SnortSnarf alert page

Source: 192.168.24.52: #1-100

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 21:53:34.354799 on 09/14/2009
Latest: 22:58:34.516220 on 10/31/2009

6 different signatures are present for 192.168.24.52 as a source

1 instances of (snort_decoder) WARNING: TCP Data Offset is less than 5!
4 instances of (http_inspect) DOUBLE DECODING ATTACK
12 instances of (http_inspect) OVERSIZE CHUNK ENCODING
32 instances of (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
326 instances of (http_inspect) BARE BYTE UNICODE ENCODING
328 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.52 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: next range, all alerts, overview page

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/14-21:53:34.354799 192.168.24.52:1377 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15370 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x29DF0F19  Ack: 0xD0C0674A  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/14-21:53:34.354913 192.168.24.52:1377 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15371 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x29DF148F  Ack: 0xD0C0674A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/14-21:54:44.462076 192.168.24.52:1381 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15522 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA714A761  Ack: 0xD55500FD  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/14-21:54:44.462497 192.168.24.52:1381 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15524 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA714B24D  Ack: 0xD55500FD  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/14-21:56:38.480092 192.168.24.52:1393 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15812 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7C6901AA  Ack: 0xDB2B4136  Win: 0xFB08  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/17-00:28:38.001310 192.168.24.52:3413 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:16071 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x61533EB1  Ack: 0x9659DFCF  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/17-00:29:48.260564 192.168.24.52:3418 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:16216 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xD67537A1  Ack: 0x9A893956  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
09/17-00:46:53.779056 192.168.24.52:3471 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:5711
***AP*** Seq: 0xD666B0B3  Ack: 0x33B39DDD  Win: 0x922  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/22-22:47:35.497055 192.168.24.52:1341 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11562 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1E4D97C7  Ack: 0x8AC3957E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:51:07.103152 192.168.24.52:2263 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40392 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x5BF54B85  Ack: 0xF6B5761D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:51:34.289749 192.168.24.52:2266 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40433 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC62B22FC  Ack: 0xF835F34B  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:54:04.211482 192.168.24.52:2283 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40833 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x576AFB37  Ack: 0xFFBD3A1C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/24-23:54:52.939817 192.168.24.52:2289 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:40953 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB1A76D94  Ack: 0x4A1E069  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/25-23:14:40.743319 192.168.24.52:1143 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3333 IpLen:20 DgmLen:1426 DF
***AP*** Seq: 0xDFE3C7CA  Ack: 0xAB5653A6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/27-22:11:08.243621 192.168.24.52:1103 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1642 IpLen:20 DgmLen:506 DF
***AP*** Seq: 0x600384F  Ack: 0x36C4AB19  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/29-22:22:25.850339 192.168.24.52:2261 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:57694 IpLen:20 DgmLen:952 DF
***AP*** Seq: 0x41F25A90  Ack: 0xDC453002  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/29-22:32:08.945681 192.168.24.52:2290 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59181 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB762A8AE  Ack: 0x1CF39CF  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/29-22:32:45.647256 192.168.24.52:2291 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59447 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xED300564  Ack: 0x2CDF495  Win: 0xFB33  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/29-22:39:26.399031 192.168.24.52:2303 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59911 IpLen:20 DgmLen:769 DF
***AP*** Seq: 0xA6EC1182  Ack: 0x1C81D8B8  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/29-22:49:34.238057 192.168.24.52:2311 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60401 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x64CA6B63  Ack: 0x43465DB2  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/29-22:49:34.239170 192.168.24.52:2311 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60405 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x64CA813B  Ack: 0x43465DB2  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/30-22:49:44.291871 192.168.24.52:1686 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32860 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8698D714  Ack: 0x81BFB16A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/30-22:57:37.899564 192.168.24.52:1697 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33265 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA5006D03  Ack: 0x9FA9FF9F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/01-23:36:51.889358 192.168.24.52:2565 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:58555 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x35534CAC  Ack: 0x12D7FA41  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-21:59:56.114704 192.168.24.52:1250 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9197 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8B1D321C  Ack: 0x1F4C3E37  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-22:01:22.150829 192.168.24.52:1251 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9281 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xEFCEFF4  Ack: 0x25FBF977  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:33:28.191299 192.168.24.52:1894 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32800 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x39E6C0BF  Ack: 0x8081AB70  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:35:29.523235 192.168.24.52:1896 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32892 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1230C8A3  Ack: 0x88A5E89C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:43:20.932668 192.168.24.52:1901 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33186 IpLen:20 DgmLen:220 DF
***AP*** Seq: 0x1540631E  Ack: 0xA6B9B5EF  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:43:37.963066 192.168.24.52:1902 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33231 IpLen:20 DgmLen:212 DF
***AP*** Seq: 0xBA658A64  Ack: 0xA7866695  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:48:03.548201 192.168.24.52:1907 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33442 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x234F4DE5  Ack: 0xB7D3BD1B  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/03-23:48:03.548315 192.168.24.52:1907 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33443 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x234F535B  Ack: 0xB7D3BD1B  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/03-23:49:10.175641 192.168.24.52:1908 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33486 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3155CF88  Ack: 0xBBDA3ACB  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/03-23:49:10.175766 192.168.24.52:1908 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33487 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3155D4FE  Ack: 0xBBDA3ACB  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:00:31.665965 192.168.24.52:1934 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34560 IpLen:20 DgmLen:972 DF
***AP*** Seq: 0x1ED2FC79  Ack: 0xE6BE4CAC  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:01:07.524531 192.168.24.52:1935 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34604 IpLen:20 DgmLen:998 DF
***AP*** Seq: 0x4A103E2F  Ack: 0xE9EDF73E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:01:54.194600 192.168.24.52:1936 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:34680 IpLen:20 DgmLen:1020 DF
***AP*** Seq: 0xCF882CA5  Ack: 0xECBB2FF3  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:07:15.205574 192.168.24.52:1978 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35699 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3D5F60C  Ack: 0x68DD86  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:07:15.205700 192.168.24.52:1978 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35700 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3D5FB82  Ack: 0x68DD86  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:08:20.503260 192.168.24.52:1985 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35887 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7B1C63DF  Ack: 0x532A512  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:08:20.503370 192.168.24.52:1985 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35888 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x7B1C6955  Ack: 0x532A512  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:08:45.229268 192.168.24.52:1987 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35967 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xD38FBEB  Ack: 0x5E4B849  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:08:45.229391 192.168.24.52:1987 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35968 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xD390161  Ack: 0x5E4B849  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:09:30.005309 192.168.24.52:1989 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36061 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xFC2386F7  Ack: 0x912539C  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:09:30.005418 192.168.24.52:1989 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36062 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xFC238C6D  Ack: 0x912539C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-00:10:35.799197 192.168.24.52:1994 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36228 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8BADEB5F  Ack: 0xC8F1B54  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/04-00:10:35.799308 192.168.24.52:1994 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36229 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x8BADF0D5  Ack: 0xC8F1B54  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/04-21:54:51.146684 192.168.24.52:1342 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1937
***AP*** Seq: 0x48A33222  Ack: 0xE797DAE7  Win: 0x4F6  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/04-22:48:33.753350 192.168.24.52:1690 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32310 IpLen:20 DgmLen:406 DF
***AP*** Seq: 0xAB31E3D6  Ack: 0x14BED3D7  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/06-00:05:55.374765 192.168.24.52:1716 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2258
***AP*** Seq: 0x75556FAA  Ack: 0x4AA46639  Win: 0x578  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/08-22:57:38.693867 192.168.24.52:1075 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1901 IpLen:20 DgmLen:1118 DF
***AP*** Seq: 0x2F694863  Ack: 0x2F35C1E4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/09-22:56:20.284091 192.168.24.52:1189 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5160 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8F87F761  Ack: 0x67CF4651  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/10-22:40:14.779201 192.168.24.52:1149 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4496 IpLen:20 DgmLen:454 DF
***AP*** Seq: 0xA50887D9  Ack: 0x68A9F651  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/11-00:13:47.168572 192.168.24.52:2178 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38822 IpLen:20 DgmLen:184 DF
***AP*** Seq: 0xBDD81B38  Ack: 0xC9DB7AD5  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/16-22:59:46.454305 192.168.24.52:1593 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32632 IpLen:20 DgmLen:612 DF
***AP*** Seq: 0xF44EA8CF  Ack: 0x25DB7E77  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
10/16-23:14:31.159883 192.168.24.52:1781 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1145
***AP*** Seq: 0x200E0ECA  Ack: 0x5D8BD064  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
10/17-22:47:36.877583 192.168.24.52:1188 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2530
***AP*** Seq: 0x352690C2  Ack: 0x502680C4  Win: 0x608  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:14:35.010242 192.168.24.52:1951 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35206 IpLen:20 DgmLen:965 DF
***AP*** Seq: 0xE41AD19F  Ack: 0xD98E2BB9  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:27:41.521292 192.168.24.52:2010 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37020 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xFEE027FA  Ack: 0xB73DB6A  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/18-23:27:41.521415 192.168.24.52:2010 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37021 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xFEE02D70  Ack: 0xB73DB6A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:28:11.395855 192.168.24.52:2011 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37057 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x371A40BD  Ack: 0xC4B6120  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/18-23:28:11.395977 192.168.24.52:2011 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37058 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x371A4633  Ack: 0xC4B6120  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:28:44.968284 192.168.24.52:2012 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37092 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x726D4354  Ack: 0xE77980F  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
10/18-23:28:44.968401 192.168.24.52:2012 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37093 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x726D48CA  Ack: 0xE77980F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:29:14.548576 192.168.24.52:2013 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37174 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x810BB3B4  Ack: 0x1048ABC9  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:30:51.271573 192.168.24.52:2015 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37389 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB12FA695  Ack: 0x16672A3C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:31:30.522413 192.168.24.52:2016 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37450 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x97E82D1D  Ack: 0x19A063E4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:31:58.868823 192.168.24.52:2018 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37537 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xCB7AEBC6  Ack: 0x1B0354E6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:33:26.645185 192.168.24.52:2020 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37681 IpLen:20 DgmLen:104 DF
***AP*** Seq: 0xEFA4C0F8  Ack: 0x2010F335  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:35:44.981261 192.168.24.52:2021 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38006 IpLen:20 DgmLen:146 DF
***AP*** Seq: 0xC673FB8D  Ack: 0x28534F24  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
10/18-23:38:27.067996 192.168.24.52:2023 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:7543
***AP*** Seq: 0x81DAB22A  Ack: 0x331D2F78  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:40:51.226682 192.168.24.52:2024 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38554 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA631A42A  Ack: 0x3BBAC7BE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:41:47.180226 192.168.24.52:2026 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38609 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xEF398F4D  Ack: 0x3FE9B476  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:43:17.507293 192.168.24.52:2032 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38703 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x9C7DF1EA  Ack: 0x45DA9553  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:43:43.704481 192.168.24.52:2033 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38745 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x2AE1A7C8  Ack: 0x471BE792  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:45:34.146271 192.168.24.52:2035 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38807 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x67EE161C  Ack: 0x4E3D229E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:49:05.502397 192.168.24.52:2039 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39037 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x4B125CED  Ack: 0x5B24A90A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/18-23:50:02.941423 192.168.24.52:2041 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39136 IpLen:20 DgmLen:178 DF
***AP*** Seq: 0x2B5EBDB1  Ack: 0x5EE59B42  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:10:29.861773 192.168.24.52:1937 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:44688 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8B54F081  Ack: 0x714198AB  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:14:19.525774 192.168.24.52:1941 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:44950 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB5F8E627  Ack: 0x80E37CE4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:15:48.956933 192.168.24.52:1946 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47079 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC41A2E39  Ack: 0x8570CF07  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:30:55.286963 192.168.24.52:1974 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47891 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x197C07DB  Ack: 0xBE7D57C2  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:32:18.414001 192.168.24.52:1976 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47964 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB6DE4757  Ack: 0xC454682D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:32:34.407760 192.168.24.52:1976 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47998 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB6DE8417  Ack: 0xC454F2E7  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:35:37.362620 192.168.24.52:1982 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:48343 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA3EDBB9B  Ack: 0xD048B4C8  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:37:41.227442 192.168.24.52:1986 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:48755 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x4F188F05  Ack: 0xD8F14599  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:37:59.845636 192.168.24.52:1986 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:14013
***AP*** Seq: 0xD8F1D54B  Ack: 0x4F18BE0D  Win: 0x12F0  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:40:01.871987 192.168.24.52:1987 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:48842 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB40B58AF  Ack: 0xE07E4EA0  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:42:20.384793 192.168.24.52:1993 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:49121 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x2FE279F2  Ack: 0xE9AFBAF4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:47:45.890226 192.168.24.52:1995 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:49379 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xF146E53C  Ack: 0xFF1C23F5  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/29-23:47:51.345322 192.168.24.52:1995 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:23215
***AP*** Seq: 0xFF1CBCFE  Ack: 0xF1473836  Win: 0x1E2A  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:48:13.535525 192.168.24.52:1997 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:49509 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x29FD4516  Ack: 0x11ED8B8  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:51:38.291965 192.168.24.52:2042 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50365 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x390F0DC0  Ack: 0xDA060D4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:52:17.844830 192.168.24.52:2043 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50444 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3B97BE72  Ack: 0x10AA5F5F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:53:26.593213 192.168.24.52:2046 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50612 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xCD6DEE8F  Ack: 0x1466B4BF  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/29-23:57:12.782347 192.168.24.52:2053 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50935 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA2CB0455  Ack: 0x2254EF34  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/30-00:01:37.215093 192.168.24.52:2054 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51090 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC8D2C2FF  Ack: 0x33BDEEE8  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
10/30-23:35:07.403748 192.168.24.52:1161 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4448 IpLen:20 DgmLen:1094 DF
***AP*** Seq: 0x77B5119D  Ack: 0xCD68220  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/31-22:56:04.985247 192.168.24.52:1087 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4790 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x139C0D4  Ack: 0xB60DEFEB  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
10/31-22:58:34.516220 192.168.24.52:1089 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5030 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBB3D1923  Ack: 0xC00CD419  Win: 0xFB34  TcpLen: 20

Go to: next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:29 2010

192.168.24.52	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade