[Silicon Defense logo]

SnortSnarf alert page

Destination: 192.168.1.101: #801-900

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

Looking using input module SnortFileInput, with sources:
Earliest: 22:27:14.635469 on 06/02/2003
Latest: 10:34:27.794347 on 06/09/2003

7 different signatures are present for 192.168.1.101 as a destination

There are 25 distinct source IPs in the alerts of the type on this page.

192.168.1.101 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade
See also 192.168.1.101 as an alert source [6 alerts]

Go to: previous range, next range, all alerts, overview page
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:14.635469 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:5764 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D0B27CD Ack: 0xC09969DD Win: 0xFAF0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:16.059226 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11481 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1167B7 Ack: 0xC09969EE Win: 0xFADF TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:16.060282 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11482 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D116D6B Ack: 0xC09969EE Win: 0xFADF TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:16.061636 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11483 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D11731F Ack: 0xC09969EE Win: 0xFADF TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:16.065582 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11486 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D11843B Ack: 0xC09969EE Win: 0xFADF TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:16.066887 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D1189EF Ack: 0xC09969EE Win: 0xFADF TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:33.216326 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:20771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D33C9B5 Ack: 0xC0996A54 Win: 0xFA79 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:33.217693 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:20772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D33CF69 Ack: 0xC0996A54 Win: 0xFA79 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:33.218987 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:20773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D33D51D Ack: 0xC0996A54 Win: 0xFA79 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:27:33.292178 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:21048 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D34BEF1 Ack: 0xC0996A54 Win: 0xFA79 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:05.979365 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:27523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80EC740B Ack: 0xC09975E2 Win: 0xFA57 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:05.983054 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:27526 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80EC8527 Ack: 0xC09975E2 Win: 0xFA57 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:06.034988 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:27697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80ECB87B Ack: 0xC09975E2 Win: 0xFA57 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:06.043189 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:27721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x80ECBE2F Ack: 0xC09975E2 Win: 0xFA57 TcpLen: 20
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.414621 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12707 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FDBE5 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.415958 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12722 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FE199 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.417329 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12723 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FE74D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.418659 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FED01 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.419958 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12725 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FF2B5 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.421609 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FF869 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.422846 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x810FFE1D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.466326 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x811003D1 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.467696 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81100985 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.472191 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12978 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81100F39 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.474227 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12979 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x811014ED Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.475490 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12980 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81101AA1 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.476777 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81102055 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.478114 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12983 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81102609 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.479440 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12984 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81102BBD Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.480539 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81103171 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.481836 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12986 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81103725 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.483170 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12987 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81103CD9 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.484444 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12988 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110428D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.486046 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12989 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81104841 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.487324 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12990 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81104DF5 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.488664 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12991 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x811053A9 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.489938 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12992 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110595D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.493760 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12995 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81106A79 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.494977 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12996 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110702D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.496267 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:12997 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x811075E1 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.532165 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13343 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81107B95 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.533455 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13344 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81108149 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.543272 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13377 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81109DCD Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.545030 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110A381 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.547641 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13380 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110AEE9 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.548937 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13381 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110B49D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.550041 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13382 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110BA51 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.551313 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13383 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110C005 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.552703 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13384 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110C5B9 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.554012 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13385 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110CB6D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.555361 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13386 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110D121 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.556618 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13387 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110D6D5 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.558298 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13388 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110DC89 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.559516 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13389 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110E23D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.560613 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13390 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110E7F1 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.562192 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13391 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110EDA5 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.564523 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13392 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110F359 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.565820 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110F90D Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.567165 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13511 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8110FEC1 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.573736 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13565 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81110475 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.575067 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81110A29 Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:34:16.579424 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:13598 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81110FDD Ack: 0xC0997648 Win: 0xF9F1 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.882182 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10940 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F379F5 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.883943 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F37FA9 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.885285 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10942 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F3855D Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.886590 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10970 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F38B11 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.887915 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10971 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F390C5 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.889158 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10972 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F39679 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.890232 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10973 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F39C2D Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.891470 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:10974 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F3A1E1 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.895652 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F3A795 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:27.896951 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:11032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81F3AD49 Ack: 0xC0997912 Win: 0xF727 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.665729 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31321 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241C59C Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.667065 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31322 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241CB50 Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.670521 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31323 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241D104 Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.671804 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31324 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241D6B8 Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.673066 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31325 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241DC6C Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.674473 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31326 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241E220 Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.675781 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31327 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241E7D4 Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.677126 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31328 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8241ED88 Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-22:35:54.684004 128.242.172.242:119 -> 192.168.1.101:4921
TCP TTL:116 TOS:0x0 ID:31334 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x82420A0C Ack: 0xC0997A00 Win: 0xF639 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/03-05:19:53.891555 172.20.148.50 -> 192.168.1.101
ICMP TTL:244 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:2067 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:62443 IpLen:20 DgmLen:48 DF
Seq: 0x4F316B2F Ack: 0xD4B25507
** END OF DUMP
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/03-12:49:03.281380 128.242.172.250:119 -> 192.168.1.101:1092
TCP TTL:116 TOS:0x0 ID:63696 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x49BED98A Ack: 0xC2A80C27 Win: 0xF80B TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/03-12:50:45.793791 128.242.172.250:119 -> 192.168.1.101:1092
TCP TTL:116 TOS:0x0 ID:57940 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A197666 Ack: 0xC2A80DDA Win: 0xF658 TcpLen: 20
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/03-12:51:55.480260 172.20.148.54 -> 192.168.1.101
ICMP TTL:245 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:1134 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:28252 IpLen:20 DgmLen:48 DF
Seq: 0xC7AAC1CF Ack: 0x2BD2DC3E
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/03-20:54:26.776394 172.20.148.50 -> 192.168.1.101
ICMP TTL:244 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.101:4291 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:15776 IpLen:20 DgmLen:48 DF
Seq: 0x5953DF6E Ack: 0x4E6F7420
** END OF DUMP
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/04-19:14:02.727267 128.242.172.250:119 -> 192.168.1.101:2970
TCP TTL:116 TOS:0x0 ID:54285 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCE7DC08C Ack: 0xA8A5DB3A Win: 0xFA63 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/04-19:29:16.202903 128.242.172.250:119 -> 192.168.1.101:2968
TCP TTL:116 TOS:0x0 ID:10010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC1C663CC Ack: 0xA438B846 Win: 0xF6F4 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/04-19:39:11.825478 128.242.172.250:119 -> 192.168.1.101:2969
TCP TTL:116 TOS:0x0 ID:38484 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEAD6ECB Ack: 0xA7273D40 Win: 0xF9E2 TcpLen: 20
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/04-23:38:33.099393 207.126.99.92:80 -> 192.168.1.101:3231
TCP TTL:53 TOS:0x0 ID:61101 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x37716D41 Ack: 0x8152CAF8 Win: 0x7D78 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/05-15:08:35.968614 128.242.172.250:119 -> 192.168.1.101:3798
TCP TTL:116 TOS:0x0 ID:24359 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x577CE939 Ack: 0xBC862AD9 Win: 0xFA63 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/05-15:14:47.024233 128.242.172.250:119 -> 192.168.1.101:3802
TCP TTL:116 TOS:0x0 ID:55167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6061C5DA Ack: 0xC05EA8D1 Win: 0xF9BE TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/08-15:46:37.710376 128.242.172.250:119 -> 192.168.1.101:2247
TCP TTL:116 TOS:0x0 ID:32828 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC674FC8 Ack: 0xE2928474 Win: 0xFA81 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/08-15:46:37.711630 128.242.172.250:119 -> 192.168.1.101:2247
TCP TTL:116 TOS:0x0 ID:32829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC67557C Ack: 0xE2928474 Win: 0xFA81 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/09-10:34:25.200830 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:62495 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x275D47AD Ack: 0xCFE564F4 Win: 0xF9FA TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/09-10:34:25.202167 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:62496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x275D4D61 Ack: 0xCFE564F4 Win: 0xF9FA TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/09-10:34:26.376324 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:9403 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x275F1215 Ack: 0xCFE56503 Win: 0xF9EB TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/09-10:34:26.377696 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:9404 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x275F17C9 Ack: 0xCFE56503 Win: 0xF9EB TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/09-10:34:27.793076 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:25777 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2760CC6A Ack: 0xCFE56512 Win: 0xF9DC TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/09-10:34:27.794347 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:25778 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2760D21E Ack: 0xCFE56512 Win: 0xF9DC TcpLen: 20
Go to: previous range, next range, all alerts, overview page
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:54 2003