[Silicon Defense logo]

SnortSnarf alert page

Source: 66.185.147.5

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

17 such alerts found using input module SnortFileInput, with sources:
Earliest: 14:00:39.043501 on 05/28/2003
Latest: 14:42:59.987788 on 06/10/2003

1 different signatures are present for 66.185.147.5 as a source

There are 2 distinct destination IPs in the alerts of the type on this page.

66.185.147.5 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/28-14:00:39.043501 66.185.147.5 -> 192.168.1.4
ICMP TTL:251 TOS:0x0 ID:59235 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:65033 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/28-14:00:39.128560 66.185.147.5 -> 192.168.1.4
ICMP TTL:251 TOS:0x0 ID:59236 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:65289 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/28-14:00:39.272663 66.185.147.5 -> 192.168.1.4
ICMP TTL:251 TOS:0x0 ID:59237 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:10 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/29-19:18:29.851177 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:514 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:5888 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/29-19:18:29.937647 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:515 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:6144 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/29-19:18:30.052061 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:516 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:6400 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/30-21:15:25.851119 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1952 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:16896 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/30-21:15:25.939257 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1953 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:17152 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
05/30-21:15:26.046189 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:1954 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:17408 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/03-22:57:14.576118 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:4643 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:8192 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/03-22:57:16.064824 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:4675 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:8704 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/04-23:55:46.853822 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:815 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:5632 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/04-23:55:46.952076 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:817 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:5888 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/04-23:55:47.052937 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:819 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:6144 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/10-14:42:59.788509 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:663 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:5888 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/10-14:42:59.888801 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:664 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:6144 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
[**] [1:499:3] ICMP Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/10-14:42:59.987788 66.185.147.5 -> 192.168.1.103
ICMP TTL:251 TOS:0x0 ID:665 IpLen:20 DgmLen:1478
Type:0 Code:0 ID:512 Seq:6400 ECHO REPLY
[Xref => http://www.whitehats.com/info/IDS246]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:28 2003