[Silicon Defense logo]

SnortSnarf alert page

Source: 124.110.60.75

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

2 such alerts found using input module SnortFileInput, with sources:
Earliest: 21:25:55.859633 on 07/14/2010
Latest: 21:25:55.859633 on 07/14/2010

2 different signatures are present for 124.110.60.75 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

124.110.60.75 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1807:10] WEB-MISC Chunked-Encoding transfer attempt [**]
[Classification: Web Application Attack] [Priority: 1]
07/14-21:25:55.859633 124.110.60.75:1342 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:5677
***AP*** Seq: 0x7AAF7ED2 Ack: 0x66FC7FA2 Win: 0xFB34 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]
[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
[Classification: Web Application Attack] [Priority: 1]
07/14-21:25:55.859633 124.110.60.75:1342 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:5677
***AP*** Seq: 0x7AAF7ED2 Ack: 0x66FC7FA2 Win: 0xFB34 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0392][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0079][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0071][Xref => http://www.securityfocus.com/bid/5033][Xref => http://www.securityfocus.com/bid/4485][Xref => http://www.securityfocus.com/bid/4474]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:28 2010