237711
24.130.219.1635011
24.209.40.21934911
24.189.230.11834011
24.98.69.17223311
24.98.99.14123111
24.166.45.3723211
24.57.13.7823311
24.98.50.14223211
24.99.37.18623411
24.242.248.24823111
24.125.85.18723211
24.112.153.4423311
24.129.102.20522711
24.186.148.2423311
24.29.173.8123311
24.98.22.11722511
24.46.127.15723211
24.112.193.14523011
24.209.118.13423411
24.99.137.15323311
24.157.173.3923311
24.150.202.3723211
24.219.28.22123411
24.74.84.12423411
24.147.143.3211811
24.60.106.18511611
24.166.119.8811911
24.123.41.13011711
24.150.35.19411611
24.243.238.24811611
24.74.33.15511511
24.202.34.7211611
24.150.116.1011611
24.208.193.21812011
24.243.144.1312011
24.209.36.194112911
24.158.6.1511611
24.30.227.13611711
24.126.254.1311711
24.204.108.6111711
24.70.71.23611611
24.160.23.5311511
24.91.73.15211611
24.66.107.8711611
24.74.152.24911611
24.148.73.9011011
24.99.49.21011611
24.114.70.18211611
24.59.74.4711711
24.92.8.811611
24.198.96.12011611
24.140.76.1411311
24.30.115.9311811
24.98.81.1611611
24.157.153.20412111
24.98.23.21011311
24.191.37.11311711
24.87.77.10611611
24.98.186.23111611
24.214.104.3811611
24.218.253.6711711
24.199.188.22611811
24.57.76.3711411
24.138.38.20611711
24.217.213.11111111
24.201.23.6311611
24.91.57.21111611
24.153.56.2611611
24.199.65.16211011
24.90.92.16711711
24.150.86.22411211
24.160.157.7911611
24.85.206.15211811
24.126.120.8811611
24.206.140.7811611
24.242.253.12212311
24.84.101.19411611
24.205.10.24711611
24.127.15.1612111
24.209.36.20711711
24.25.55.9311611
24.54.164.10511611
24.106.83.10211611
24.148.37.19611611
24.76.98.11311611
24.167.224.15011711
24.114.7.12112511
24.71.58.20811711
24.60.182.12411511
24.157.60.4812011
24.91.103.15211811
24.148.85.8511811
24.162.12.21011611
24.130.204.3011511
24.175.171.18011511
24.162.219.20311611
24.94.212.16611611
24.214.128.12611611
24.164.56.16511711
24.28.27.20111711
24.150.19.12311611
24.225.185.1401811
24.91.112.14911811
24.202.81.5911611
24.158.5.11311611
24.62.112.14811611
24.203.221.511811
24.120.188.23611611
24.99.136.1611411
24.245.36.14212111
24.208.232.17311611
24.198.148.10411711
24.198.96.14911611
24.161.112.4011611
24.197.103.21011611
24.201.150.21811711
24.99.90.2811611
24.29.111.1661911
24.218.160.23812211
24.203.10.19411711
24.226.120.16711711
24.114.38.3711111
24.114.19.20311611
24.91.100.1801811
24.131.113.371911
24.220.31.311611
24.161.94.6111611
24.61.174.15811811
24.78.148.8511511
24.226.59.10411711
24.150.22.13911811
24.50.102.8811611
24.114.84.14311711
24.52.59.2511811
24.201.83.15211611
24.174.223.21211611
24.101.10.5111111
24.202.15.24011611
24.203.49.121911
24.30.204.14511611
24.95.244.12911711
24.148.68.17711711
24.34.222.5211911
24.236.70.211711
24.140.13.15511711
24.98.223.23311511
24.112.68.20811611
24.171.142.3211711
24.98.61.17711811
24.71.47.17311411
24.99.96.13111511
24.114.34.2411811
24.201.31.4111711
24.160.16.4611711
24.205.137.1211611
24.122.7.1361711
24.62.250.7211611
24.47.19.14411611
24.201.229.6711511
24.92.146.11111611
24.243.175.14411511
24.165.15.14511611
24.84.94.19511711
24.198.102.6011711
24.200.41.11311611
24.98.20.1411711
24.34.91.2911411

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.63087770184624

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:51 2003