SnortSnarf alert page

Source: 66.185.146.249

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

31 such alerts found using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:20:50.351506 on 04/17/2003
Latest: 22:20:30.847692 on 05/20/2003

1 different signatures are present for 66.185.146.249 as a source

31 instances of ICMP Large ICMP Packet

There are 3 distinct destination IPs in the alerts of the type on this page.

66.185.146.249 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/17-22:20:50.351506 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:1110 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/17-22:20:50.436376 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:1112 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/17-22:20:50.545453 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:1116 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/18-15:46:44.873213 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:2439 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/18-15:46:44.971398 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:2440 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5632  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/18-15:46:45.106603 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:2447 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5888  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-00:06:27.104597 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:856 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-00:06:27.207434 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:857 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/23-00:06:27.299376 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:858 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5376  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/30-22:36:53.701988 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:287 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/30-22:36:53.815969 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:288 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
04/30-22:36:53.912073 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:289 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/04-22:07:06.601361 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:33121 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/04-22:07:06.672488 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:33123 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/04-22:07:06.790571 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:33132 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:5120  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/07-16:25:33.091103 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:16376 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:25355  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/07-16:25:33.229470 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:16379 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:25611  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/07-16:25:33.299338 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:16383 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:25867  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/09-00:37:03.852907 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:325 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/09-00:37:03.949857 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:326 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/09-00:37:04.056907 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:327 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/13-22:49:08.820378 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:982 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/13-22:49:08.934521 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:983 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/13-22:49:09.027321 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:984 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-13:43:29.051008 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:239 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4352  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-13:43:29.116609 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:240 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4608  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-13:43:29.271267 66.185.146.249 -> 192.168.1.103
ICMP TTL:248 TOS:0x0 ID:241 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4864  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-14:03:01.277290 66.185.146.249 -> 192.168.1.105
ICMP TTL:248 TOS:0x0 ID:1066 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:17920  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/16-14:03:01.317054 66.185.146.249 -> 192.168.1.105
ICMP TTL:248 TOS:0x0 ID:1067 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:18176  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/20-22:20:30.721451 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:11186 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4097  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2] 
05/20-22:20:30.847692 66.185.146.249 -> 192.168.1.4
ICMP TTL:248 TOS:0x0 ID:11187 IpLen:20 DgmLen:1478
Type:0  Code:0  ID:512  Seq:4353  ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:54 2003

66.185.146.249	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade