[Silicon Defense logo]

SnortSnarf signature page

WEB-MISC bad HTTP/1.1 request, Potentially worm attack

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

3 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 08:28:49.547817 on 04/24/2003
Latest such alert at 20:23:57.831377 on 06/08/2003

WEB-MISC bad HTTP/1.1 request, Potentially worm attack 3 sources 1 destinations
Priority: 2Classification: access to a potentially vulnerable web application
[url:securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html] [sid:1881]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
206.98.253.781111
210.164.186.941111
203.94.78.1301111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.6377703624

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:48 2003