[Silicon Defense logo]

SnortSnarf alert page

Source: 129.137.204.172

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

3 such alerts found using input module SnortFileInput, with sources:
Earliest: 12:43:31.135094 on 05/29/2003
Latest: 12:43:31.733406 on 05/29/2003

1 different signatures are present for 129.137.204.172 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

129.137.204.172 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-12:43:31.135094 129.137.204.172:1051 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:118 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x4666A8CD Ack: 0x3874D5A5 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-12:43:31.509608 129.137.204.172:1051 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:119 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x4666A96D Ack: 0x3874D713 Win: 0x437A TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-12:43:31.733406 129.137.204.172:1052 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:127 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x1F17FAE0 Ack: 0x38F68246 Win: 0x44E8 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003