SnortSnarf alert page

Source: 192.168.24.51

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

34 such alerts found using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 21:22:25.125494 on 02/12/2010
Latest: 23:18:10.724608 on 03/03/2010

3 different signatures are present for 192.168.24.51 as a source

2 instances of (http_inspect) OVERSIZE CHUNK ENCODING
12 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING
20 instances of (http_inspect) BARE BYTE UNICODE ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.51 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/12-21:22:25.125494 192.168.24.51:1195 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4929 IpLen:20 DgmLen:1340 DF
***AP*** Seq: 0x1BEB8013  Ack: 0xB762D62D  Win: 0xFB05  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/12-21:23:00.147126 192.168.24.51:1198 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5104 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x9FACA818  Ack: 0xBA4D4248  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/12-21:23:21.924902 192.168.24.51:1198 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5226 IpLen:20 DgmLen:577 DF
***AP*** Seq: 0x9FAE99EB  Ack: 0xBA4D7355  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/13-07:31:52.089821 192.168.24.51:1838 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2967
***AP*** Seq: 0xB57564EB  Ack: 0xC7DDEF8C  Win: 0x5B8  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/16-22:08:03.439585 192.168.24.51:1193 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:24104 IpLen:20 DgmLen:494 DF
***AP*** Seq: 0xBEA4CB11  Ack: 0x5C6E1649  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-15:01:50.365940 192.168.24.51:1531 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2357
***AP*** Seq: 0x5025881A  Ack: 0xD634861D  Win: 0x527  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-15:16:27.587324 192.168.24.51:1639 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1801
***AP*** Seq: 0x870EDC93  Ack: 0x7254876C  Win: 0x493  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-15:16:43.664907 192.168.24.51:1640 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2376
***AP*** Seq: 0x87B935F8  Ack: 0xF01318C5  Win: 0x526  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-20:46:37.786934 192.168.24.51:1504 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2389
***AP*** Seq: 0x65A022EC  Ack: 0xC0C402A1  Win: 0x526  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-20:47:12.327944 192.168.24.51:1509 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2388
***AP*** Seq: 0x6803E5D9  Ack: 0xC8B80A76  Win: 0x526  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-21:00:23.182665 192.168.24.51:1596 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2389
***AP*** Seq: 0x992ED1D5  Ack: 0x2AE1FFD1  Win: 0x526  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-21:17:44.436050 192.168.24.51:1649 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2391
***AP*** Seq: 0xF631E677  Ack: 0xDB6FBB22  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-21:25:22.962977 192.168.24.51:1755 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2391
***AP*** Seq: 0xF789EBE7  Ack: 0xF4149131  Win: 0x527  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-21:25:53.531933 192.168.24.51:1764 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2391
***AP*** Seq: 0xF8EE6300  Ack: 0x68E82C57  Win: 0x527  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/17-22:07:44.308135 192.168.24.51:1939 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1812
***AP*** Seq: 0x98CDD047  Ack: 0x5A2B5AB6  Win: 0x47F  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/17-22:46:32.781811 192.168.24.51:2371 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:54965 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xE1398B88  Ack: 0x2B1C975E  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/18-23:03:46.582682 192.168.24.51:1974 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2389
***AP*** Seq: 0xA9084036  Ack: 0x3C7E2EF1  Win: 0x52F  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/18-23:04:47.336140 192.168.24.51:1984 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2602
***AP*** Seq: 0xAD92457D  Ack: 0x44FA3651  Win: 0x5A1  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/18-23:14:46.925733 192.168.24.51:2004 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2389
***AP*** Seq: 0xD25DDBE5  Ack: 0x7DD384F2  Win: 0x52F  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
02/18-23:24:06.786997 192.168.24.51:2049 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2042
***AP*** Seq: 0xF67C1B61  Ack: 0x6195B5A5  Win: 0x515  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/19-22:03:12.556168 192.168.24.51:1323 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40653 IpLen:20 DgmLen:1228 DF
***AP*** Seq: 0xB9815777  Ack: 0x2C1F509  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/21-23:21:46.656675 192.168.24.51:1205 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34002 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xABD5D184  Ack: 0xA82EC39C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/22-22:30:10.392829 192.168.24.51:1081 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1210 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8ADE0DFA  Ack: 0x2344E357  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/24-00:19:20.616500 192.168.24.51:1615 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:44988 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xD0A90673  Ack: 0xFC48BDBD  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/24-18:31:38.015206 192.168.24.51:1113 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:16186 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3397EE00  Ack: 0x19B4A92A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
02/24-18:35:01.430474 192.168.24.51:1115 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19861 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xC4D096BE  Ack: 0x26069A86  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/24-18:37:04.765557 192.168.24.51:1119 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22057 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA5F0C200  Ack: 0x2DEDBE84  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/24-18:38:03.107159 192.168.24.51:1120 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:23128 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x5E03F7F9  Ack: 0x312F0D13  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/24-23:11:14.531019 192.168.24.51:1852 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19358 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x85A9D32B  Ack: 0x39EF665C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
02/24-23:12:15.239330 192.168.24.51:1874 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19697 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA395E7BF  Ack: 0x3D341187  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
02/27-00:12:54.059484 192.168.24.51:1909 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2008
***AP*** Seq: 0x9B6BEF57  Ack: 0x56C3FB77  Win: 0x514  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-23:08:00.931053 192.168.24.51:1702 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:7962
***AP*** Seq: 0xDCDE2807  Ack: 0xD6C42166  Win: 0xB4A  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
03/03-23:14:42.167692 192.168.24.51:1706 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:42549 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x286C166C  Ack: 0xF5F6568D  Win: 0xFB05  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
03/03-23:18:10.724608 192.168.24.51:1712 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:42795 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x5AA41F6D  Ack: 0x4288955  Win: 0xFB34  TcpLen: 20

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Wed Sep 8 05:13:18 2010

192.168.24.51	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade