SnortSnarf alert page

Source: 66.118.170.25

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

28 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:56:44.838257 on 06/13/2003
Latest: 01:01:47.870309 on 06/13/2003

1 different signatures are present for 66.118.170.25 as a source

28 instances of SHELLCODE x86 inc ebx NOOP

There are 1 distinct destination IPs in the alerts of the type on this page.

66.118.170.25 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:56:44.838257 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:22268 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF605C89  Ack: 0xCAD954AE  Win: 0xF8A6  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:56:51.325085 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:31264 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF608522  Ack: 0xCAD955FF  Win: 0xF755  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:56:55.303473 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:37901 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF60B1D4  Ack: 0xCAD95750  Win: 0xF604  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:57:07.641715 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:55416 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF60E8DC  Ack: 0xCAD959EB  Win: 0xF9A5  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:57:30.566114 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:25544 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF61966D  Ack: 0xCAD95DDB  Win: 0xF5B5  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:57:38.257377 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:37859 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF61B3F7  Ack: 0xCAD95F29  Win: 0xFAF0  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:58:09.706122 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:32105 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF62A0E0  Ack: 0xCAD96468  Win: 0xF5B1  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:58:30.341966 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:1229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF632D1F  Ack: 0xCAD96704  Win: 0xF9A0  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:58:41.091922 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:20637 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF636170  Ack: 0xCAD96853  Win: 0xF851  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:59:11.565639 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:7900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF642092  Ack: 0xCAD96C40  Win: 0xFAF0  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:59:30.403610 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:44990 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF6471D5  Ack: 0xCAD96D8D  Win: 0xF9A3  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:59:41.712567 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:65188 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF64AEFB  Ack: 0xCAD96ED9  Win: 0xF857  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:59:46.199237 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:5932 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF64D3A6  Ack: 0xCAD97024  Win: 0xF70C  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:59:46.687999 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:6615 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF64D3A6  Ack: 0xCAD97024  Win: 0xF70C  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-00:59:55.012906 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:21908 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF650775  Ack: 0xCAD97175  Win: 0xF5BB  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:11.903920 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:49902 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF65B0BC  Ack: 0xCAD976C4  Win: 0xF6F5  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:16.761044 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:60228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF65C9D1  Ack: 0xCAD97813  Win: 0xF5A6  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:24.357199 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:11360 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF65F0CC  Ack: 0xCAD97964  Win: 0xFAF0  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:30.533317 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:22370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF660CD9  Ack: 0xCAD97AB3  Win: 0xF9A1  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:43.263236 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:45227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF664C03  Ack: 0xCAD97D54  Win: 0xF700  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:45.873803 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:49378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF665F8F  Ack: 0xCAD97EA5  Win: 0xF5AF  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:00:52.600673 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:62888 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF66788F  Ack: 0xCAD97FF7  Win: 0xFAF0  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:01:00.323091 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:12848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF66A99A  Ack: 0xCAD98290  Win: 0xF857  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:01:06.064512 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:21319 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF66F5E9  Ack: 0xCAD9852D  Win: 0xF5BA  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:01:12.017920 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:30793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF67174E  Ack: 0xCAD98680  Win: 0xFAF0  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:01:25.027930 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:50612 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF679C95  Ack: 0xCAD98A77  Win: 0xF6F9  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:01:43.119103 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:20640 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF6876A9  Ack: 0xCAD98FBE  Win: 0xF84B  TcpLen: 20

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
06/13-01:01:47.870309 66.118.170.25:80 -> 192.168.1.102:1714
TCP TTL:108 TOS:0x0 ID:31441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF68C5EF  Ack: 0xCAD99260  Win: 0xF5A9  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003

66.118.170.25	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade