[Silicon Defense logo]

SnortSnarf signature page

SHELLCODE x86 NOOP

SnortSnarf v021111.1

Signature section (91123)Top 20 source IPsTop 20 dest IPs

1333 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 17:11:18.406820 on 04/22/2003
Latest such alert at 01:53:29.966072 on 06/12/2003

SHELLCODE x86 NOOP 40 sources 14 destinations
Priority: 1Classification: Executable code was detected
[sid:1394]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
128.242.172.24255356911
128.10.252.1028528612
207.172.2.14115415411
128.121.10.6712115611
128.242.172.250627011
192.168.1.1455611
161.114.1.254353511
207.188.7.150121211
192.150.20.28101022
216.65.98.1362311
129.128.5.1916611
192.150.18.285511
66.150.0.2474411
213.239.45.1623311
152.2.210.1212211
209.103.163.62211
64.125.133.2022211
192.150.18.292211
64.215.164.1002211
146.20.39.932411
65.24.2.1211312
199.45.62.121111
206.151.167.941412
143.166.83.2021111
12.247.228.931111
129.137.195.671111
195.93.80.1311111
63.216.0.2531111
216.65.98.691111
206.252.192.181111
206.151.167.2271313
203.173.8.1141111
63.240.15.1441111
63.208.194.391111
207.126.99.791411
209.249.123.2431111
17.254.0.1321111
207.126.99.921111
65.77.42.1051111
159.215.19.31111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.1.1017699511325
192.168.1.728528612
192.168.1.9115415512
192.168.1.44769411
192.168.1.3455712
192.168.1.104131668
192.168.1.10582959
192.168.1.102358210
192.168.1.6277702624
192.168.1.10325818
192.168.1.9221027
192.168.1.2117518
192.168.1.10013818
192.168.1.1061513

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:03:47 2003