SnortSnarf alert page

Source: 130.54.208.193: #601-698

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 18:56:39.679922 on 06/14/2010
Latest: 11:56:39.597147 on 08/10/2010

9 different signatures are present for 130.54.208.193 as a source

3 instances of IMAP authenticate overflow attempt
4 instances of WEB-MISC cross site scripting attempt
4 instances of (http_inspect) OVERSIZE CHUNK ENCODING
5 instances of (http_inspect) BARE BYTE UNICODE ENCODING
9 instances of WEB-MISC http directory traversal
9 instances of WEB-MISC Invalid HTTP Version String
13 instances of WEB-PHP test.php access
223 instances of IMAP status overflow attempt
428 instances of IMAP fetch overflow attempt

There are 1 distinct destination IPs in the alerts of the type on this page.

130.54.208.193 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-18:56:39.679922 130.54.208.193:58067 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1502
***AP*** Seq: 0x9AA596A2  Ack: 0x2EBFF3FE  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/14-18:56:42.510096 130.54.208.193:58067 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:596
***AP*** Seq: 0x9AA5B756  Ack: 0x2EBFF62A  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:31:23.587547 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:471
***AP*** Seq: 0xBF613B0F  Ack: 0x57C43C42  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:34:32.549037 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:625
***AP*** Seq: 0xBF615522  Ack: 0x57C44278  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:34:35.221551 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:540
***AP*** Seq: 0xBF61840A  Ack: 0x57C4446C  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:34:39.655042 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:56425 IpLen:20 DgmLen:261 DF
***AP*** Seq: 0x57C446AB  Ack: 0xBF61E6AF  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 672854205 586588631 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:34:49.920857 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:270
***AP*** Seq: 0xBF627AE5  Ack: 0x57C44864  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:35:07.498496 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:286
***AP*** Seq: 0xBF6356E7  Ack: 0x57C44BCF  Win: 0x29E0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-08:35:08.848266 130.54.208.193:53773 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:274
***AP*** Seq: 0xBF63DEC5  Ack: 0x57C44CB9  Win: 0x29E0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
06/15-15:58:42.625556 130.54.208.193:4609 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:4048
***AP*** Seq: 0x569C7C34  Ack: 0x585040E2  Win: 0x35A0  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
06/15-17:13:45.818004 130.54.208.193:4646 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2906
***AP*** Seq: 0x71668B57  Ack: 0xA236E292  Win: 0x2C88  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
06/15-17:14:01.358932 130.54.208.193:4648 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:9737
***AP*** Seq: 0x71B76F82  Ack: 0x2B74CA2A  Win: 0x65C7  TcpLen: 20

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/15-17:27:22.268827 130.54.208.193:39559 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1451
***AP*** Seq: 0xF7AE9A16  Ack: 0x5CF09F06  Win: 0x9E4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/16-09:32:23.587424 130.54.208.193:55766 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:253
***AP*** Seq: 0xDCA93A07  Ack: 0x7C8DA1FA  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
06/16-09:35:22.683138 130.54.208.193:4942 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1742
***AP*** Seq: 0xE5A9FD15  Ack: 0x4321131C  Win: 0x7359  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [1:1497:6] WEB-MISC cross site scripting attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/16-13:19:08.765037 130.54.208.193:1718 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:20607
***AP*** Seq: 0x66A6ED71  Ack: 0x32D877D0  Win: 0xFFFF  TcpLen: 20

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/19-08:53:52.821045 130.54.208.193:49925 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:304
***AP*** Seq: 0xE45DB44E  Ack: 0x9DAD4F4D  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/19-08:53:54.715032 130.54.208.193:49925 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:11202 IpLen:20 DgmLen:266 DF
***AP*** Seq: 0x9DAD4FCB  Ack: 0xE45DE950  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1019684286 621265010 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/19-08:54:03.701996 130.54.208.193:49925 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:461
***AP*** Seq: 0xE45E9512  Ack: 0x9DAD5345  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/19-08:54:41.320174 130.54.208.193:49925 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:483
***AP*** Seq: 0xE45EC6DB  Ack: 0x9DAD5500  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/19-08:54:44.520631 130.54.208.193:49925 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:303
***AP*** Seq: 0xE45EEC4F  Ack: 0x9DAD5607  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/19-10:08:02.275766 130.54.208.193:47781 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1451
***AP*** Seq: 0x8E5A9DE2  Ack: 0xD4987B1A  Win: 0x9E4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:29:52.625673 130.54.208.193:2728 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:286
***AP*** Seq: 0xB0B8EB96  Ack: 0x79B17E8E  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:29:55.081294 130.54.208.193:2728 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:302
***AP*** Seq: 0xB0B96A60  Ack: 0x79B17F94  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:29:57.025823 130.54.208.193:2728 -> 192.168.24.11:143
TCP TTL:113 TOS:0x0 ID:25905 IpLen:20 DgmLen:254 DF
***AP*** Seq: 0x79B18048  Ack: 0xB0B99EE1  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:30:01.885698 130.54.208.193:2728 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:390
***AP*** Seq: 0xB0BA1FAD  Ack: 0x79B18331  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:30:27.088641 130.54.208.193:2728 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:325
***AP*** Seq: 0xB0BA3D87  Ack: 0x79B1844E  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:30:29.465382 130.54.208.193:2728 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:517
***AP*** Seq: 0xB0BA4C23  Ack: 0x79B1862B  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:39:30.317413 130.54.208.193:42122 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:471
***AP*** Seq: 0xEAAF7EEA  Ack: 0xAC25E844  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:39:45.230998 130.54.208.193:42122 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1357
***AP*** Seq: 0xEAAF8C39  Ack: 0xAC25ED69  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-08:55:55.050325 130.54.208.193:42122 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1451
***AP*** Seq: 0xAC25EE4E  Ack: 0xEAAF93A1  Win: 0x11A4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-09:51:11.102924 130.54.208.193:37090 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:349
***AP*** Seq: 0xF736F15A  Ack: 0xB998B6ED  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-09:51:13.224108 130.54.208.193:37090 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:276
***AP*** Seq: 0xF7375674  Ack: 0xB998B7D9  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-12:20:51.248668 130.54.208.193:54620 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:435
***AP*** Seq: 0x2C862C87  Ack: 0xEF641603  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-12:20:51.715460 130.54.208.193:54620 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:357
***AP*** Seq: 0x2C862ED7  Ack: 0xEF641740  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-12:20:53.555434 130.54.208.193:54620 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:237
***AP*** Seq: 0x2C865C72  Ack: 0xEF641805  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-12:20:53.555434 130.54.208.193:54620 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:237
***AP*** Seq: 0x2C865C72  Ack: 0xEF641805  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:08:52.072665 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:314
***AP*** Seq: 0xA14AD6E  Ack: 0xCF2EDBA1  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:09:03.854819 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:328
***AP*** Seq: 0xA14F0BE  Ack: 0xCF2EDE78  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:09:05.452142 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:336
***AP*** Seq: 0xA14F3FC  Ack: 0xCF2EDFA0  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:09:09.183681 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:475
***AP*** Seq: 0xA159AC2  Ack: 0xCF2EE241  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:09:10.841786 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:358
***AP*** Seq: 0xA15D80E  Ack: 0xCF2EE37F  Win: 0x29E0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:09:13.901378 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:560
***AP*** Seq: 0xA15FF30  Ack: 0xCF2EE587  Win: 0x2E10  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/20-20:09:15.603375 130.54.208.193:54088 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:278
***AP*** Seq: 0xA160E4D  Ack: 0xCF2EE675  Win: 0x2E10  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/21-09:16:41.694093 130.54.208.193:41035 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:268
***AP*** Seq: 0xA9FC153A  Ack: 0x7380EB8B  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/21-09:16:47.493827 130.54.208.193:41035 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:246
***AP*** Seq: 0xA9FC2584  Ack: 0x7380EC59  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/21-09:16:49.265181 130.54.208.193:41035 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:30415 IpLen:20 DgmLen:266 DF
***AP*** Seq: 0x7380ECD7  Ack: 0xA9FC59E6  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1193896537 638682905 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/21-09:16:53.855352 130.54.208.193:41035 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:357
***AP*** Seq: 0xA9FD2412  Ack: 0x7380EF9F  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/21-09:17:34.443836 130.54.208.193:41035 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:235
***AP*** Seq: 0xA9FD6A6B  Ack: 0x7380F127  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/21-12:36:52.880007 130.54.208.193:34667 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:554
***AP*** Seq: 0x9E0FB6ED  Ack: 0x68F684AB  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:19.582322 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:204
***AP*** Seq: 0xC165C86F  Ack: 0x9387B6C6  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:21.612085 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:336
***AP*** Seq: 0xC1665903  Ack: 0x9387B7EE  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:28.418088 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:270
***AP*** Seq: 0xC1666558  Ack: 0x9387B8D4  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:28.798862 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:24386 IpLen:20 DgmLen:261 DF
***AP*** Seq: 0x9387B905  Ack: 0xC166992F  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1279994701 647291080 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:34.501556 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:420
***AP*** Seq: 0xC16739BB  Ack: 0x9387BBE3  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:37.381576 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:349
***AP*** Seq: 0xC16761FD  Ack: 0x9387BDA8  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-09:11:39.222823 130.54.208.193:55594 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:311
***AP*** Seq: 0xC1676860  Ack: 0x9387BEB7  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-13:40:56.852607 130.54.208.193:40456 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:191
***AP*** Seq: 0xC1B38A05  Ack: 0x9608D0EB  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-13:40:59.423200 130.54.208.193:40456 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:592
***AP*** Seq: 0xC1B39DA8  Ack: 0x9608D313  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-15:18:51.420748 130.54.208.193:32997 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:192
***AP*** Seq: 0x3746E889  Ack: 0xC1076DD  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-15:18:52.323143 130.54.208.193:32997 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:462
***AP*** Seq: 0x3746EAFF  Ack: 0xC107883  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-15:19:08.717137 130.54.208.193:32997 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:717
***AP*** Seq: 0x3746F06E  Ack: 0xC107B28  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/22-15:19:11.224685 130.54.208.193:32997 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:596
***AP*** Seq: 0x37470F96  Ack: 0xC107D54  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:17:06.064057 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:471
***AP*** Seq: 0x18CC7BE0  Ack: 0xF2F2D0B7  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:19:20.919087 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:286
***AP*** Seq: 0x18CDF83E  Ack: 0xF2F2D7A9  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:24:15.117292 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:11867 IpLen:20 DgmLen:261 DF
***AP*** Seq: 0xF2F2D9B3  Ack: 0x18CE3F9B  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1367179924 656007923 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:24:19.893658 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:277
***AP*** Seq: 0x18CED37F  Ack: 0xF2F2DB73  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:24:24.601579 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:548
***AP*** Seq: 0x18CF6D21  Ack: 0xF2F2DD6F  Win: 0x2180  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:24:25.081200 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:356
***AP*** Seq: 0x18CF6F72  Ack: 0xF2F2DEAB  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:24:26.702080 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:241
***AP*** Seq: 0x18CF7F05  Ack: 0xF2F2DF74  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:26:46.091805 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1489
***AP*** Seq: 0x18CF87EF  Ack: 0xF2F2E55D  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-09:26:46.091805 130.54.208.193:38724 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1489
***AP*** Seq: 0x18CF87EF  Ack: 0xF2F2E55D  Win: 0x25B0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-17:31:34.393624 130.54.208.193:37172 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:816
***AP*** Seq: 0x61F026C5  Ack: 0x3F23F826  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-17:31:57.887935 130.54.208.193:37172 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:19068 IpLen:20 DgmLen:266 DF
***AP*** Seq: 0x3F23F986  Ack: 0x61F02AA8  Win: 0xAF0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1396449037 658934284 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-17:31:57.964969 130.54.208.193:37172 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:399
***AP*** Seq: 0x61F02AA8  Ack: 0x3F23FA5E  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-17:32:02.284571 130.54.208.193:37172 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:264
***AP*** Seq: 0x61F09C53  Ack: 0x3F23FC1F  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-17:32:03.325249 130.54.208.193:37172 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:337
***AP*** Seq: 0x61F0A409  Ack: 0x3F23FD48  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-17:32:07.248605 130.54.208.193:37172 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:257
***AP*** Seq: 0x61F0B8FE  Ack: 0x3F23FE21  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-19:39:17.648328 130.54.208.193:44501 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1448
***AP*** Seq: 0x440A507C  Ack: 0x21FD6ED9  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/23-19:39:17.693154 130.54.208.193:44501 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:241
***AP*** Seq: 0x21FD6ED9  Ack: 0x440A50E4  Win: 0x9E4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/24-13:28:38.281586 130.54.208.193:47731 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:544
***AP*** Seq: 0x3229F6B  Ack: 0xE7E86D71  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/24-13:29:03.318009 130.54.208.193:47731 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:853
***AP*** Seq: 0x322A5AC  Ack: 0xE7E8709E  Win: 0x16A0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/24-13:29:08.661371 130.54.208.193:47731 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:512
***AP*** Seq: 0x3232016  Ack: 0xE7E87276  Win: 0x1920  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/24-16:15:42.258417 130.54.208.193:60888 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:375
***AP*** Seq: 0x788D5F73  Ack: 0x5D440400  Win: 0x1D50  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/26-14:53:46.521460 130.54.208.193:39021 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3005
***AP*** Seq: 0x3E901CCF  Ack: 0x9DF291A4  Win: 0x67E  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
06/27-17:14:42.231818 130.54.208.193:4741 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:18500
***AP*** Seq: 0xCEA35281  Ack: 0x96ED12EF  Win: 0xFD18  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/30-17:23:05.871119 130.54.208.193:47737 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1521
***AP*** Seq: 0xD0322781  Ack: 0x70732C90  Win: 0x9E4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
06/30-19:43:06.881340 130.54.208.193:34615 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1890
***AP*** Seq: 0xD410C898  Ack: 0x741E0526  Win: 0x3E96  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/01-14:00:37.326550 130.54.208.193:37664 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:45089 IpLen:20 DgmLen:261 DF
***AP*** Seq: 0xCA338EB  Ack: 0xACD435EA  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2075115469 127569999 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/01-14:00:46.715389 130.54.208.193:37664 -> 192.168.24.11:143
TCP TTL:49 TOS:0x0 ID:45176 IpLen:20 DgmLen:260 DF
***AP*** Seq: 0xCA33AD8  Ack: 0xACD5B5B5  Win: 0x3E96  TcpLen: 32
TCP Options (3) => NOP NOP TS: 2075124860 127572349 
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/04-21:31:38.297517 130.54.208.193:2013 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:448
***AP*** Seq: 0x11E0E030  Ack: 0xFFDCBDD9  Win: 0x3D04  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/20-20:07:14.924088 130.54.208.193:1690 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1572
***AP*** Seq: 0xD59309F5  Ack: 0xB01FF070  Win: 0x40E5  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/21-10:39:38.653297 130.54.208.193:1832 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:457
***AP*** Seq: 0xA8ECF93A  Ack: 0x1A02957E  Win: 0x4002  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/21-17:30:57.240533 130.54.208.193:2184 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:426
***AP*** Seq: 0xABDFEE9C  Ack: 0x9CC7AC17  Win: 0x3F2B  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
07/24-08:48:02.943776 130.54.208.193:2949 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:714
***AP*** Seq: 0x7C69AA50  Ack: 0x8605C086  Win: 0x4069  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3070:1] IMAP fetch overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
08/06-09:46:42.816591 130.54.208.193:1306 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:4340
***AP*** Seq: 0x9F202419  Ack: 0x9D8E11B2  Win: 0x3E6A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
08/10-10:55:40.586623 130.54.208.193:51746 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1521
***AP*** Seq: 0x9FEDAAAE  Ack: 0xF243CDB  Win: 0x2D4  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

[**] [1:3072:1] IMAP status overflow attempt [**]
[Classification: Misc Attack] [Priority: 2] 
08/10-11:56:39.597147 130.54.208.193:36900 -> 192.168.24.11:143
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1230
***AP*** Seq: 0xF3C20C0A  Ack: 0x83F75DF2  Win: 0xAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/11775]

Go to: previous range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:21 2010

130.54.208.193	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade