[Silicon Defense logo]

SnortSnarf alert page

Destination: 192.168.1.105

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

29 such alerts found using input module SnortFileInput, with sources:
Earliest: 03:07:01.847940 on 05/04/2003
Latest: 14:38:12.644801 on 06/08/2003

5 different signatures are present for 192.168.1.105 as a destination

There are 9 distinct source IPs in the alerts of the type on this page.

192.168.1.105 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade
See also 192.168.1.105 as an alert source [76 alerts]

[**] [1:650:5] SHELLCODE x86 setuid 0 [**]
[Classification: A system call was detected] [Priority: 2]
05/04-03:07:01.847940 63.240.15.136:80 -> 192.168.1.105:49157
TCP TTL:49 TOS:0x0 ID:28850 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C7A9732 Ack: 0x7695A39 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 6963637 2710498020
[Xref => http://www.whitehats.com/info/IDS436]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/04-03:13:52.388025 63.240.15.144:80 -> 192.168.1.105:49162
TCP TTL:49 TOS:0x0 ID:38691 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xAFF06CCB Ack: 0xA130F75 Win: 0x7C70 TcpLen: 32
TCP Options (3) => NOP NOP TS: 1067162 2710498841
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/05-19:44:31.487947 143.166.83.202:1253 -> 192.168.1.105:1057
TCP TTL:107 TOS:0x0 ID:35092 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EA46EF1 Ack: 0x1CEBEDFF Win: 0x4470 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/07-17:08:33.739024 192.150.18.29:80 -> 192.168.1.105:1151
TCP TTL:46 TOS:0x0 ID:38442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB90A382A Ack: 0x93145A10 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/07-17:08:33.980397 192.150.18.29:80 -> 192.168.1.105:1151
TCP TTL:46 TOS:0x0 ID:38452 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xB90A7132 Ack: 0x93145A10 Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/07-17:12:04.115360 63.208.194.39:80 -> 192.168.1.105:1200
TCP TTL:51 TOS:0x0 ID:36881 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xC618070B Ack: 0x9655A728 Win: 0x7D78 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/16-14:03:01.277290 66.185.146.249 -> 192.168.1.105
ICMP TTL:248 TOS:0x0 ID:1066 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:17920 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/16-14:03:01.317054 66.185.146.249 -> 192.168.1.105
ICMP TTL:248 TOS:0x0 ID:1067 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:18176 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/18-00:31:36.538792 213.239.45.162:80 -> 192.168.1.105:1185
TCP TTL:49 TOS:0x0 ID:13471 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA17A067 Ack: 0xDAB5A79 Win: 0x3240 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/18-00:31:36.542387 213.239.45.162:80 -> 192.168.1.105:1185
TCP TTL:49 TOS:0x0 ID:13473 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA17AA3F Ack: 0xDAB5A79 Win: 0x3240 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/18-00:31:36.896372 213.239.45.162:80 -> 192.168.1.105:1185
TCP TTL:49 TOS:0x0 ID:13499 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA182A37 Ack: 0xDAB5A79 Win: 0x3240 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/23-16:54:58.418010 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:17435 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:2797 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:37386 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/27-01:00:19.521905 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:63071 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:2797 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:15599 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/27-01:10:37.586222 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:16940 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:2797 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:15682 IpLen:20 DgmLen:106
Len: 78
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/28-00:26:17.845015 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:4278 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:28797 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/28-00:26:36.744592 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:4768 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:28800 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/28-00:36:55.392798 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:22523 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:33884 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
05/28-00:37:01.396977 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:22663 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:33896 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/01-19:23:01.044217 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:41068 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:31605 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/01-19:23:13.300008 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:41389 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:31607 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/06-14:47:54.946149 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:20241 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1027 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:10159 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/06-14:58:18.865252 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:37824 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1027 -> 10.52.11.251:161
UDP TTL:126 TOS:0x0 ID:14933 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/06-15:09:13.245821 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:56927 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1027 -> 10.52.11.251:161
UDP TTL:126 TOS:0x0 ID:16052 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/06-15:20:01.818508 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:10689 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1027 -> 10.52.11.251:161
UDP TTL:126 TOS:0x0 ID:17664 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/06-15:42:16.219639 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:51919 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1027 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:20303 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/08-13:53:22.216062 209.8.166.171:80 -> 192.168.1.105:1171
TCP TTL:53 TOS:0x0 ID:23169 IpLen:20 DgmLen:1300 DF
***AP*** Seq: 0x8CEE99B4 Ack: 0x6836A46A Win: 0x7FF8 TcpLen: 20
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/08-14:02:38.834783 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:18295 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:15057 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/08-14:37:53.642858 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:20855 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.52.11.251:161
UDP TTL:126 TOS:0x0 ID:19983 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
06/08-14:38:12.644801 10.53.96.1 -> 192.168.1.105
ICMP TTL:254 TOS:0x0 ID:21468 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.105:1030 -> 10.63.2.252:161
UDP TTL:126 TOS:0x0 ID:19986 IpLen:20 DgmLen:105
Len: 77
** END OF DUMP
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:57 2003