SnortSnarf alert page

Destination: 192.168.1.2: #1-100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 10:59:01.871901 on 04/23/2003
Latest: 00:35:41.840668 on 05/12/2003

5 different signatures are present for 192.168.1.2 as a destination

1 instances of SHELLCODE x86 NOOP
1 instances of FTP LIST directory traversal attempt
3 instances of SHELLCODE x86 inc ebx NOOP
3 instances of ICMP PING NMAP
167 instances of ICMP L3retriever Ping

There are 8 distinct source IPs in the alerts of the type on this page.

192.168.1.2 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [1:1992:1] FTP LIST directory traversal attempt [**]
[Classification: Generic Protocol Command Decode] [Priority: 3] 
04/23-10:59:01.871901 129.137.182.192:2049 -> 192.168.1.2:21
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:226
***AP*** Seq: 0xEC82E05B  Ack: 0xFDF5CAD5  Win: 0x1E14  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11112][Xref => http://www.securityfocus.com/bid/2618][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0680]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:29.801086 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:660 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10241  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:31.956642 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:666 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10497  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:40.052268 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:675 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10753  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:58:42.457816 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:679 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11009  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:08.664690 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:700 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11265  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:10.960617 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:701 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11521  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:20.212588 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:709 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11777  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-14:59:22.461197 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:710 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:12033  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-16:51:49.826251 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:10721 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:7936  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-16:51:52.214938 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:10723 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:8192  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-16:52:28.921008 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:10740 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:8448  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-16:52:31.216474 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:10741 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:8704  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-16:52:40.469073 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:10748 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:8960  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-16:52:42.717017 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:10749 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:9216  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:00:57.008507 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41392 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:13824  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:00:59.131495 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41393 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14080  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:35.808841 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41414 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14336  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:38.135372 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41415 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14592  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:47.388022 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41423 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:14848  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:01:49.636784 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41424 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15104  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:40.612369 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41431 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15360  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:42.641391 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41432 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15616  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:45.142998 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41434 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15872  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-19:02:47.642027 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:41436 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:16128  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:09.095389 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43219 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24064  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:11.451469 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43220 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24320  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:48.207137 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43236 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24576  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:50.455564 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43237 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24832  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:23:59.707959 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43244 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:25088  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/26-21:24:01.956630 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:43245 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:25344  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:07.602395 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53779 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:4866  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:10.021708 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53781 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5122  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:18.852075 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53791 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5378  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:21.022960 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53794 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5634  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:46.745745 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53812 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:5890  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:49.025811 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53813 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:6146  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:51:58.278259 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53821 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:6402  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-09:52:00.526818 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:53822 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:6658  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/28-18:25:59.391667 206.151.167.94:80 -> 192.168.1.2:2641
TCP TTL:50 TOS:0x0 ID:48341 IpLen:20 DgmLen:1500
***A**** Seq: 0xB18F029A  Ack: 0xE3954B4C  Win: 0x2180  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/28-18:25:59.394325 206.151.167.94:80 -> 192.168.1.2:2641
TCP TTL:50 TOS:0x0 ID:48343 IpLen:20 DgmLen:1500
***A**** Seq: 0xB18F0E02  Ack: 0xE3954B4C  Win: 0x2180  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/28-18:25:59.554311 206.151.167.94:80 -> 192.168.1.2:2641
TCP TTL:50 TOS:0x0 ID:48399 IpLen:20 DgmLen:1500
***A**** Seq: 0xB1904D62  Ack: 0xE3954B4C  Win: 0x2180  TcpLen: 20

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:32:53.497866 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62469 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32514  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:32:55.540980 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62491 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32770  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:32:58.042706 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62516 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33026  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
04/28-18:33:00.541490 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:62540 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33282  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:47:16.901950 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:57470 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:19977  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:47:18.997680 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:57474 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20233  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:47:55.719567 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:57532 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20489  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:47:57.999155 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:57535 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20745  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:48:07.250586 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:57590 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:21001  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:48:09.499563 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:57594 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:21257  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:48:22.040729 192.168.1.100 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:32548 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:18691  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:48:24.347000 192.168.1.100 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:32549 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:18947  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:48:26.847841 192.168.1.100 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:32551 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:19203  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-19:48:29.347272 192.168.1.100 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:32552 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:19459  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:16.550077 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:58886 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:22025  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:19.006153 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:58892 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:22281  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:27.805252 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:58914 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:22537  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:30.006732 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:58917 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:22793  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:40.289947 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46698 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23554  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:42.490176 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46699 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23810  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:44.991735 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46701 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24066  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:47.490694 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:46702 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:24322  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:55.729635 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:58998 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23049  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:01:58.007729 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:59001 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23305  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:02:07.240110 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:59017 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23561  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-20:02:09.488138 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:59021 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:23817  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:20:46.040191 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1572 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:29705  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:20:48.048157 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1576 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:29961  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:20:57.284524 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1595 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:30217  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:20:59.548596 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1599 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:30473  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:20.813011 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13604 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:27650  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:23.209566 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13605 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:27906  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:24.739067 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1643 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:30729  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:25.710512 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13607 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:28162  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:27.049533 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1682 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:30985  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:28.209827 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:13608 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:28418  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:36.301208 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1698 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:31241  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:21:38.549959 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:1702 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:31497  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:22:00.213975 192.168.1.101 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:9692 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15360  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:22:02.380477 192.168.1.101 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:9695 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15616  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:22:04.881418 192.168.1.101 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:9700 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15872  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:22:07.380741 192.168.1.101 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:9705 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:16128  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:30:57.868963 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2613 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32265  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:31:00.058968 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2616 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32521  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:31:36.718283 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2673 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:32777  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:31:39.060335 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2676 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33033  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:31:48.311981 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2692 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33289  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:31:50.560168 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2696 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33545  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:32:53.205026 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:7912 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:30210  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:41:41.822743 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20906 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:35081  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:41:44.080149 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20909 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:35337  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:42:20.714216 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20967 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:35593  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:42:23.071451 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20970 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:35849  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:42:32.323797 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:21020 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:36105  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/11-21:42:34.572026 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:21024 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:36361  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-00:35:02.688335 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:27574 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:45321  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-00:35:05.180581 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:27575 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:45577  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-00:35:41.840668 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:27595 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:45833  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:54 2003

192.168.1.2	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade