[Silicon Defense logo]

SnortSnarf signature page

SHELLCODE x86 inc ebx NOOP

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

190 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 19:34:07.823102 on 04/18/2003
Latest such alert at 01:01:47.870309 on 06/13/2003

SHELLCODE x86 inc ebx NOOP 37 sources 11 destinations
Priority: 1Classification: Executable code was detected
[sid:1390]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
128.121.10.673515611
66.118.170.25282811
128.242.172.2421656911
216.65.98.13152311
216.180.163.210131311
65.24.2.12121322
66.228.205.357711
209.208.134.376611
192.168.1.165611
128.242.172.25067011
209.61.194.1323311
64.37.137.833322
63.241.60.703311
207.126.99.793411
209.8.166.1793311
206.24.192.1573311
208.174.225.1583311
206.151.167.943412
66.54.32.1362211
146.20.39.932411
216.65.98.722211
66.28.185.2131111
204.68.168.1611111
64.215.164.1061111
208.29.250.1901111
213.193.18.461111
216.239.33.1041111
209.8.166.1711111
64.58.77.1711111
216.198.200.91111
207.44.188.211111
216.158.154.241111
166.90.208.1521311
216.26.174.1101111
161.170.254.281111
66.246.87.1621111
66.28.176.2071111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.101889511225
192.168.1.1025558810
192.168.1.100203858
192.168.1.4769311
192.168.1.365712
192.168.1.9241037
192.168.1.2317518
192.168.1.10335828
192.168.1.6277702624
192.168.1.10512919
192.168.1.1061513

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:51 2003