SnortSnarf alert page

Destination: 192.168.1.101: #101-200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:22:49.278877 on 05/13/2003
Latest: 12:35:17.378458 on 05/19/2003

7 different signatures are present for 192.168.1.101 as a destination

1 instances of SHELLCODE x86 unicode NOOP
1 instances of SHELLCODE x86 setgid 0
1 instances of WEB-CLIENT javascript URL host spoofing attempt
4 instances of SHELLCODE x86 setuid 0
87 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
88 instances of SHELLCODE x86 inc ebx NOOP
769 instances of SHELLCODE x86 NOOP

There are 25 distinct source IPs in the alerts of the type on this page.

192.168.1.101 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.101 as an alert source [6 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:49.278877 128.121.10.67:119 -> 192.168.1.101:4059
TCP TTL:111 TOS:0x0 ID:17712 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DCC307A  Ack: 0x48A7C174  Win: 0xF7A8  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:22:59.859898 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:59479 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B83D566  Ack: 0x4787AEED  Win: 0xF640  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:23:03.135384 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:4737 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B76D088  Ack: 0x478845B1  Win: 0xF66D  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:23:03.614893 128.121.10.67:119 -> 192.168.1.101:4059
TCP TTL:111 TOS:0x0 ID:6309 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DDA2700  Ack: 0x48A7C1EC  Win: 0xF730  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:23:04.698081 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:9882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B89DE62  Ack: 0x4787AF1A  Win: 0xF613  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:23:04.923302 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:10373 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B78601F  Ack: 0x478845C0  Win: 0xF65E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:23:05.726865 128.121.10.67:119 -> 192.168.1.101:4059
TCP TTL:111 TOS:0x0 ID:12725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DDBA9BD  Ack: 0x48A7C1FB  Win: 0xF721  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:25:40.573666 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:64042 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C23BEFA  Ack: 0x4787B19F  Win: 0xF94C  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:25:43.598889 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:7587 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C28AEEC  Ack: 0x4787B1BD  Win: 0xF92E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:26:37.421832 128.121.10.67:119 -> 192.168.1.101:4040
TCP TTL:111 TOS:0x0 ID:58607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C636C2E  Ack: 0x4787B2F8  Win: 0xF7F3  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:26:38.213703 128.121.10.67:119 -> 192.168.1.101:4059
TCP TTL:111 TOS:0x0 ID:61396 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E9D61F5  Ack: 0x48A7C552  Win: 0xF988  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:27:42.461752 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:11633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4C760307  Ack: 0x47884A61  Win: 0xF77B  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:28:29.089618 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:19779 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CA02DB3  Ack: 0x47884B42  Win: 0xF69A  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:28:46.120395 128.121.10.67:119 -> 192.168.1.101:4041
TCP TTL:111 TOS:0x0 ID:1687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4CAFFEC4  Ack: 0x47884BAB  Win: 0xF631  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:28:54.430410 128.121.10.67:119 -> 192.168.1.101:2513
TCP TTL:111 TOS:0x0 ID:25325 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x64164AA6  Ack: 0x948F968A  Win: 0xF9AF  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:29:01.866575 128.121.10.67:119 -> 192.168.1.101:3358
TCP TTL:111 TOS:0x0 ID:44836 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x645461B0  Ack: 0x973C3C08  Win: 0xF9AF  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:30:32.482352 128.121.10.67:119 -> 192.168.1.101:2513
TCP TTL:111 TOS:0x0 ID:40749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x648362EF  Ack: 0x948F993C  Win: 0xF6FD  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:13.828979 128.121.10.67:119 -> 192.168.1.101:3628
TCP TTL:111 TOS:0x0 ID:15699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6BE7A263  Ack: 0xA7AAF410  Win: 0xF8A1  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:18.104825 128.121.10.67:119 -> 192.168.1.101:3629
TCP TTL:111 TOS:0x0 ID:34079 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6BF95470  Ack: 0xA7AC4A2F  Win: 0xF81A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:18.112512 128.121.10.67:119 -> 192.168.1.101:3629
TCP TTL:111 TOS:0x0 ID:34080 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6BF95A24  Ack: 0xA7AC4A2F  Win: 0xF81A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:19.072489 128.121.10.67:119 -> 192.168.1.101:3630
TCP TTL:111 TOS:0x0 ID:40782 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C04C031  Ack: 0xA7BBD4ED  Win: 0xF7CF  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:19.073884 128.121.10.67:119 -> 192.168.1.101:3630
TCP TTL:111 TOS:0x0 ID:40783 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C04C5E5  Ack: 0xA7BBD4ED  Win: 0xF7CF  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:20.684298 128.121.10.67:119 -> 192.168.1.101:3628
TCP TTL:111 TOS:0x0 ID:48496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6BEEF6DF  Ack: 0xA7AAF42E  Win: 0xF883  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-12:35:20.692590 128.121.10.67:119 -> 192.168.1.101:3628
TCP TTL:111 TOS:0x0 ID:48497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6BEEFC93  Ack: 0xA7AAF42E  Win: 0xF883  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/13-16:34:24.002143 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:4840 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:24134 IpLen:20 DgmLen:48 DF
Seq: 0x6FCE9E3B  Ack: 0x25800
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/13-23:06:03.907953 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2936 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:28115 IpLen:20 DgmLen:48 DF
Seq: 0xB560E9FE  Ack: 0x9BB2C13E
** END OF DUMP

[**] [1:653:5] SHELLCODE x86 unicode NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-23:50:47.486242 209.17.84.252:80 -> 192.168.1.101:2791
TCP TTL:46 TOS:0x0 ID:58502 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xD2E501ED  Ack: 0x9A06D532  Win: 0xC1E8  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/15-09:41:26.259315 128.121.10.67:119 -> 192.168.1.101:1356
TCP TTL:111 TOS:0x0 ID:17303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65847BF8  Ack: 0x93B8568E  Win: 0xF793  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/15-09:41:26.260677 128.121.10.67:119 -> 192.168.1.101:1356
TCP TTL:111 TOS:0x0 ID:17304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x658481AC  Ack: 0x93B8568E  Win: 0xF793  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-10:45:46.333839 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1667 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:40742 IpLen:20 DgmLen:48 DF
Seq: 0xCD2407A5  Ack: 0x6172656C
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-10:45:56.171936 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1667 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:40745 IpLen:20 DgmLen:48 DF
Seq: 0xCD2407A5  Ack: 0x79000000
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-11:16:05.157353 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1822 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:42055 IpLen:20 DgmLen:48 DF
Seq: 0xE6492D46  Ack: 0x35AFC33E
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-15:46:53.453876 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3347 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:30947 IpLen:20 DgmLen:48 DF
Seq: 0xC99042A3  Ack: 0x4D323446
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-17:17:25.000833 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3859 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:36619 IpLen:20 DgmLen:48 DF
Seq: 0x17C30AD5  Ack: 0x0
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/15-21:18:32.105551 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:4960 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:46878 IpLen:20 DgmLen:48 DF
Seq: 0xF10E555C  Ack: 0x7D1B638B
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/16-01:19:42.054525 172.20.148.50 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2209 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:32442 IpLen:20 DgmLen:48 DF
Seq: 0xC6610DC3  Ack: 0x6F6C0363
** END OF DUMP

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/16-07:21:08.939439 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:3864 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:45543 IpLen:20 DgmLen:48 DF
Seq: 0xF2504433  Ack: 0x3C000000
** END OF DUMP

[**] [1:650:5] SHELLCODE x86 setuid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
05/17-01:55:29.675875 216.65.98.13:119 -> 192.168.1.101:2127
TCP TTL:109 TOS:0x0 ID:46789 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB22B70B8  Ack: 0x9657BCC9  Win: 0xF721  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS436]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
05/18-13:48:43.518402 172.20.148.54 -> 192.168.1.101
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1450 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:15909 IpLen:20 DgmLen:48 DF
Seq: 0x83493A9E  Ack: 0xD4028410
** END OF DUMP

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:30:54.552628 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:26249 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F2A6BE  Ack: 0xDE3303E0  Win: 0xF640  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:30:54.553930 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:26250 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F2AC72  Ack: 0xDE3303E0  Win: 0xF640  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:04.078850 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:53628 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB402E6D7  Ack: 0xDE320D18  Win: 0xF65E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:04.083179 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:53629 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB402EC8B  Ack: 0xDE320D18  Win: 0xF65E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:19.798529 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:30614 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4145FA1  Ack: 0xDE320D45  Win: 0xF631  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:19.799852 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:30615 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4146555  Ack: 0xDE320D45  Win: 0xF631  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:24.892177 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:47286 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB41B836A  Ack: 0xDE330449  Win: 0xF5D7  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:24.895688 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:47287 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB41B891E  Ack: 0xDE330449  Win: 0xF5D7  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:41.362051 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:23934 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB42A487C  Ack: 0xDE320D81  Win: 0xF5F5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:41.365967 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:23935 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB42A4E30  Ack: 0xDE320D81  Win: 0xF5F5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:55.965210 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:61742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB448EB3D  Ack: 0xDE3304DF  Win: 0xF541  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:55.966562 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:61743 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB448F0F1  Ack: 0xDE3304DF  Win: 0xF541  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:56.054621 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:61927 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBE61E3A4  Ack: 0xE146E563  Win: 0xF988  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:31:56.056421 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:61928 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBE61E958  Ack: 0xE146E563  Win: 0xF988  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:04.429658 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:12772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB44E3347  Ack: 0xDE3304EE  Win: 0xFAF0  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:04.430777 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:12773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB44E38FB  Ack: 0xDE3304EE  Win: 0xFAF0  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:04.698913 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:13239 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBE6B2D61  Ack: 0xE146E581  Win: 0xF96A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:04.700342 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:13240 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBE6B3315  Ack: 0xE146E581  Win: 0xF96A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:14.732895 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:33831 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4497B0C  Ack: 0xDE320DEA  Win: 0xF58C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:14.737867 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:33837 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB44980C0  Ack: 0xDE320DEA  Win: 0xF58C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:25.071280 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:63998 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB465F8EE  Ack: 0xDE330539  Win: 0xFAA5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:25.104012 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:64367 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB465FEA2  Ack: 0xDE330539  Win: 0xFAA5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:44.265377 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:54205 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBE964C85  Ack: 0xE146E608  Win: 0xF8E3  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:44.266739 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:54206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBE965239  Ack: 0xE146E608  Win: 0xF8E3  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:55.425581 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:29363 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEA02B36  Ack: 0xE146E626  Win: 0xF8C5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:32:55.426912 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:29364 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEA030EA  Ack: 0xE146E626  Win: 0xF8C5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:09.431151 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:11106 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEAF4AED  Ack: 0xE146E653  Win: 0xF898  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:09.432442 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:11107 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEAF50A1  Ack: 0xE146E653  Win: 0xF898  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:34.630305 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:31011 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4B03248  Ack: 0xDE320F25  Win: 0xFA0F  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:34.638737 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:31012 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4B037FC  Ack: 0xDE320F25  Win: 0xFA0F  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:36.870557 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:36191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBECB3C41  Ack: 0xE146E6AD  Win: 0xF83E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:36.874776 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:36192 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBECB41F5  Ack: 0xE146E6AD  Win: 0xF83E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:49.542518 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:11123 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEDADA20  Ack: 0xE146E6DA  Win: 0xF811  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:33:49.543952 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:11124 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEDADFD4  Ack: 0xE146E6DA  Win: 0xF811  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:14.439440 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:18501 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEFADCC5  Ack: 0xE146E734  Win: 0xF7B7  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:14.440826 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:18502 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBEFAE279  Ack: 0xE146E734  Win: 0xF7B7  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:15.704431 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:21936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4E3F1B6  Ack: 0xDE320FBB  Win: 0xF979  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:15.712121 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:21937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4E3F76A  Ack: 0xDE320FBB  Win: 0xF979  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:26.435164 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:59022 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4ECF148  Ack: 0xDE320FD9  Win: 0xF95B  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:26.436498 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:59023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4ECF6FC  Ack: 0xDE320FD9  Win: 0xF95B  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:26.496243 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:59234 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4F10D34  Ack: 0xDE3306FB  Win: 0xF8E3  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:31.885194 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:9626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4F65E49  Ack: 0xDE33070A  Win: 0xF8D4  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:32.041037 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:10639 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4F663FD  Ack: 0xDE33070A  Win: 0xF8D4  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:32.410233 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:12617 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF11473C  Ack: 0xE146E77F  Win: 0xF76C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:32.411484 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:12618 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF114CF0  Ack: 0xE146E77F  Win: 0xF76C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:38.607029 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:33858 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4FB2BB2  Ack: 0xDE330719  Win: 0xF8C5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:38.608544 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:33859 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB4FB3166  Ack: 0xDE330719  Win: 0xF8C5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:40.970096 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:39490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF1B18F9  Ack: 0xE146E79D  Win: 0xF74E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:34:40.973906 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:39491 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF1B1EAD  Ack: 0xE146E79D  Win: 0xF74E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:06.591310 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:55673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF3D48C2  Ack: 0xE146E815  Win: 0xF6D6  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:06.592643 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:55674 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF3D4E76  Ack: 0xE146E815  Win: 0xF6D6  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:08.602906 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:64867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB518345B  Ack: 0xDE330773  Win: 0xF86B  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:08.683976 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB5183A0F  Ack: 0xDE330773  Win: 0xF86B  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:09.410263 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:2116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF424BDE  Ack: 0xE146E824  Win: 0xF6C7  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:09.411583 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:2117 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF425192  Ack: 0xE146E824  Win: 0xF6C7  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:13.264431 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:16232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB51E32C7  Ack: 0xDE32106F  Win: 0xF8C5  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:13.714065 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:18462 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF4A93EE  Ack: 0xE146E842  Win: 0xF6A9  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:13.715407 128.121.10.67:119 -> 192.168.1.101:1656
TCP TTL:111 TOS:0x0 ID:18463 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBF4A99A2  Ack: 0xE146E842  Win: 0xF6A9  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:17.000113 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:28882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB52346E2  Ack: 0xDE32107E  Win: 0xF8B6  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:17.003555 128.121.10.67:119 -> 192.168.1.101:1654
TCP TTL:111 TOS:0x0 ID:28883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB5234C96  Ack: 0xDE32107E  Win: 0xF8B6  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/19-12:35:17.378458 128.121.10.67:119 -> 192.168.1.101:1655
TCP TTL:111 TOS:0x0 ID:31691 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB521ECD1  Ack: 0xDE330791  Win: 0xF84D  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:54 2003

192.168.1.101	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.101 as an alert source [6 alerts]