[Silicon Defense logo]

SnortSnarf alert page

Destination: 192.168.1.2

SnortSnarf v020516.1

Signature section (54)Top 20 source IPsTop 20 dest IPs

18 such alerts found using input module SnortFileInput, with sources:
Earliest: 06:43:07 on 7/23/2005
Latest: 21:53:43 on 7/23/2005

4 different signatures are present for 192.168.1.2 as a destination

There are 8 distinct source IPs in the alerts of the type on this page.

192.168.1.2 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade


Jul 23 06:43:07 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:57204 -> 192.168.1.2:80
Jul 23 06:57:06 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 65.54.188.78:55542 -> 192.168.1.2:80
Jul 23 08:18:31 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:34919 -> 192.168.1.2:80
Jul 23 10:38:17 lucretia snort: [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 192.5.4.146 -> 192.168.1.2
Jul 23 11:27:04 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 65.54.188.78:25144 -> 192.168.1.2:80
Jul 23 14:20:48 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:56605 -> 192.168.1.2:80
Jul 23 14:59:38 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 66.249.64.15:46051 -> 192.168.1.2:80
Jul 23 15:28:00 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:59744 -> 192.168.1.2:80
Jul 23 15:31:08 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 65.54.188.78:24845 -> 192.168.1.2:80
Jul 23 17:06:57 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:39464 -> 192.168.1.2:80
Jul 23 17:40:54 lucretia snort: [1:486:4] ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited [Classification: Misc activity] [Priority: 3]: {ICMP} 61.197.124.119 -> 192.168.1.2
Jul 23 18:17:07 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:52024 -> 192.168.1.2:80
Jul 23 18:28:06 lucretia snort: [1:1948:6] DNS zone transfer UDP [Classification: Attempted Information Leak] [Priority: 2]: {UDP} 209.133.23.151:53 -> 192.168.1.2:53
Jul 23 18:51:33 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 217.212.224.141:60232 -> 192.168.1.2:80
Jul 23 19:18:38 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:34680 -> 192.168.1.2:80
Jul 23 20:07:08 lucretia snort: [1:1948:6] DNS zone transfer UDP [Classification: Attempted Information Leak] [Priority: 2]: {UDP} 202.12.29.60:53 -> 192.168.1.2:53
Jul 23 20:08:33 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 68.142.251.149:58765 -> 192.168.1.2:80
Jul 23 21:53:43 lucretia snort: [1:1852:3] WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 65.54.188.78:24837 -> 192.168.1.2:80

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Sat Jul 23 22:10:13 2005