SnortSnarf alert page

Source: 192.168.24.52: #1-100

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 22:47:31.895419 on 07/30/2009
Latest: 21:54:51.146684 on 10/04/2009

6 different signatures are present for 192.168.24.52 as a source

1 instances of (snort_decoder) WARNING: TCP Data Offset is less than 5!
4 instances of (http_inspect) DOUBLE DECODING ATTACK
12 instances of (http_inspect) OVERSIZE CHUNK ENCODING
32 instances of (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
326 instances of (http_inspect) BARE BYTE UNICODE ENCODING
328 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.52 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/30-22:47:31.895419 192.168.24.52:1230 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11017 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3BC160B  Ack: 0x782DAEDE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/30-22:48:19.609594 192.168.24.52:1231 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11295 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x36ACA94A  Ack: 0x7C11B618  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/30-22:49:50.392170 192.168.24.52:1237 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11483 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x95FCD73  Ack: 0x81B0445F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/04-23:37:53.820063 192.168.24.52:1097 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3394 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x6232545C  Ack: 0x6CA71F68  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/05-23:30:30.734487 192.168.24.52:1423 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:42609 IpLen:20 DgmLen:414 DF
***AP*** Seq: 0x39ACDE84  Ack: 0x8DDA1BCD  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/07-22:28:05.747047 192.168.24.52:1204 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3833 IpLen:20 DgmLen:1273 DF
***AP*** Seq: 0x71841D68  Ack: 0x1E510090  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/08-23:23:57.189534 192.168.24.52:1223 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22789 IpLen:20 DgmLen:1228 DF
***AP*** Seq: 0x3A05D17E  Ack: 0x2E666E79  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:45:16.597041 192.168.24.52:1639 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51500 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3AA7CD19  Ack: 0x82B07B11  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
08/20-22:45:17.436614 192.168.24.52:1639 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51603 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3AA9FA1D  Ack: 0x82B07B11  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:46:40.718888 192.168.24.52:1641 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51732 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1E10F908  Ack: 0x87E585CC  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:51:49.013297 192.168.24.52:1667 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:54133 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x11ACC3A2  Ack: 0x9B46A535  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
08/20-22:51:49.852338 192.168.24.52:1667 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:54300 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x11AF792C  Ack: 0x9B46A535  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:59:41.153965 192.168.24.52:1684 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:63507 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3F115CAF  Ack: 0xB8C600A2  Win: 0xFB33  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:02:38.421811 192.168.24.52:1685 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:63768 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xEBF8393E  Ack: 0xC4615255  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/20-23:04:36.662362 192.168.24.52:1686 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:63944 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB73CF266  Ack: 0xCBB90745  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:04:37.895816 192.168.24.52:1686 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6436
***AP*** Seq: 0xCBB93D56  Ack: 0xB73D03AD  Win: 0xA7C  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/20-23:05:00.920382 192.168.24.52:1688 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:64107 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x41B6D9B2  Ack: 0xCD84CA8D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:05:24.109744 192.168.24.52:1688 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6029
***AP*** Seq: 0xCD852DC3  Ack: 0x41B6E984  Win: 0x916  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:28:33.655968 192.168.24.52:1744 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1085 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xE128096D  Ack: 0x265020FA  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/20-23:31:52.481730 192.168.24.52:1745 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1234 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB6C4B2B8  Ack: 0x32481795  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/21-23:03:18.814643 192.168.24.52:1484 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32133 IpLen:20 DgmLen:587 DF
***AP*** Seq: 0x5CA79AD4  Ack: 0x4FC2361  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/22-23:37:45.238499 192.168.24.52:3251 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50413 IpLen:20 DgmLen:647 DF
***AP*** Seq: 0xE3801E94  Ack: 0xC513ADF1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/24-22:32:35.616122 192.168.24.52:1203 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4472 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3C651861  Ack: 0x4AC98E95  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/25-22:47:16.374797 192.168.24.52:1100 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5930 IpLen:20 DgmLen:549 DF
***AP*** Seq: 0xCD2242F5  Ack: 0xBED16EA1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/26-22:37:36.953272 192.168.24.52:3218 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2725 IpLen:20 DgmLen:259 DF
***AP*** Seq: 0x6019063A  Ack: 0xD96B4FD0  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/26-22:37:51.065258 192.168.24.52:3218 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2641
***AP*** Seq: 0x60190B19  Ack: 0xD96BC5A8  Win: 0xFB1C  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/26-22:42:30.272458 192.168.24.52:3220 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:10477
***AP*** Seq: 0xE92C1641  Ack: 0x774BFA34  Win: 0x105E  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/27-22:32:44.586164 192.168.24.52:1260 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:940 IpLen:20 DgmLen:1225 DF
***AP*** Seq: 0xFCC66062  Ack: 0x4445603  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/28-22:25:34.264730 192.168.24.52:1169 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:48397 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x86CC2C15  Ack: 0x26A2F62E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/29-22:13:09.075345 192.168.24.52:1470 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18823 IpLen:20 DgmLen:434 DF
***AP*** Seq: 0x960D1505  Ack: 0x3636D868  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/29-22:25:21.775238 192.168.24.52:1487 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19518 IpLen:20 DgmLen:1410 DF
***AP*** Seq: 0x2D6522AC  Ack: 0x64087093  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/29-23:27:53.785005 192.168.24.52:1745 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47651 IpLen:20 DgmLen:281 DF
***AP*** Seq: 0x72038D7  Ack: 0x51148B40  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/30-22:45:51.056749 192.168.24.52:1113 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2503 IpLen:20 DgmLen:1348 DF
***AP*** Seq: 0x9BEAC309  Ack: 0xEF043BF7  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/30-22:50:53.201127 192.168.24.52:1210 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:7415 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xACB2F5D8  Ack: 0x23FB04F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/30-22:51:47.380709 192.168.24.52:1213 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:7535 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1DF27544  Ack: 0x538D520  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/31-23:16:30.690640 192.168.24.52:1072 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3758
***AP*** Seq: 0xA011269A  Ack: 0x55238FD8  Win: 0x70A  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/01-22:44:13.802106 192.168.24.52:1985 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60034 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3A80D0E  Ack: 0x64D2EB7E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/02-23:35:58.573917 192.168.24.52:2430 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:31548 IpLen:20 DgmLen:1111 DF
***AP*** Seq: 0x729ED8F8  Ack: 0x6587B66B  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/03-23:11:49.293178 192.168.24.52:2665 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:42426 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xF37FBD83  Ack: 0x4F6EF10C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/04-23:04:06.004884 192.168.24.52:1123 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3936 IpLen:20 DgmLen:869 DF
***AP*** Seq: 0x7EC0778C  Ack: 0x70C83F0B  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/09-23:20:34.939019 192.168.24.52:1222 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9351 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x989AF0F8  Ack: 0xE3C01143  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/09-23:24:40.332093 192.168.24.52:1224 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9541 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x58EB25DE  Ack: 0xF2DFB436  Win: 0xFB33  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/09-23:40:31.653430 192.168.24.52:1280 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10700 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x5D43163F  Ack: 0x2E9D96F4  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:43:51.097644 192.168.24.52:1281 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10833 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA59A5509  Ack: 0x3C4B9DD4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:47:03.511149 192.168.24.52:1287 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11243 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x197E872F  Ack: 0x47C29BBE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:53:27.052641 192.168.24.52:1296 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11536 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7F35E840  Ack: 0x5FFE469A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:54:42.239949 192.168.24.52:1325 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:12049 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x17179140  Ack: 0x645E7E41  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/10-00:41:40.607793 192.168.24.52:1425 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15356 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xE4ABC67F  Ack: 0x157AFF7D  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/10-22:15:27.126858 192.168.24.52:1911 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1126 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB72576A2  Ack: 0x2BA85E54  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/10-22:15:27.127262 192.168.24.52:1911 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1128 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB725818E  Ack: 0x2BA85E54  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/11-22:58:58.081928 192.168.24.52:1072 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2876 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0xC4A5C9D2  Ack: 0xE62E793  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/13-23:39:55.534902 192.168.24.52:1165 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3989 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB1534DFD  Ack: 0x249B21A2  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/14-21:53:34.354799 192.168.24.52:1377 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15370 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x29DF0F19  Ack: 0xD0C0674A  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/14-21:53:34.354913 192.168.24.52:1377 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15371 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x29DF148F  Ack: 0xD0C0674A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/14-21:54:44.462076 192.168.24.52:1381 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15522 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA714A761  Ack: 0xD55500FD  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/14-21:54:44.462497 192.168.24.52:1381 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15524 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA714B24D  Ack: 0xD55500FD  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/14-21:56:38.480092 192.168.24.52:1393 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15812 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7C6901AA  Ack: 0xDB2B4136  Win: 0xFB08  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/17-00:28:38.001310 192.168.24.52:3413 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:16071 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x61533EB1  Ack: 0x9659DFCF  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/17-00:29:48.260564 192.168.24.52:3418 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:16216 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xD67537A1  Ack: 0x9A893956  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
09/17-00:46:53.779056 192.168.24.52:3471 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:5711
***AP*** Seq: 0xD666B0B3  Ack: 0x33B39DDD  Win: 0x922  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/22-22:47:35.497055 192.168.24.52:1341 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11562 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1E4D97C7  Ack: 0x8AC3957E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:51:07.103152 192.168.24.52:2263 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40392 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x5BF54B85  Ack: 0xF6B5761D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:51:34.289749 192.168.24.52:2266 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40433 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC62B22FC  Ack: 0xF835F34B  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:54:04.211482 192.168.24.52:2283 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40833 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x576AFB37  Ack: 0xFFBD3A1C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:54:52.939817 192.168.24.52:2289 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40953 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB1A76D94  Ack: 0x4A1E069  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/25-23:14:40.743319 192.168.24.52:1143 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3333 IpLen:20 DgmLen:1426 DF
***AP*** Seq: 0xDFE3C7CA  Ack: 0xAB5653A6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/27-22:11:08.243621 192.168.24.52:1103 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1642 IpLen:20 DgmLen:506 DF
***AP*** Seq: 0x600384F  Ack: 0x36C4AB19  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/29-22:22:25.850339 192.168.24.52:2261 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:57694 IpLen:20 DgmLen:952 DF
***AP*** Seq: 0x41F25A90  Ack: 0xDC453002  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/29-22:32:08.945681 192.168.24.52:2290 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59181 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB762A8AE  Ack: 0x1CF39CF  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/29-22:32:45.647256 192.168.24.52:2291 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59447 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xED300564  Ack: 0x2CDF495  Win: 0xFB33  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/29-22:39:26.399031 192.168.24.52:2303 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59911 IpLen:20 DgmLen:769 DF
***AP*** Seq: 0xA6EC1182  Ack: 0x1C81D8B8  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/29-22:49:34.238057 192.168.24.52:2311 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60401 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x64CA6B63  Ack: 0x43465DB2  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/29-22:49:34.239170 192.168.24.52:2311 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60405 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x64CA813B  Ack: 0x43465DB2  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/30-22:49:44.291871 192.168.24.52:1686 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32860 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8698D714  Ack: 0x81BFB16A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/30-22:57:37.899564 192.168.24.52:1697 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33265 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA5006D03  Ack: 0x9FA9FF9F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/01-23:36:51.889358 192.168.24.52:2565 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:58555 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x35534CAC  Ack: 0x12D7FA41  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-21:59:56.114704 192.168.24.52:1250 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9197 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8B1D321C  Ack: 0x1F4C3E37  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-22:01:22.150829 192.168.24.52:1251 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9281 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xEFCEFF4  Ack: 0x25FBF977  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:33:28.191299 192.168.24.52:1894 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32800 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x39E6C0BF  Ack: 0x8081AB70  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:35:29.523235 192.168.24.52:1896 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32892 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1230C8A3  Ack: 0x88A5E89C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:43:20.932668 192.168.24.52:1901 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33186 IpLen:20 DgmLen:220 DF
***AP*** Seq: 0x1540631E  Ack: 0xA6B9B5EF  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:43:37.963066 192.168.24.52:1902 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33231 IpLen:20 DgmLen:212 DF
***AP*** Seq: 0xBA658A64  Ack: 0xA7866695  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:48:03.548201 192.168.24.52:1907 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33442 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x234F4DE5  Ack: 0xB7D3BD1B  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/03-23:48:03.548315 192.168.24.52:1907 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33443 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x234F535B  Ack: 0xB7D3BD1B  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:49:10.175641 192.168.24.52:1908 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33486 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3155CF88  Ack: 0xBBDA3ACB  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/03-23:49:10.175766 192.168.24.52:1908 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33487 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3155D4FE  Ack: 0xBBDA3ACB  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:00:31.665965 192.168.24.52:1934 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34560 IpLen:20 DgmLen:972 DF
***AP*** Seq: 0x1ED2FC79  Ack: 0xE6BE4CAC  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:01:07.524531 192.168.24.52:1935 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34604 IpLen:20 DgmLen:998 DF
***AP*** Seq: 0x4A103E2F  Ack: 0xE9EDF73E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:01:54.194600 192.168.24.52:1936 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34680 IpLen:20 DgmLen:1020 DF
***AP*** Seq: 0xCF882CA5  Ack: 0xECBB2FF3  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:07:15.205574 192.168.24.52:1978 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35699 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3D5F60C  Ack: 0x68DD86  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:07:15.205700 192.168.24.52:1978 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35700 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3D5FB82  Ack: 0x68DD86  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:08:20.503260 192.168.24.52:1985 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35887 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7B1C63DF  Ack: 0x532A512  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:08:20.503370 192.168.24.52:1985 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35888 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x7B1C6955  Ack: 0x532A512  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:08:45.229268 192.168.24.52:1987 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35967 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xD38FBEB  Ack: 0x5E4B849  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:08:45.229391 192.168.24.52:1987 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35968 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xD390161  Ack: 0x5E4B849  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:09:30.005309 192.168.24.52:1989 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36061 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xFC2386F7  Ack: 0x912539C  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:09:30.005418 192.168.24.52:1989 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36062 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xFC238C6D  Ack: 0x912539C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:10:35.799197 192.168.24.52:1994 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36228 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8BADEB5F  Ack: 0xC8F1B54  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:10:35.799308 192.168.24.52:1994 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36229 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x8BADF0D5  Ack: 0xC8F1B54  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/04-21:54:51.146684 192.168.24.52:1342 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1937
***AP*** Seq: 0x48A33222  Ack: 0xE797DAE7  Win: 0x4F6  TcpLen: 20

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Fri Jul 30 05:05:23 2010

192.168.24.52	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade