[Silicon Defense logo]

SnortSnarf alert page

Source: 129.137.186.208

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

3 such alerts found using input module SnortFileInput, with sources:
Earliest: 11:16:18.615703 on 05/27/2003
Latest: 11:16:19.198747 on 05/27/2003

1 different signatures are present for 129.137.186.208 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

129.137.186.208 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-11:16:18.615703 129.137.186.208:3023 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:118 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x2AD3496 Ack: 0x700D3096 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-11:16:18.959967 129.137.186.208:3023 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:119 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x2AD3536 Ack: 0x700D3204 Win: 0x437A TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-11:16:19.198747 129.137.186.208:3024 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:124 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xFFE75EA4 Ack: 0x6FA82B04 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003