SnortSnarf alert page

Destination: 192.168.1.2: #101-175

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:35:44.181999 on 05/12/2003
Latest: 17:03:10.301102 on 06/03/2003

5 different signatures are present for 192.168.1.2 as a destination

1 instances of SHELLCODE x86 NOOP
1 instances of FTP LIST directory traversal attempt
3 instances of SHELLCODE x86 inc ebx NOOP
3 instances of ICMP PING NMAP
167 instances of ICMP L3retriever Ping

There are 8 distinct source IPs in the alerts of the type on this page.

192.168.1.2 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-00:35:44.181999 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:27596 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:46089  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-00:35:53.434533 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:27603 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:46345  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-00:35:55.682413 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:27604 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:46601  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:06:32.274031 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:47215 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:42763  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:06:34.637300 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:47222 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:43019  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:06:43.889964 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:47254 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:43275  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:06:46.138021 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:47261 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:43531  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:07:52.400579 192.168.1.101 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:56326 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:46592  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:07:52.401755 192.168.1.101 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:56328 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:46848  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:28.037203 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:373 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:8204  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:30.160312 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:380 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:8716  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:39.412750 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:487 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:10764  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:41.660448 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:502 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:11276  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:48.664259 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:583 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:12812  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:51.160970 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:610 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:13324  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:32:59.929185 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:707 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15116  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:33:02.161506 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:729 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:15884  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:33:10.710238 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:817 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:17676  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:33:13.161786 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:860 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:18188  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:33:15.663657 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:919 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:18956  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:33:18.161941 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:983 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:19468  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:34:16.174734 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18808 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:39682  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:34:18.250660 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18809 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:39938  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:34:20.751399 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18811 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:40194  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/12-08:34:23.250913 192.168.1.102 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:18812 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:40450  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:04:36.533527 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29944 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33295  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:04:38.630126 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29945 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33551  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:05:15.290366 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29963 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:33807  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:05:17.630834 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29966 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:34063  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:05:24.634640 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29972 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:34319  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:05:27.131207 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29975 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:34575  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:05:29.633284 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29977 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:34831  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:05:32.131481 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:29985 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:35087  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:01.847442 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20749 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:39695  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:04.161362 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20750 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:39951  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:40.805373 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20770 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:40207  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:43.162771 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20771 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:40463  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:50.166608 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20776 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:40719  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:52.663043 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20779 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:40975  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:55.165206 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20781 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:41231  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:54:57.663260 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20782 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:41487  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:55:58.293715 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20789 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:41743  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:56:00.665568 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20790 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:41999  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:56:03.167669 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20792 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:42255  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-17:56:05.665709 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:20793 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:42511  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:12.654407 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2421 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:60160  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:15.068041 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2423 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:60416  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:48.143345 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23694 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:53519  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:50.335637 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23695 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:53775  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:57.339454 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23700 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:54031  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:36:59.836102 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23703 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:54287  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:37:02.338044 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23705 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:54543  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:37:04.836216 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23706 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:54799  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:44:19.650055 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23882 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:56079  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:44:21.850757 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23883 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:56335  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:44:28.834669 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23893 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:56591  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:44:31.331112 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23896 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:56847  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:44:33.833095 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23898 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:57103  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:44:36.331268 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:23899 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:57359  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:59:19.915238 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:24365 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:58383  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:59:22.341656 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:24366 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:58639  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:59:29.345557 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:24371 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:58895  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:59:31.841981 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:24374 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:59151  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:59:34.344138 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:24376 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:59407  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/14-20:59:36.842226 192.168.1.4 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:24377 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:59663  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:29:56.114954 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2649 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20231  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:29:58.597631 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2650 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20487  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:469:1] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:08.413811 192.168.1.4 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:43998 IpLen:20 DgmLen:28
Type:8  Code:0  ID:512   Seq:58881  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [1:469:1] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:13.470390 192.168.1.4 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:43999 IpLen:20 DgmLen:28
Type:8  Code:0  ID:512   Seq:59137  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [1:469:1] ICMP PING NMAP [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:18.970564 192.168.1.4 -> 192.168.1.2
ICMP TTL:128 TOS:0x0 ID:44000 IpLen:20 DgmLen:28
Type:8  Code:0  ID:512   Seq:59393  ECHO
[Xref => http://www.whitehats.com/info/IDS162]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:35.337054 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2677 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20743  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:37.601239 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2678 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:20999  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:46.853592 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2685 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:21255  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:466:1] ICMP L3retriever Ping [**]
[Classification: Attempted Information Leak] [Priority: 2] 
05/21-16:30:49.102336 192.168.1.3 -> 192.168.1.2
ICMP TTL:32 TOS:0x0 ID:2686 IpLen:20 DgmLen:60
Type:8  Code:0  ID:512   Seq:21511  ECHO
[Xref => http://www.whitehats.com/info/IDS311]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/03-17:03:10.301102 129.137.195.67:1447 -> 192.168.1.2:20
TCP TTL:107 TOS:0x0 ID:21176 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x4EAC480C  Ack: 0xFA615316  Win: 0x2058  TcpLen: 20

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:54 2003

192.168.1.2	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade