[Silicon Defense logo]

SnortSnarf alert page

Source: 216.39.50.74

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

8 such alerts found using input module SnortFileInput, with sources:
Earliest: 02:17:29.025277 on 04/25/2003
Latest: 19:21:46.546622 on 04/25/2003

1 different signatures are present for 216.39.50.74 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

216.39.50.74 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-02:17:29.025277 216.39.50.74:52272 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42383 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB2484AC9 Ack: 0xF36ABE8A Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 392097621 759586241
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-02:57:21.890523 216.39.50.74:42285 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50622 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x48F95079 Ack: 0x8A0525D9 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 392336851 760811807
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-05:57:14.069521 216.39.50.74:44347 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43887 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEF56A71F Ack: 0x320E8C86 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 393415811 766339240
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-08:17:35.100774 216.39.50.74:48143 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:62644 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2031197 Ack: 0x43EF38C2 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394257714 770652257
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-09:58:40.281823 216.39.50.74:33686 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42409 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7F8B806F Ack: 0xC1B496B5 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 394864087 773758665
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-11:50:28.735667 216.39.50.74:50491 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34988 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x25D7E90F Ack: 0x67314393 Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 395534772 777194528
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-15:32:44.754792 216.39.50.74:52564 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42129 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x6DED1D45 Ack: 0xB00A851E Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 396868057 784024860
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
04/25-19:21:46.546622 216.39.50.74:58900 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42851 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xCDD51707 Ack: 0x1024DC0B Win: 0x16D0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 398241908 791063000
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:52 2003