SnortSnarf alert page

Destination: 192.168.1.103

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

58 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:20:50.351506 on 04/17/2003
Latest: 14:50:23.831723 on 06/10/2003

4 different signatures are present for 192.168.1.103 as a destination

1 instances of SHELLCODE x86 setuid 0
2 instances of SHELLCODE x86 NOOP
3 instances of SHELLCODE x86 inc ebx NOOP
52 instances of ICMP Large ICMP Packet

There are 8 distinct source IPs in the alerts of the type on this page.

192.168.1.103 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/17-22:20:50.351506 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:1110 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/17-22:20:50.436376 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:1112 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/17-22:20:50.545453 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:1116 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/18-15:46:44.873213 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:2439 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/18-15:46:44.971398 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:2440 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/18-15:46:45.106603 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:2447 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-00:06:27.104597 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:856 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-00:06:27.207434 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:857 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-00:06:27.299376 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:858 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-14:11:27.129238 24.29.1.179 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1277 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-14:11:27.239346 24.29.1.179 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1280 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-14:11:27.416745 24.29.1.179 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1292 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/29-16:36:12.359446 66.28.176.207:80 -> 192.168.1.103:1134
TCP TTL:45 TOS:0x0 ID:40697 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x774519B  Ack: 0x7B8C9BC  Win: 0x2180  TcpLen: 20

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/30-22:36:53.701988 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:287 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/30-22:36:53.815969 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:288 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/30-22:36:53.912073 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:289 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/04-22:07:06.601361 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:33121 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/04-22:07:06.672488 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:33123 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/04-22:07:06.790571 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:33132 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/09-00:37:03.852907 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:325 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/09-00:37:03.949857 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:326 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/09-00:37:04.056907 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:327 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/13-22:49:08.820378 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:982 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/13-22:49:08.934521 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:983 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/13-22:49:09.027321 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:984 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-23:09:15.165823 146.20.39.93:80 -> 192.168.1.103:1935
TCP TTL:51 TOS:0x0 ID:25643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCBD80B14  Ack: 0x59CF510C  Win: 0x832C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/13-23:09:20.401280 146.20.39.93:80 -> 192.168.1.103:1936
TCP TTL:51 TOS:0x0 ID:38599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x129414DA  Ack: 0x59D0AAD2  Win: 0x832C  TcpLen: 20

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-13:43:29.051008 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:239 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-13:43:29.116609 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:240 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-13:43:29.271267 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:241 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/20-23:58:26.302874 146.20.39.93:80 -> 192.168.1.103:1518
TCP TTL:51 TOS:0x0 ID:24681 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x45A5816E  Ack: 0xCA1B6D66  Win: 0x832C  TcpLen: 20

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
05/20-23:58:29.050462 146.20.39.93:80 -> 192.168.1.103:1519
TCP TTL:51 TOS:0x0 ID:31600 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA29AD27  Ack: 0xCA1C4684  Win: 0x832C  TcpLen: 20

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/21-00:02:47.485411 24.29.1.179 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:11286 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6144  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/21-00:02:47.592851 24.29.1.179 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:11287 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6400  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/21-20:21:20.258177 24.29.1.133 -> 192.168.1.103
ICMP TTL:252 TOS:0x0 ID:1573 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:15360  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/21-20:21:20.340779 24.29.1.133 -> 192.168.1.103
ICMP TTL:252 TOS:0x0 ID:1582 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:15616  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/21-20:21:20.464848 24.29.1.133 -> 192.168.1.103
ICMP TTL:252 TOS:0x0 ID:1595 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:15872  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/29-01:20:27.848086 24.29.1.81 -> 192.168.1.103
ICMP TTL:253 TOS:0x0 ID:789 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/29-01:20:27.872934 24.29.1.81 -> 192.168.1.103
ICMP TTL:253 TOS:0x0 ID:790 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6144  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/29-01:20:28.011527 24.29.1.81 -> 192.168.1.103
ICMP TTL:253 TOS:0x0 ID:791 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6400  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/29-19:18:29.851177 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:514 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/29-19:18:29.937647 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:515 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6144  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/29-19:18:30.052061 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:516 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6400  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/30-21:15:25.851119 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1952 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:16896  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/30-21:15:25.939257 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1953 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:17152  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/30-21:15:26.046189 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1954 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:17408  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/02-16:54:49.504046 24.29.1.179 -> 192.168.1.103
ICMP TTL:252 TOS:0x0 ID:885 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/02-16:54:49.617152 24.29.1.179 -> 192.168.1.103
ICMP TTL:252 TOS:0x0 ID:888 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/02-16:54:49.669166 24.29.1.179 -> 192.168.1.103
ICMP TTL:252 TOS:0x0 ID:889 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6144  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/03-22:57:14.576118 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:4643 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:8192  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/03-22:57:16.064824 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:4675 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:8704  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/04-23:55:46.853822 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:815 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/04-23:55:46.952076 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:817 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/04-23:55:47.052937 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:819 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6144  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/10-14:42:59.788509 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:663 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/10-14:42:59.888801 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:664 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6144  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
06/10-14:42:59.987788 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:665 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:6400  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:650:5] SHELLCODE x86 setuid 0 [**]
[Classification: A system call was detected] [Priority: 2] 
06/10-14:50:23.831723 172.149.194.108:1145 -> 192.168.1.103:1232
TCP TTL:117 TOS:0x0 ID:12312 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0x685C66A1  Ack: 0xD7C38FAB  Win: 0xF99D  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS436]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.103	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade