[Silicon Defense logo]

SnortSnarf alert page

Source: 192.150.20.28

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:
Earliest: 15:23:20.309503 on 05/10/2003
Latest: 02:29:31.300493 on 05/11/2003

1 different signatures are present for 192.150.20.28 as a source

There are 2 distinct destination IPs in the alerts of the type on this page.

192.150.20.28 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:20.309503 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10222 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51A83D7 Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:20.604815 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10232 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xE51ABCDF Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:21.076276 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51B67F7 Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:21.080371 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10265 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51B7913 Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:21.083721 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10267 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51B847B Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/11-02:29:30.494746 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18392 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BC79E6 Ack: 0x152ECB39 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/11-02:29:30.819265 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18402 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xB7BCB2EE Ack: 0x152ECB39 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/11-02:29:31.288886 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18432 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BD5E06 Ack: 0x152ECB39 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/11-02:29:31.298498 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18435 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BD6F22 Ack: 0x152ECB39 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/11-02:29:31.300493 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18437 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BD7A8A Ack: 0x152ECB39 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003