[Silicon Defense logo]

SnortSnarf alert page

Destination: 192.168.1.4

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

69 such alerts found using input module SnortFileInput, with sources:
Earliest: 13:08:18.010090 on 04/25/2003
Latest: 19:42:19.533911 on 06/02/2003

6 different signatures are present for 192.168.1.4 as a destination

There are 11 distinct source IPs in the alerts of the type on this page.

192.168.1.4 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade
See also 192.168.1.4 as an alert source [4196 alerts]

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:18.010090 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:57397 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9EE24F6 Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:18.033544 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:57463 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9EE5ADE Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:21.011421 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:62150 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9F065C2 Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:22.492034 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:64796 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9F28B9A Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:22.562795 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:64943 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9F2A12A Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:23.267236 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:818 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9F4BC3A Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:23.268499 161.114.1.254:20 -> 192.168.1.4:2149
TCP TTL:108 TOS:0x0 ID:819 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xF9F4C19E Ack: 0x44AD52E6 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:25.083310 161.114.1.254:20 -> 192.168.1.4:2151
TCP TTL:108 TOS:0x0 ID:3700 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xFE502F72 Ack: 0x44C88680 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:25.089894 161.114.1.254:20 -> 192.168.1.4:2151
TCP TTL:108 TOS:0x0 ID:3717 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xFE504A66 Ack: 0x44C88680 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:25.090471 161.114.1.254:20 -> 192.168.1.4:2151
TCP TTL:108 TOS:0x0 ID:3718 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xFE504FCA Ack: 0x44C88680 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:25.167726 161.114.1.254:20 -> 192.168.1.4:2151
TCP TTL:108 TOS:0x0 ID:3871 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xFE5085B2 Ack: 0x44C88680 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:25.250417 161.114.1.254:20 -> 192.168.1.4:2151
TCP TTL:108 TOS:0x0 ID:4029 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xFE50DBF2 Ack: 0x44C88680 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:31.965433 161.114.1.254:20 -> 192.168.1.4:2156
TCP TTL:108 TOS:0x0 ID:28662 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9B3BA9EC Ack: 0x44E2EBCA Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:32.039635 161.114.1.254:20 -> 192.168.1.4:2156
TCP TTL:108 TOS:0x0 ID:28731 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9B3BDFD4 Ack: 0x44E2EBCA Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:32.461368 161.114.1.254:20 -> 192.168.1.4:2156
TCP TTL:108 TOS:0x0 ID:29145 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9B3DEAB8 Ack: 0x44E2EBCA Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:32.983594 161.114.1.254:20 -> 192.168.1.4:2156
TCP TTL:108 TOS:0x0 ID:29721 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9B424130 Ack: 0x44E2EBCA Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:32.991263 161.114.1.254:20 -> 192.168.1.4:2156
TCP TTL:108 TOS:0x0 ID:29722 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9B424694 Ack: 0x44E2EBCA Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:34.893947 161.114.1.254:20 -> 192.168.1.4:2159
TCP TTL:108 TOS:0x0 ID:29072 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x1107630E Ack: 0x44F05BAF Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:34.900985 161.114.1.254:20 -> 192.168.1.4:2159
TCP TTL:108 TOS:0x0 ID:29084 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x11077E02 Ack: 0x44F05BAF Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:34.902320 161.114.1.254:20 -> 192.168.1.4:2159
TCP TTL:108 TOS:0x0 ID:29085 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x11078366 Ack: 0x44F05BAF Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:35.000767 161.114.1.254:20 -> 192.168.1.4:2159
TCP TTL:108 TOS:0x0 ID:29225 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x1107B94E Ack: 0x44F05BAF Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:08:35.092750 161.114.1.254:20 -> 192.168.1.4:2159
TCP TTL:108 TOS:0x0 ID:29366 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x11080F8E Ack: 0x44F05BAF Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:05.810257 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:20528 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE1612FB1 Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:05.847674 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:20606 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE1616599 Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:06.019740 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:20929 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE163707D Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:07.593056 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:23035 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE1659655 Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:07.598335 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:23039 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE165ABE5 Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:07.942264 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:23578 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE167C6F5 Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:07.943481 161.114.1.254:20 -> 192.168.1.4:2184
TCP TTL:108 TOS:0x0 ID:23579 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0xE167CC59 Ack: 0x456F601F Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:09.615179 161.114.1.254:20 -> 192.168.1.4:2186
TCP TTL:108 TOS:0x0 ID:54092 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x3943D773 Ack: 0x457F608B Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:09.621258 161.114.1.254:20 -> 192.168.1.4:2186
TCP TTL:108 TOS:0x0 ID:54097 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x3943F267 Ack: 0x457F608B Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:09.622547 161.114.1.254:20 -> 192.168.1.4:2186
TCP TTL:108 TOS:0x0 ID:54098 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x3943F7CB Ack: 0x457F608B Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:09.709285 161.114.1.254:20 -> 192.168.1.4:2186
TCP TTL:108 TOS:0x0 ID:54195 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x39442DB3 Ack: 0x457F608B Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:09:09.795107 161.114.1.254:20 -> 192.168.1.4:2186
TCP TTL:108 TOS:0x0 ID:54296 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x394483F3 Ack: 0x457F608B Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/25-13:13:36.330366 161.114.1.254:18950 -> 192.168.1.4:2303
TCP TTL:107 TOS:0x0 ID:10431 IpLen:20 DgmLen:1420 DF
***A**** Seq: 0x9A702D3F Ack: 0x49778EB2 Win: 0x40B0 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/26-22:08:06.278809 129.128.5.191:20 -> 192.168.1.4:1232
TCP TTL:236 TOS:0x0 ID:19107 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DE29D58 Ack: 0x8CD298E4 Win: 0x2238 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/26-22:08:06.654949 129.128.5.191:20 -> 192.168.1.4:1232
TCP TTL:236 TOS:0x0 ID:19126 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DE30910 Ack: 0x8CD298E4 Win: 0x2238 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/26-22:08:40.791023 129.128.5.191:20 -> 192.168.1.4:1234
TCP TTL:236 TOS:0x0 ID:20130 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4F0BF87A Ack: 0x8D4810EA Win: 0x2238 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/26-22:08:41.311217 129.128.5.191:20 -> 192.168.1.4:1234
TCP TTL:236 TOS:0x0 ID:20149 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4F0C6432 Ack: 0x8D4810EA Win: 0x2238 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/27-13:42:04.343867 208.174.225.158:80 -> 192.168.1.4:2322
TCP TTL:52 TOS:0x0 ID:3961 IpLen:20 DgmLen:1500
***A**** Seq: 0x452F1070 Ack: 0x899246C9 Win: 0x2180 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/27-13:42:04.346766 208.174.225.158:80 -> 192.168.1.4:2322
TCP TTL:52 TOS:0x0 ID:3963 IpLen:20 DgmLen:1500
***A**** Seq: 0x452F1BD8 Ack: 0x899246C9 Win: 0x2180 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
04/27-13:42:04.542805 208.174.225.158:80 -> 192.168.1.4:2322
TCP TTL:52 TOS:0x0 ID:4019 IpLen:20 DgmLen:1500
***A**** Seq: 0x45305B38 Ack: 0x899246C9 Win: 0x2180 TcpLen: 20
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
04/28-10:08:21.830538 172.20.148.50 -> 192.168.1.4
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.4:3488 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:9754 IpLen:20 DgmLen:48 DF
Seq: 0xE4884599 Ack: 0xD535AD3E
** END OF DUMP
[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3]
04/28-10:38:27.630559 172.20.148.50 -> 192.168.1.4
ICMP TTL:243 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.4:3661 -> 64.12.185.119:80
TCP TTL:116 TOS:0x0 ID:41913 IpLen:20 DgmLen:48 DF
Seq: 0xFDB883B2 Ack: 0xE33CAD3E
** END OF DUMP
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/05-21:05:30.970486 129.128.5.191:20 -> 192.168.1.4:1126
TCP TTL:236 TOS:0x0 ID:2450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D8CC94C Ack: 0x3609CBDC Win: 0x2238 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/05-21:05:32.712689 129.128.5.191:20 -> 192.168.1.4:1126
TCP TTL:236 TOS:0x0 ID:2469 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D8D3504 Ack: 0x3609CBDC Win: 0x2238 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/07-16:25:33.091103 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:16376 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:25355 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/07-16:25:33.229470 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:16379 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:25611 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/07-16:25:33.299338 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:16383 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:25867 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:20.309503 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10222 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51A83D7 Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:20.604815 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10232 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0xE51ABCDF Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:21.076276 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10262 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51B67F7 Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:21.080371 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10265 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51B7913 Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/10-15:23:21.083721 192.150.20.28:80 -> 192.168.1.4:3748
TCP TTL:44 TOS:0x0 ID:10267 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE51B847B Ack: 0x1205A0CB Win: 0x1920 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS181]
[**] [1:1841:2] WEB-CLIENT javascript URL host spoofing attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
05/12-18:21:56.609432 80.87.131.163:80 -> 192.168.1.4:4807
TCP TTL:46 TOS:0x0 ID:24454 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2730034 Ack: 0xEDBC2DDD Win: 0x209D TcpLen: 20
[Xref => http://www.securityfocus.com/bid/5293]
[**] [1:1841:2] WEB-CLIENT javascript URL host spoofing attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
05/12-18:21:56.757724 80.87.131.163:80 -> 192.168.1.4:4807
TCP TTL:46 TOS:0x0 ID:24456 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2730B9C Ack: 0xEDBC2DDD Win: 0x209D TcpLen: 20
[Xref => http://www.securityfocus.com/bid/5293]
[**] [1:1841:2] WEB-CLIENT javascript URL host spoofing attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
05/12-18:27:02.020801 80.87.131.163:80 -> 192.168.1.4:4882
TCP TTL:46 TOS:0x0 ID:41178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15129AEA Ack: 0xF201FA1D Win: 0x4470 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/5293]
[**] [1:1841:2] WEB-CLIENT javascript URL host spoofing attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1]
05/12-18:27:02.193226 80.87.131.163:80 -> 192.168.1.4:4882
TCP TTL:46 TOS:0x0 ID:41180 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1512A652 Ack: 0xF201FA1D Win: 0x4470 TcpLen: 20
[Xref => http://www.securityfocus.com/bid/5293]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/20-22:20:30.721451 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:11186 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:4097 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/20-22:20:30.847692 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:11187 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:4353 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
05/26-17:11:21.753671 213.193.18.46:80 -> 192.168.1.4:3017
TCP TTL:39 TOS:0x0 ID:4680 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x56A87DC6 Ack: 0x32B46D2E Win: 0x1D82 TcpLen: 20
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/28-14:00:39.043501 66.185.147.5 -> 192.168.1.4
ICMP TTL:251 TOS:0x0 ID:59235 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:65033 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/28-14:00:39.128560 66.185.147.5 -> 192.168.1.4
ICMP TTL:251 TOS:0x0 ID:59236 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:65289 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/28-14:00:39.272663 66.185.147.5 -> 192.168.1.4
ICMP TTL:251 TOS:0x0 ID:59237 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:10 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:649:5] SHELLCODE x86 setgid 0 [**]
[Classification: A system call was detected] [Priority: 2]
06/02-19:35:29.430157 63.210.68.213:80 -> 192.168.1.4:1101
TCP TTL:52 TOS:0x0 ID:59186 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2666F804 Ack: 0x97DE2E87 Win: 0x7D78 TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS284]
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-19:40:38.130057 207.126.99.79:80 -> 192.168.1.4:1111
TCP TTL:53 TOS:0x0 ID:12347 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39920D1A Ack: 0xC59EC308 Win: 0x7D78 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-19:40:38.140993 207.126.99.79:80 -> 192.168.1.4:1111
TCP TTL:53 TOS:0x0 ID:12362 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39921882 Ack: 0xC59EC308 Win: 0x7D78 TcpLen: 20
[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-19:40:38.481311 207.126.99.79:80 -> 192.168.1.4:1111
TCP TTL:53 TOS:0x0 ID:12787 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39935D96 Ack: 0xC59EC308 Win: 0x7D78 TcpLen: 20
[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
06/02-19:42:19.533911 207.126.99.79:80 -> 192.168.1.4:1122
TCP TTL:53 TOS:0x0 ID:45832 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x40F31089 Ack: 0xC722B49B Win: 0x7D78 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003