SnortSnarf alert page

Source: 129.137.185.125

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:18:16.086608 on 05/22/2003
Latest: 13:58:25.376133 on 05/22/2003

1 different signatures are present for 129.137.185.125 as a source

10 instances of WEB-IIS view source via translate header

There are 1 distinct destination IPs in the alerts of the type on this page.

129.137.185.125 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:18:16.086608 129.137.185.125:1839 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25129 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0xBD0FDCAE  Ack: 0x1B37EEF1  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:18:16.580485 129.137.185.125:1839 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25131 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0xBD0FDD3B  Ack: 0x1B37F05F  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:01.434993 129.137.185.125:1903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25835 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x108CFFE4  Ack: 0x67E42A34  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:01.907490 129.137.185.125:1903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25836 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x108D0071  Ack: 0x67E42BA2  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:02.120281 129.137.185.125:1904 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25841 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x1041D4B3  Ack: 0x67C33295  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:04.139165 129.137.185.125:1905 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25846 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x32370826  Ack: 0x68984F58  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:43:29.107707 129.137.185.125:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31704 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x1EEEDE8F  Ack: 0x791EB03A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:43:29.200655 129.137.185.125:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31705 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x1EEEDF1C  Ack: 0x791EB1A8  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-13:58:25.009176 129.137.185.125:2149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32670 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x153C2BAC  Ack: 0x9417CD4B  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-13:58:25.376133 129.137.185.125:2149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32671 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x153C2C39  Ack: 0x9417CEB9  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

129.137.185.125	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade