[Silicon Defense logo]

SnortSnarf alert page

Source: 218.16.111.89

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:
Earliest: 13:17:12.495884 on 05/29/2003
Latest: 13:20:22.472518 on 05/29/2003

2 different signatures are present for 218.16.111.89 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

218.16.111.89 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:17:12.495884 218.16.111.89:3564 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:62161 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4944D3D2 Ack: 0xB74248EA Win: 0x4410 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:17:12.523336 218.16.111.89:3564 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:62162 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4944D97E Ack: 0xB74248EA Win: 0x4410 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:17:27.191391 218.16.111.89:3992 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:63731 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4AAD61A1 Ack: 0xB7D957DE Win: 0x4410 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:17:27.217046 218.16.111.89:3992 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:63732 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4AAD674D Ack: 0xB7D957DE Win: 0x4410 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:17:31.167424 218.16.111.89:4114 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:64158 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4B125B3D Ack: 0xB88224F5 Win: 0x4410 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:17:31.193541 218.16.111.89:4114 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:64159 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x4B1260E9 Ack: 0xB88224F5 Win: 0x4410 TcpLen: 20
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:20:18.080016 218.16.111.89:1102 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:16900 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5B87D25E Ack: 0xC3979544 Win: 0x4410 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:20:21.525941 218.16.111.89:1214 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17321 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5BE61381 Ack: 0xC36828FB Win: 0x4410 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:20:21.551457 218.16.111.89:1214 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17322 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5BE6192D Ack: 0xC36828FB Win: 0x4410 TcpLen: 20
[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
05/29-13:20:22.472518 218.16.111.89:1102 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:17435 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x5B87D80A Ack: 0xC3979544 Win: 0x4410 TcpLen: 20
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:53 2003