SnortSnarf alert page

Destination: 192.168.1.101: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:36:55.212523 on 04/24/2003
Latest: 12:22:47.236976 on 05/13/2003

7 different signatures are present for 192.168.1.101 as a destination

1 instances of SHELLCODE x86 unicode NOOP
1 instances of SHELLCODE x86 setgid 0
1 instances of WEB-CLIENT javascript URL host spoofing attempt
4 instances of SHELLCODE x86 setuid 0
87 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
88 instances of SHELLCODE x86 inc ebx NOOP
769 instances of SHELLCODE x86 NOOP

There are 25 distinct source IPs in the alerts of the type on this page.

192.168.1.101 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.101 as an alert source [6 alerts]

Go to: next range, all alerts, overview page

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/24-15:36:55.212523 128.121.10.67:119 -> 192.168.1.101:2114
TCP TTL:111 TOS:0x0 ID:2262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4616FC20  Ack: 0xAA1CF0CB  Win: 0xF958  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/24-15:52:52.408811 128.121.10.67:119 -> 192.168.1.101:2386
TCP TTL:111 TOS:0x0 ID:19549 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6AC4459C  Ack: 0xB86C5AA3  Win: 0xFA48  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/24-15:52:53.867455 128.121.10.67:119 -> 192.168.1.101:2387
TCP TTL:111 TOS:0x0 ID:23867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6AC0892E  Ack: 0xB872CC07  Win: 0xFA0C  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/25-13:46:53.404042 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:4804 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:50316 IpLen:20 DgmLen:48 DF
Seq: 0xF3A0AD9E  Ack: 0x25800
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/26-19:54:40.440987 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2346 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:3825 IpLen:20 DgmLen:48 DF
Seq: 0xC50EEF17  Ack: 0x401CAB3E
** END OF DUMP

[**] [1:649:5] SHELLCODE x86 setgid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
04/27-15:53:02.554368 63.216.0.251:80 -> 192.168.1.101:1082
TCP TTL:52 TOS:0x0 ID:19937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x33537BB2  Ack: 0x35D22A02  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS284]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/27-18:10:09.706282 206.151.167.227:80 -> 192.168.1.101:1109
TCP TTL:241 TOS:0x0 ID:55818 IpLen:20 DgmLen:1216
***A**** Seq: 0xD548E269  Ack: 0x1EF37A27  Win: 0x832C  TcpLen: 20

[**] [1:1841:2] WEB-CLIENT javascript URL host spoofing attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] 
04/27-20:11:51.301187 63.216.0.251:80 -> 192.168.1.101:1220
TCP TTL:52 TOS:0x0 ID:10433 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x52EC8C8  Ack: 0xDB0B5DBA  Win: 0x7D78  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/5293]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/27-20:12:06.657755 63.216.0.253:80 -> 192.168.1.101:1160
TCP TTL:52 TOS:0x0 ID:21994 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xFF3CDA9F  Ack: 0xD9667F82  Win: 0x7D78  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/27-21:12:11.817287 159.215.19.3:53765 -> 192.168.1.101:1155
TCP TTL:46 TOS:0x0 ID:16561 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x131AD8A9  Ack: 0x60C1167E  Win: 0x16D0  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/28-04:48:16.551120 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2849 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:43256 IpLen:20 DgmLen:48 DF
Seq: 0xD9E6ECFE  Ack: 0xD0EAAC3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/28-06:48:33.736764 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3422 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:47306 IpLen:20 DgmLen:48 DF
Seq: 0x3DB6F951  Ack: 0x64203A9C
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/28-12:12:56.782969 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1080 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:349 IpLen:20 DgmLen:48 DF
Seq: 0x14A759A8  Ack: 0x853AD3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/28-12:43:15.644261 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1592 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:5377 IpLen:20 DgmLen:48 DF
Seq: 0x2EDE9467  Ack: 0x235AAD3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/28-13:43:38.113505 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1856 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:7702 IpLen:20 DgmLen:48 DF
Seq: 0x60DBFC14  Ack: 0x0
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/07-21:08:08.378877 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:4841 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:11223 IpLen:20 DgmLen:48 DF
Seq: 0x8E3D6A37  Ack: 0x560E8E1A
** END OF DUMP

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/08-14:45:41.308763 128.121.10.67:119 -> 192.168.1.101:2758
TCP TTL:111 TOS:0x0 ID:65416 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10A94227  Ack: 0xF2E32B4C  Win: 0xF62E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/08-14:45:41.310114 128.121.10.67:119 -> 192.168.1.101:2758
TCP TTL:111 TOS:0x0 ID:65417 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10A947DB  Ack: 0xF2E32B4C  Win: 0xF62E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/08-14:45:41.320541 128.121.10.67:119 -> 192.168.1.101:2758
TCP TTL:111 TOS:0x0 ID:65425 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10A9757B  Ack: 0xF2E32B4C  Win: 0xF62E  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/09-13:34:22.284629 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1587 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:23835 IpLen:20 DgmLen:48 DF
Seq: 0xD45B2C04  Ack: 0x9EE6BB3E
** END OF DUMP

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/09-13:56:30.403407 128.121.10.67:119 -> 192.168.1.101:1725
TCP TTL:111 TOS:0x0 ID:59685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF27699F3  Ack: 0xE50B5101  Win: 0xF802  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/09-14:05:20.610213 128.121.10.67:119 -> 192.168.1.101:1797
TCP TTL:111 TOS:0x0 ID:31144 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6835A0D  Ack: 0xEDADAFCA  Win: 0xF73C  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/09-14:05:24.301347 128.121.10.67:119 -> 192.168.1.101:1797
TCP TTL:111 TOS:0x0 ID:40551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6880B82  Ack: 0xEDADB006  Win: 0xF700  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:04:59.908174 216.158.154.24:80 -> 192.168.1.101:2028
TCP TTL:47 TOS:0x0 ID:46468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3BEF684  Ack: 0x70E63F56  Win: 0x1D50  TcpLen: 20

[**] [1:650:5] SHELLCODE x86 setuid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
05/10-13:05:37.481911 216.65.98.13:119 -> 192.168.1.101:1799
TCP TTL:102 TOS:0x0 ID:61386 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xECC2ADE2  Ack: 0x6B97336C  Win: 0xF95B  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS436]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:42:56.236817 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:28897 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x69932B78  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:42:56.370033 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:29171 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x69935ECC  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:44:58.456582 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:63749 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0C45A8  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:44:58.640046 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:64007 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0C78FC  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:44:58.647966 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:64008 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0C7EB0  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:44:58.819539 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:64306 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0C8A18  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:44:59.731301 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0D7F54  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:44:59.927307 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:442 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0DB2A8  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:45:01.140657 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:2519 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0E5DC0  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:45:01.470344 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:3031 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0EB34C  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:45:01.665060 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:3348 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0EE0EC  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/10-13:45:01.771643 207.188.7.150:80 -> 192.168.1.101:2812
TCP TTL:50 TOS:0x0 ID:3489 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x6A0F0324  Ack: 0x91E4BB91  Win: 0x7D78  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/10-14:55:00.415077 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3323 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:24161 IpLen:20 DgmLen:48 DF
Seq: 0xCE5E2CF3  Ack: 0x44BBD3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/10-14:55:03.655236 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3323 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:24162 IpLen:20 DgmLen:48 DF
Seq: 0xCE5E2CF3  Ack: 0x74BBD3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/10-16:26:01.162836 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3789 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:29267 IpLen:20 DgmLen:48 DF
Seq: 0x19F7A5D6  Ack: 0x5960BD3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/10-20:27:38.180285 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:4930 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:37741 IpLen:20 DgmLen:48 DF
Seq: 0xE582AF99  Ack: 0x10001C0
** END OF DUMP

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-02:29:30.494746 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18392 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BC79E6  Ack: 0x152ECB39  Win: 0x1920  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-02:29:30.819265 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18402 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xB7BCB2EE  Ack: 0x152ECB39  Win: 0x1920  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-02:29:31.288886 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18432 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BD5E06  Ack: 0x152ECB39  Win: 0x1920  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-02:29:31.298498 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18435 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BD6F22  Ack: 0x152ECB39  Win: 0x1920  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-02:29:31.300493 192.150.20.28:80 -> 192.168.1.101:2719
TCP TTL:44 TOS:0x0 ID:18437 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB7BD7A8A  Ack: 0x152ECB39  Win: 0x1920  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-03:44:59.334711 216.65.98.13:119 -> 192.168.1.101:2900
TCP TTL:102 TOS:0x0 ID:10479 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD55069EE  Ack: 0x484AEB7F  Win: 0xF56E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-03:44:59.355707 216.65.98.13:119 -> 192.168.1.101:2898
TCP TTL:102 TOS:0x0 ID:10515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD55175B5  Ack: 0x48493BDB  Win: 0xF68B  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-03:45:00.332635 216.65.98.13:119 -> 192.168.1.101:2898
TCP TTL:102 TOS:0x0 ID:12573 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5527174  Ack: 0x48493BF9  Win: 0xF66D  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-03:45:05.112251 216.65.98.13:119 -> 192.168.1.101:2899
TCP TTL:102 TOS:0x0 ID:23194 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD53D3BF6  Ack: 0x484A2583  Win: 0xF57D  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-13:49:07.106888 209.8.166.179:80 -> 192.168.1.101:3377
TCP TTL:52 TOS:0x0 ID:28722 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xBA683375  Ack: 0x410C02AD  Win: 0x7D78  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-13:49:07.179318 209.8.166.179:80 -> 192.168.1.101:3377
TCP TTL:52 TOS:0x0 ID:28997 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xBA68834D  Ack: 0x410C02AD  Win: 0x7D78  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/11-18:52:53.545822 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1883 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:61028 IpLen:20 DgmLen:48 DF
Seq: 0x3FDF0A86  Ack: 0x45D4BE3E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/11-19:53:24.711544 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2169 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:1332 IpLen:20 DgmLen:48 DF
Seq: 0x721D3969  Ack: 0xA706FFF8
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/11-21:53:45.172709 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2730 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:12857 IpLen:20 DgmLen:48 DF
Seq: 0xD5ECC576  Ack: 0xA9FEBE3E
** END OF DUMP

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-23:01:00.168874 12.247.228.93:80 -> 192.168.1.101:3218
TCP TTL:47 TOS:0x0 ID:30596 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62DE3430  Ack: 0xDC0D718  Win: 0x1920  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-23:56:11.495068 66.150.0.247:80 -> 192.168.1.101:3622
TCP TTL:44 TOS:0x0 ID:63187 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x691A5BC4  Ack: 0x3D1DB631  Win: 0xE420  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-23:56:11.564993 66.150.0.247:80 -> 192.168.1.101:3622
TCP TTL:44 TOS:0x0 ID:63195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x691A6178  Ack: 0x3D1DB631  Win: 0xE420  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-23:56:11.607517 66.150.0.247:80 -> 192.168.1.101:3622
TCP TTL:44 TOS:0x0 ID:63199 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x691A7294  Ack: 0x3D1DB631  Win: 0xE420  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/11-23:56:11.620832 66.150.0.247:80 -> 192.168.1.101:3622
TCP TTL:44 TOS:0x0 ID:63207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x691AA034  Ack: 0x3D1DB631  Win: 0xE420  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/12-00:24:37.922987 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3833 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:34533 IpLen:20 DgmLen:48 DF
Seq: 0x54E399EB  Ack: 0x6F6D0000
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/12-00:24:44.478107 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3833 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:34535 IpLen:20 DgmLen:48 DF
Seq: 0x54E399EB  Ack: 0xC0A80165
** END OF DUMP

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:37:44.368369 216.65.98.13:119 -> 192.168.1.101:1243
TCP TTL:103 TOS:0x0 ID:56244 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAE1F2F5  Ack: 0xACE72F4D  Win: 0xF833  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:52:34.264633 216.65.98.13:119 -> 192.168.1.101:1282
TCP TTL:103 TOS:0x0 ID:65015 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC399D1D6  Ack: 0xB6829DC5  Win: 0xFA80  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:52:39.700117 216.65.98.13:119 -> 192.168.1.101:1282
TCP TTL:103 TOS:0x0 ID:9650 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3A15737  Ack: 0xB6829DD3  Win: 0xFA72  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:52:52.130952 216.65.98.13:119 -> 192.168.1.101:1281
TCP TTL:103 TOS:0x0 ID:29603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3719AC3  Ack: 0xB676B1D3  Win: 0xFA9C  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:52:55.864154 216.65.98.13:119 -> 192.168.1.101:1282
TCP TTL:103 TOS:0x0 ID:35129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3BF3824  Ack: 0xB6829E19  Win: 0xFA2C  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:53:36.834621 216.65.98.13:119 -> 192.168.1.101:1282
TCP TTL:103 TOS:0x0 ID:46537 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC40685D9  Ack: 0xB6829EC1  Win: 0xF984  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:53:41.786873 216.65.98.13:119 -> 192.168.1.101:1281
TCP TTL:103 TOS:0x0 ID:52942 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3CD006B  Ack: 0xB676B2A5  Win: 0xF9CA  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-12:53:44.255533 216.65.98.13:119 -> 192.168.1.101:1281
TCP TTL:103 TOS:0x0 ID:57882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC3D3E80D  Ack: 0xB676B2B3  Win: 0xF9BC  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:09:46.743331 128.121.10.67:119 -> 192.168.1.101:2494
TCP TTL:111 TOS:0x0 ID:52128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF89E0D0  Ack: 0x80964CC4  Win: 0xF5F5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:10:26.750067 128.121.10.67:119 -> 192.168.1.101:2495
TCP TTL:111 TOS:0x0 ID:45263 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF3418B  Ack: 0x8098BDE6  Win: 0xFAC3  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:10:29.085859 128.121.10.67:119 -> 192.168.1.101:2495
TCP TTL:111 TOS:0x0 ID:52547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF64AA1  Ack: 0x8098BDF5  Win: 0xFAB4  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:10:30.104682 128.121.10.67:119 -> 192.168.1.101:2494
TCP TTL:111 TOS:0x0 ID:55635 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFBDF251  Ack: 0x80964D69  Win: 0xF550  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:12:21.786612 128.121.10.67:119 -> 192.168.1.101:2495
TCP TTL:111 TOS:0x0 ID:57294 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1069A6D5  Ack: 0x8098C5C0  Win: 0xF8A7  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:12:23.069950 128.121.10.67:119 -> 192.168.1.101:2509
TCP TTL:111 TOS:0x0 ID:60740 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14B6B699  Ack: 0x8328999E  Win: 0xF9B5  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:12:24.841484 128.121.10.67:119 -> 192.168.1.101:2495
TCP TTL:111 TOS:0x0 ID:243 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x106EB50C  Ack: 0x8098C5FC  Win: 0xF86B  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:12:27.280394 128.121.10.67:119 -> 192.168.1.101:2495
TCP TTL:111 TOS:0x0 ID:6053 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x10723FC2  Ack: 0x8098C629  Win: 0xF83E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:12:59.678928 128.121.10.67:119 -> 192.168.1.101:2598
TCP TTL:111 TOS:0x0 ID:32837 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34121A8A  Ack: 0x93B7C82C  Win: 0xF946  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:13:07.964492 128.121.10.67:119 -> 192.168.1.101:2494
TCP TTL:111 TOS:0x0 ID:57499 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x107878FC  Ack: 0x8096584F  Win: 0xF5E6  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:19:12.053053 128.121.10.67:119 -> 192.168.1.101:2598
TCP TTL:111 TOS:0x0 ID:2634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35E12768  Ack: 0x93B7CF07  Win: 0xF820  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:19:13.290375 128.121.10.67:119 -> 192.168.1.101:2598
TCP TTL:111 TOS:0x0 ID:6324 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35E2B986  Ack: 0x93B7CF16  Win: 0xF811  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:19:13.310320 128.121.10.67:119 -> 192.168.1.101:2598
TCP TTL:111 TOS:0x0 ID:6778 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35E2B986  Ack: 0x93B7CF16  Win: 0xF811  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:19:15.410634 128.121.10.67:119 -> 192.168.1.101:2494
TCP TTL:111 TOS:0x0 ID:12482 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1230D440  Ack: 0x80965ED0  Win: 0xFAE1  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/12-17:19:19.729918 128.121.10.67:119 -> 192.168.1.101:2598
TCP TTL:111 TOS:0x0 ID:24863 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x35EAA31C  Ack: 0x93B7CF52  Win: 0xF7D5  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/12-21:28:15.227596 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3843 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:4428 IpLen:20 DgmLen:48 DF
Seq: 0x6803B010  Ack: 0x6F6C0363
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/13-01:59:56.927087 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1138 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:15707 IpLen:20 DgmLen:48 DF
Seq: 0x4972F18F  Ack: 0x6F6D0000
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/13-06:01:31.160080 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2237 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:24877 IpLen:20 DgmLen:48 DF
Seq: 0x11F0EDA3  Ack: 0x4F6F3438
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/13-12:02:47.078357 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3981 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:38060 IpLen:20 DgmLen:48 DF
Seq: 0x3DC88977  Ack: 0x6F6D0000
** END OF DUMP

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:20:46.468651 209.61.194.132:80 -> 192.168.1.101:4529
TCP TTL:49 TOS:0x0 ID:38997 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA2AE1304  Ack: 0x4DE07DB1  Win: 0x2180  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:20:46.470042 209.61.194.132:80 -> 192.168.1.101:4529
TCP TTL:49 TOS:0x0 ID:38998 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xA2AE18B8  Ack: 0x4DE07DB1  Win: 0x2180  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:20:46.515186 209.61.194.132:80 -> 192.168.1.101:4529
TCP TTL:49 TOS:0x0 ID:39000 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA2AE2420  Ack: 0x4DE07DB1  Win: 0x2180  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:35.829658 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:49563 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B60044D  Ack: 0x4788451B  Win: 0xF703  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:36.093607 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:50232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B7329E3  Ack: 0x4787AE84  Win: 0xF6A9  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:37.030436 128.121.10.67:119 -> 192.168.1.101:4059
TCP TTL:111 TOS:0x0 ID:52972 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC19EAA  Ack: 0x48A7C147  Win: 0xF7D5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:37.098049 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:53216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B615901  Ack: 0x4788452A  Win: 0xF6F4  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:37.726083 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:55265 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B741BE1  Ack: 0x4787AE93  Win: 0xF69A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:37.801530 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:55631 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B742195  Ack: 0x4787AE93  Win: 0xF69A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:47.235398 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:12312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B7A5012  Ack: 0x4787AEB1  Win: 0xF67C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:47.236976 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:12313 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B7A55C6  Ack: 0x4787AEB1  Win: 0xF67C  TcpLen: 20

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:54 2003

192.168.1.101	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.101 as an alert source [6 alerts]