SnortSnarf alert page

Destination: 192.168.1.101: #901-951

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 10:34:29.413713 on 06/09/2003
Latest: 01:53:29.966072 on 06/12/2003

7 different signatures are present for 192.168.1.101 as a destination

1 instances of SHELLCODE x86 unicode NOOP
1 instances of SHELLCODE x86 setgid 0
1 instances of WEB-CLIENT javascript URL host spoofing attempt
4 instances of SHELLCODE x86 setuid 0
87 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
88 instances of SHELLCODE x86 inc ebx NOOP
769 instances of SHELLCODE x86 NOOP

There are 25 distinct source IPs in the alerts of the type on this page.

192.168.1.101 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.101 as an alert source [6 alerts]

Go to: previous range, all alerts, overview page

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:29.413713 128.242.172.250:119 -> 192.168.1.101:3694
TCP TTL:115 TOS:0x0 ID:43758 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27275EDE  Ack: 0xCFC4600F  Win: 0xF946  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:29.415023 128.242.172.250:119 -> 192.168.1.101:3694
TCP TTL:115 TOS:0x0 ID:43759 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27276492  Ack: 0xCFC4600F  Win: 0xF946  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:30.214401 128.242.172.250:119 -> 192.168.1.101:3695
TCP TTL:115 TOS:0x0 ID:51477 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2753118F  Ack: 0xCFD98E8B  Win: 0xF982  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:30.222529 128.242.172.250:119 -> 192.168.1.101:3695
TCP TTL:115 TOS:0x0 ID:51479 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27531743  Ack: 0xCFD98E8B  Win: 0xF982  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:33.574489 128.242.172.250:119 -> 192.168.1.101:3694
TCP TTL:115 TOS:0x0 ID:23912 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x272A3C78  Ack: 0xCFC4602D  Win: 0xF928  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:33.575817 128.242.172.250:119 -> 192.168.1.101:3694
TCP TTL:115 TOS:0x0 ID:23913 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x272A422C  Ack: 0xCFC4602D  Win: 0xF928  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:33.955462 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:28614 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x276AF673  Ack: 0xCFE5655D  Win: 0xF991  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:33.956749 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:28615 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x276AFC27  Ack: 0xCFE5655D  Win: 0xF991  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:40.320561 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:40808 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x277136EE  Ack: 0xCFE56599  Win: 0xF955  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:40.321820 128.242.172.250:119 -> 192.168.1.101:3697
TCP TTL:115 TOS:0x0 ID:40809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27713CA2  Ack: 0xCFE56599  Win: 0xF955  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:42.700239 128.242.172.250:119 -> 192.168.1.101:3695
TCP TTL:115 TOS:0x0 ID:4572 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2760D12D  Ack: 0xCFD98F12  Win: 0xF8FB  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:42.701250 128.242.172.250:119 -> 192.168.1.101:3695
TCP TTL:115 TOS:0x0 ID:4573 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2760D6E1  Ack: 0xCFD98F12  Win: 0xF8FB  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:44.954256 128.242.172.250:119 -> 192.168.1.101:3694
TCP TTL:115 TOS:0x0 ID:30829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2732732D  Ack: 0xCFC46078  Win: 0xF8DD  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:44.955590 128.242.172.250:119 -> 192.168.1.101:3694
TCP TTL:115 TOS:0x0 ID:30830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x273278E1  Ack: 0xCFC46078  Win: 0xF8DD  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:59.435713 128.242.172.250:119 -> 192.168.1.101:3702
TCP TTL:115 TOS:0x0 ID:41305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x28F41B19  Ack: 0xD089A80E  Win: 0xFA45  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-10:34:59.437012 128.242.172.250:119 -> 192.168.1.101:3702
TCP TTL:115 TOS:0x0 ID:41306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x28F420CD  Ack: 0xD089A80E  Win: 0xFA45  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/09-12:27:19.658626 64.215.164.106:80 -> 192.168.1.101:3816
TCP TTL:50 TOS:0x0 ID:46358 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x82DAB901  Ack: 0x33EEBFED  Win: 0x7D78  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/10-18:00:39.395857 64.37.137.83:80 -> 192.168.1.101:4110
TCP TTL:40 TOS:0x0 ID:10857 IpLen:20 DgmLen:751 DF
***AP*** Seq: 0xB24F0D2E  Ack: 0x1586B28E  Win: 0x60F4  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/10-21:11:04.824401 208.29.250.190:80 -> 192.168.1.101:1437
TCP TTL:105 TOS:0x0 ID:9021 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DDDFCAD  Ack: 0xC247F697  Win: 0xF883  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:40:10.062661 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:20505 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x734A5AF6  Ack: 0x725AB8C3  Win: 0xF93D  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:40:24.993201 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:50360 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x735DD13C  Ack: 0x725AB8FF  Win: 0xF901  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:40:38.600147 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:8962 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x736CA801  Ack: 0x725AB92C  Win: 0xF8D4  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:40:53.153747 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:38043 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73779880  Ack: 0x725AB94A  Win: 0xF8B6  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:05.885955 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:56468 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x738A395D  Ack: 0x725AB977  Win: 0xF889  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:17.781852 128.242.172.250:119 -> 192.168.1.101:4334
TCP TTL:117 TOS:0x0 ID:64132 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D7A52E2  Ack: 0x6FFA107A  Win: 0xF74E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:21.844260 128.242.172.250:119 -> 192.168.1.101:4334
TCP TTL:117 TOS:0x0 ID:25195 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D80ABB7  Ack: 0x6FFA1089  Win: 0xF73F  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:25.866955 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:48631 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73A09F87  Ack: 0x725AB9C2  Win: 0xF83E  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:32.011046 128.242.172.250:119 -> 192.168.1.101:4370
TCP TTL:117 TOS:0x0 ID:24938 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73CD0B9B  Ack: 0x7270F65A  Win: 0xF8F2  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:55.796392 128.242.172.250:119 -> 192.168.1.101:4334
TCP TTL:117 TOS:0x0 ID:42443 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DABE860  Ack: 0x6FFA1110  Win: 0xF6B8  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:41:59.856720 128.242.172.250:119 -> 192.168.1.101:4334
TCP TTL:117 TOS:0x0 ID:5754 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DB23243  Ack: 0x6FFA111F  Win: 0xF6A9  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:42:12.670533 128.242.172.250:119 -> 192.168.1.101:4370
TCP TTL:117 TOS:0x0 ID:23515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x74011199  Ack: 0x7270F6F0  Win: 0xF85C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:42:27.595335 128.242.172.250:119 -> 192.168.1.101:4370
TCP TTL:117 TOS:0x0 ID:52891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x741578DE  Ack: 0x7270F72C  Win: 0xF820  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:42:28.312771 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:57112 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73E5C9C8  Ack: 0x725ABA94  Win: 0xF76C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:42:40.623770 128.242.172.250:119 -> 192.168.1.101:4370
TCP TTL:117 TOS:0x0 ID:7142 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7424ECE9  Ack: 0x7270F759  Win: 0xF7F3  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:42:45.136156 128.242.172.250:119 -> 192.168.1.101:4363
TCP TTL:117 TOS:0x0 ID:40878 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73FD0E98  Ack: 0x725ABADF  Win: 0xF721  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/11-14:45:57.635161 216.65.98.69:119 -> 192.168.1.101:4545
TCP TTL:103 TOS:0x0 ID:47935 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBC8B21B2  Ack: 0x7C68C59F  Win: 0x41DD  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:16:32.051747 128.242.172.250:119 -> 192.168.1.101:1527
TCP TTL:117 TOS:0x0 ID:46847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8EF5EDA  Ack: 0xB7C64C26  Win: 0xF9BE  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:16:32.053037 128.242.172.250:119 -> 192.168.1.101:1527
TCP TTL:117 TOS:0x0 ID:46848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8EF648E  Ack: 0xB7C64C26  Win: 0xF9BE  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:16:53.512098 128.242.172.250:119 -> 192.168.1.101:1526
TCP TTL:117 TOS:0x0 ID:61866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB90A08C9  Ack: 0xB7C565E4  Win: 0xF8EC  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:16:53.580685 128.242.172.250:119 -> 192.168.1.101:1526
TCP TTL:117 TOS:0x0 ID:62682 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB90A0E7D  Ack: 0xB7C565E4  Win: 0xF8EC  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:16:55.245340 128.242.172.250:119 -> 192.168.1.101:1525
TCP TTL:117 TOS:0x0 ID:13299 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB90E9DA9  Ack: 0xB7C4BFF1  Win: 0xF892  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:16:55.246674 128.242.172.250:119 -> 192.168.1.101:1525
TCP TTL:117 TOS:0x0 ID:13300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB90EA35D  Ack: 0xB7C4BFF1  Win: 0xF892  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:42:48.770267 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:105 TOS:0x0 ID:51922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7AFBA9EC  Ack: 0xC98CA468  Win: 0xF92E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:42:48.771533 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:105 TOS:0x0 ID:51925 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7AFBAFA0  Ack: 0xC98CA468  Win: 0xF92E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:43:51.571792 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:105 TOS:0x0 ID:58916 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B9D02BD  Ack: 0xC98CA882  Win: 0xFAD2  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:44:33.763066 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:104 TOS:0x0 ID:52102 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7BF41C76  Ack: 0xC98CAACB  Win: 0xF889  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:46:04.393014 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:104 TOS:0x0 ID:10199 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D17FA9A  Ack: 0xC98CAF7B  Win: 0xF997  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:46:10.268168 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:104 TOS:0x0 ID:41559 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D2FF4B8  Ack: 0xC98CAFE4  Win: 0xF92E  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:46:31.288710 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:104 TOS:0x0 ID:5684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D630D48  Ack: 0xC98CB098  Win: 0xF87A  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:46:42.161284 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:104 TOS:0x0 ID:51392 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7D84ACDB  Ack: 0xC98CB110  Win: 0xF802  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/12-01:53:29.966072 216.65.98.13:119 -> 192.168.1.101:1693
TCP TTL:103 TOS:0x0 ID:12586 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x828AD144  Ack: 0xC98CC592  Win: 0xFA78  TcpLen: 20

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:54 2003

192.168.1.101	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.101 as an alert source [6 alerts]