SnortSnarf alert page

Source: 124.25.91.99

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 00:09:17.369593 on 03/02/2010
Latest: 00:05:21.458889 on 03/03/2010

1 different signatures are present for 124.25.91.99 as a source

10 instances of (http_inspect) BARE BYTE UNICODE ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

124.25.91.99 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/02-00:09:17.369593 124.25.91.99:1739 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:19317 IpLen:20 DgmLen:415 DF
***AP*** Seq: 0x5EBCB905  Ack: 0x49D01276  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/02-00:09:18.050513 124.25.91.99:1740 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:19324 IpLen:20 DgmLen:413 DF
***AP*** Seq: 0xD5F3625F  Ack: 0x4916EC2D  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/02-00:09:18.731890 124.25.91.99:1741 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:19331 IpLen:20 DgmLen:420 DF
***AP*** Seq: 0xC716B854  Ack: 0x49F930E1  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/02-00:09:19.429173 124.25.91.99:1742 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:19338 IpLen:20 DgmLen:416 DF
***AP*** Seq: 0xCA8DD14A  Ack: 0x49BE33D1  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/02-00:09:21.484118 124.25.91.99:1745 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:19359 IpLen:20 DgmLen:414 DF
***AP*** Seq: 0x2D63681D  Ack: 0x49B33177  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-00:05:17.285549 124.25.91.99:4588 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:59938 IpLen:20 DgmLen:410 DF
***AP*** Seq: 0xCB399747  Ack: 0x788FC7AD  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-00:05:17.975803 124.25.91.99:4589 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:59945 IpLen:20 DgmLen:408 DF
***AP*** Seq: 0x5345646  Ack: 0x79706076  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-00:05:18.665870 124.25.91.99:4590 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:59952 IpLen:20 DgmLen:415 DF
***AP*** Seq: 0x5809160A  Ack: 0x7945D5EF  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-00:05:19.384151 124.25.91.99:4591 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:59959 IpLen:20 DgmLen:411 DF
***AP*** Seq: 0x3933682B  Ack: 0x79930858  Win: 0xFFFF  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-00:05:21.458889 124.25.91.99:4594 -> 192.168.24.11:80
TCP TTL:115 TOS:0x0 ID:59980 IpLen:20 DgmLen:409 DF
***AP*** Seq: 0xEFFE9A31  Ack: 0x79611DC9  Win: 0xFFFF  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:23 2010

124.25.91.99	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade