SnortSnarf start pageAll Snort signaturesSnortSnarf v021111.1 |
Signature section (91123) | Top 20 source IPs | Top 20 dest IPs |
Priority | Signature (click for sig info) | # Alerts | # Sources | # Dests | Detail link |
N/A | (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection | 1 | 1 | 1 | Summary |
N/A | (spp_stream4) STEALTH ACTIVITY (unknown) detection | 7 | 2 | 7 | Summary |
N/A | (snort_decoder): Short UDP packet, length field > payload length | 8 | 1 | 1 | Summary |
N/A | (snort_decoder): T/TCP Detected | 38 | 1 | 1 | Summary |
3 | FTP LIST directory traversal attempt [sid] [BUGTRAQ] | 1 | 1 | 1 | Summary |
3 | Virus - Possible pif Worm [sid] | 2 | 1 | 1 | Summary |
3 | SCAN SolarWinds IP scan attempt [sid] | 3 | 1 | 3 | Summary |
3 | Virus - Possible MyRomeo Worm [sid] | 4 | 1 | 1 | Summary |
3 | Virus - Possible scr Worm [sid] | 8 | 1 | 1 | Summary |
3 | SCAN UPNP service discover attempt [sid] | 80 | 2 | 1 | Summary |
3 | ICMP Destination Unreachable (Communication Administratively Prohibited) [sid] | 117 | 13 | 4 | Summary |
2 | WEB-IIS ISAPI .printer access [sid] [arachNIDS] | 1 | 1 | 1 | Summary |
2 | DDOS shaft synflood [sid] [arachNIDS] | 1 | 1 | 1 | Summary |
2 | SNMP trap tcp [sid] [CVE] | 1 | 1 | 1 | Summary |
2 | SCAN Proxy (8080) attempt [sid] | 1 | 1 | 1 | Summary |
2 | WEB-CGI formmail access [sid] [arachNIDS] | 2 | 1 | 1 | Summary |
2 | ICMP PING NMAP [sid] [arachNIDS] | 3 | 1 | 1 | Summary |
2 | WEB-MISC bad HTTP/1.1 request, Potentially worm attack [securityresponse.symantec.com] [sid] | 3 | 3 | 1 | Summary |
2 | WEB-CGI newdesk access [sid] | 3 | 3 | 1 | Summary |
2 | SNMP private access udp [sid] [CVE] | 3 | 1 | 1 | Summary |
2 | SHELLCODE x86 setgid 0 [sid] [arachNIDS] | 8 | 6 | 7 | Summary |
2 | SNMP Broadcast request [sid] [CVE] | 8 | 1 | 1 | Summary |
2 | SHELLCODE x86 setuid 0 [sid] [arachNIDS] | 9 | 7 | 6 | Summary |
2 | ATTACK RESPONSES 403 Forbidden [sid] | 29 | 1 | 18 | Summary |
2 | WEB-IIS view source via translate header [sid] [arachNIDS] | 58 | 16 | 1 | Summary |
2 | ICMP Large ICMP Packet [sid] [arachNIDS] | 62 | 5 | 3 | Summary |
2 | BAD TRAFFIC same SRC/DST [sid] [CVE] | 80 | 1 | 1 | Summary |
2 | ICMP L3retriever Ping [sid] [arachNIDS] | 168 | 5 | 2 | Summary |
2 | WEB-IIS _mem_bin access [sid] | 308 | 184 | 1 | Summary |
2 | WEB-FRONTPAGE /_vti_bin/ access [sid] | 316 | 190 | 1 | Summary |
2 | WEB-MISC robots.txt access [cgi.nessus.org] [sid] | 786 | 69 | 1 | Summary |
2 | SNMP public access udp [sid] [CVE] | 22568 | 3 | 1 | Summary |
2 | SNMP request udp [sid] [CVE] | 58657 | 3 | 1 | Summary |
1 | SHELLCODE x86 EB OC NOOP [sid] | 1 | 1 | 1 | Summary |
1 | SMTP HELO overflow attempt [sid] [CVE] | 2 | 2 | 1 | Summary |
1 | SHELLCODE x86 unicode NOOP [sid] | 3 | 3 | 3 | Summary |
1 | SHELLCODE x86 stealth NOOP [sid] [arachNIDS] | 4 | 1 | 1 | Summary |
1 | WEB-IIS WEBDAV nessus safe scan attempt [sid] [BUGTRAQ] | 4 | 4 | 1 | Summary |
1 | WEB-CLIENT javascript URL host spoofing attempt [sid] [BUGTRAQ] | 11 | 5 | 5 | Summary |
1 | SHELLCODE x86 inc ebx NOOP [sid] | 190 | 37 | 11 | Summary |
1 | WEB-IIS CodeRed v2 root.exe access [www.cert.org] [sid] | 680 | 204 | 1 | Summary |
1 | WEB-IIS ISAPI .ida attempt [sid] [arachNIDS] | 930 | 304 | 1 | Summary |
1 | WEB-IIS multiple decode attempt [sid] [CVE] | 952 | 176 | 1 | Summary |
1 | SHELLCODE x86 NOOP [sid] | 1333 | 40 | 14 | Summary |
1 | WEB-IIS unicode directory traversal attempt [sid] [CVE] | 1500 | 191 | 1 | Summary |
1 | WEB-IIS cmd.exe access [sid] | 2169 | 498 | 1 | Summary |