[Silicon Defense logo]

SnortSnarf alert page

Source: 129.137.203.234

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

11 such alerts found using input module SnortFileInput, with sources:
Earliest: 10:49:50.172773 on 06/05/2003
Latest: 16:28:46.049826 on 06/05/2003

1 different signatures are present for 129.137.203.234 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

129.137.203.234 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-10:49:50.172773 129.137.203.234:1042 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:101 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xDACC2939 Ack: 0x497DA397 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-10:49:50.752692 129.137.203.234:1042 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:102 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xDACC29D9 Ack: 0x497DA505 Win: 0x437A TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-10:49:50.992547 129.137.203.234:1043 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:107 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xDBB5CB0E Ack: 0x498FCE42 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-15:16:05.053501 129.137.203.234:1053 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:139 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x2A5ECA83 Ack: 0x371F4717 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-15:16:08.793671 129.137.203.234:1053 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:140 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x2A5ECB23 Ack: 0x371F4885 Win: 0x437A TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-15:16:09.108807 129.137.203.234:1054 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:144 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xE8123C95 Ack: 0x37EF575F Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-16:02:56.408194 129.137.203.234:1116 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:696 IpLen:20 DgmLen:182 DF
***AP*** Seq: 0x45E88B82 Ack: 0xE7F43182 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-16:02:56.880257 129.137.203.234:1116 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:697 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0x45E88C10 Ack: 0xE7F432F0 Win: 0x437A TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-16:28:30.420409 129.137.203.234:1374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18648 IpLen:20 DgmLen:182 DF
***AP*** Seq: 0x31A1CC2B Ack: 0x47EABDF7 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-16:28:30.758765 129.137.203.234:1374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18649 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x31A1CCB9 Ack: 0x47EABF65 Win: 0x437A TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/05-16:28:46.049826 129.137.203.234:1379 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18666 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x2E147128 Ack: 0x49941D69 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003