SnortSnarf alert page

Source: 192.168.24.52: #501-600

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 23:33:20.847478 on 05/26/2010
Latest: 23:05:15.156668 on 06/24/2010

6 different signatures are present for 192.168.24.52 as a source

1 instances of (snort_decoder) WARNING: TCP Data Offset is less than 5!
4 instances of (http_inspect) DOUBLE DECODING ATTACK
12 instances of (http_inspect) OVERSIZE CHUNK ENCODING
32 instances of (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
326 instances of (http_inspect) BARE BYTE UNICODE ENCODING
328 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.52 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/26-23:33:20.847478 192.168.24.52:1152 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4594 IpLen:20 DgmLen:689 DF
***AP*** Seq: 0x88B4A316  Ack: 0xDA4034A9  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/27-22:53:44.245494 192.168.24.52:1931 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35052 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1F47CBD7  Ack: 0x79E1DAE0  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/28-12:13:52.701918 192.168.24.52:1205 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2008
***AP*** Seq: 0x4278CAF1  Ack: 0xAFA2AAA2  Win: 0x25B0  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/28-22:04:12.954436 192.168.24.52:1417 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1864
***AP*** Seq: 0xF4B03630  Ack: 0x3DD9A487  Win: 0x22E3  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/28-23:46:43.857390 192.168.24.52:1795 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1899
***AP*** Seq: 0x47F7F2AB  Ack: 0x7753FEAE  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/28-23:47:14.420592 192.168.24.52:1796 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1414
***AP*** Seq: 0x7271641B  Ack: 0x79D4C2B8  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/28-23:47:14.840042 192.168.24.52:1797 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1211
***AP*** Seq: 0x501B254A  Ack: 0x79BFB610  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/28-23:52:14.965460 192.168.24.52:1805 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60174 IpLen:20 DgmLen:348 DF
***AP*** Seq: 0x2B9C57C  Ack: 0x8C4AF5B4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/29-22:31:44.653185 192.168.24.52:1087 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2527 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x328FD394  Ack: 0x928573F1  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/30-07:02:10.085083 192.168.24.52:1133 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1219
***AP*** Seq: 0xD9D8E41F  Ack: 0x17477CCF  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/30-07:05:07.223229 192.168.24.52:1135 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1746
***AP*** Seq: 0x20A95585  Ack: 0xF19CD46F  Win: 0x2426  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/30-07:27:46.407345 192.168.24.52:1150 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1765
***AP*** Seq: 0xA2B80B85  Ack: 0x778D0C17  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/30-23:29:01.637024 192.168.24.52:1973 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:23062 IpLen:20 DgmLen:660 DF
***AP*** Seq: 0x1BC46949  Ack: 0x9F90CE90  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
05/31-22:41:09.181469 192.168.24.52:2124 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2524
***AP*** Seq: 0x20F0DF59  Ack: 0xB9B44231  Win: 0x2E10  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/31-22:47:51.019965 192.168.24.52:2138 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:61627 IpLen:20 DgmLen:144 DF
***AP*** Seq: 0x759441B4  Ack: 0x397E4923  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
05/31-22:57:02.010119 192.168.24.52:2150 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:62084 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x2878BA62  Ack: 0x5CFA756D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/01-23:38:16.321920 192.168.24.52:2048 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1288
***AP*** Seq: 0x4779D0D1  Ack: 0x2CE57F86  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
06/02-23:16:42.356543 192.168.24.52:1149 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:5093
***AP*** Seq: 0x10674E60  Ack: 0x93A0B69  Win: 0x66A1  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
06/02-23:19:17.096305 192.168.24.52:1209 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2702
***AP*** Seq: 0x1BEEBF6A  Ack: 0x9D4BF8C6  Win: 0x2D00  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/02-23:26:03.428894 192.168.24.52:1235 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:6544 IpLen:20 DgmLen:790 DF
***AP*** Seq: 0xA2E3F9AF  Ack: 0x34BBC6BA  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/03-10:57:04.900297 192.168.24.52:1361 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1799
***AP*** Seq: 0x61E27DE7  Ack: 0xF5A76162  Win: 0x247A  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/03-11:12:07.889064 192.168.24.52:1395 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1912
***AP*** Seq: 0x9B3E492D  Ack: 0x8909EEA9  Win: 0x2AA8  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/03-12:14:59.917094 192.168.24.52:1558 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2066
***AP*** Seq: 0xDA95C167  Ack: 0x877E13DA  Win: 0xFB1C  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/03-21:52:59.559741 192.168.24.52:1535 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:16193 IpLen:20 DgmLen:1242 DF
***AP*** Seq: 0xDDC44D2F  Ack: 0xC218118  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/04-22:29:37.774936 192.168.24.52:1792 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:25269 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBBF23429  Ack: 0xCB246933  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/04-23:31:49.969052 192.168.24.52:1879 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1080
***AP*** Seq: 0x3643913B  Ack: 0xB5683E3A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/04-23:51:46.868114 192.168.24.52:1940 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6958
***AP*** Seq: 0x5E89D6  Ack: 0xDBDBD5DA  Win: 0x4F90  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/05-00:01:48.531001 192.168.24.52:1952 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:972
***AP*** Seq: 0xA92A2683  Ack: 0x26D3A42E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/05-23:44:47.842802 192.168.24.52:1908 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37699 IpLen:20 DgmLen:1046 DF
***AP*** Seq: 0x199E1067  Ack: 0x1BBED6D6  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:10:15.082973 192.168.24.52:2142 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0xA175E286  Ack: 0x7B6C5CC3  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:14:19.293707 192.168.24.52:2147 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0x3155347  Ack: 0x8B3C7AD5  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:14:48.859438 192.168.24.52:2148 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1121
***AP*** Seq: 0xF33286CA  Ack: 0x8CD62602  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:15:31.612030 192.168.24.52:2150 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0xC0A0AEA6  Ack: 0x8F25B094  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:17:29.757596 192.168.24.52:2151 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0x97BC1E3D  Ack: 0x970331F2  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:24:54.335304 192.168.24.52:2228 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0xE80F7558  Ack: 0xB27F09A3  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:25:39.522451 192.168.24.52:2229 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0x8E415061  Ack: 0xB586A27F  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:27:05.596732 192.168.24.52:2231 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1121
***AP*** Seq: 0xB1D12729  Ack: 0xBBCECA58  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-00:27:33.268613 192.168.24.52:2232 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1122
***AP*** Seq: 0x9E587FD3  Ack: 0xBD6C15B5  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/06-22:42:14.155879 192.168.24.52:1404 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:12629 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x23753A66  Ack: 0x65A2E89D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-22:46:30.246846 192.168.24.52:1410 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1762
***AP*** Seq: 0xE010D677  Ack: 0x7605E933  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-22:46:30.448410 192.168.24.52:1411 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1138
***AP*** Seq: 0x1DEE9483  Ack: 0x7607B3B5  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-22:52:18.778204 192.168.24.52:1433 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2072
***AP*** Seq: 0xDC566F14  Ack: 0x8B7F7AA1  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-22:54:30.782977 192.168.24.52:1442 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3504
***AP*** Seq: 0x92A75470  Ack: 0xD6DA1092  Win: 0x3644  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-22:57:13.991895 192.168.24.52:1454 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2302
***AP*** Seq: 0x9DAE684F  Ack: 0x3377672D  Win: 0x27A5  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:01:23.488875 192.168.24.52:1476 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1179
***AP*** Seq: 0x68D63380  Ack: 0xADF164BD  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:09:09.201027 192.168.24.52:1518 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1705
***AP*** Seq: 0xC9C051EC  Ack: 0x1E3ED630  Win: 0x22FB  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:09:15.636417 192.168.24.52:1520 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1706
***AP*** Seq: 0xE9305A72  Ack: 0xCBC1CCB0  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:15:50.435904 192.168.24.52:1549 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1705
***AP*** Seq: 0x12E29F14  Ack: 0xE3C040BC  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:16:16.229158 192.168.24.52:1551 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1706
***AP*** Seq: 0xA394353B  Ack: 0xE6019A6A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:26:53.615041 192.168.24.52:1623 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1706
***AP*** Seq: 0xCF0302A  Ack: 0x67B7FC08  Win: 0x22FB  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:31:59.869377 192.168.24.52:1643 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1178
***AP*** Seq: 0x53E702B9  Ack: 0x21A04FE2  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:35:06.869130 192.168.24.52:1648 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2184
***AP*** Seq: 0xC0135A14  Ack: 0x2C64D907  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:35:51.119840 192.168.24.52:1649 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2838
***AP*** Seq: 0x481D6138  Ack: 0x2F968E34  Win: 0xFB04  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:36:38.418231 192.168.24.52:1651 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1187
***AP*** Seq: 0xFD5E359C  Ack: 0x33A33306  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:51:49.281721 192.168.24.52:1727 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1468
***AP*** Seq: 0x79690E93  Ack: 0x6BF4A5A4  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:52:09.189125 192.168.24.52:1725 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1710
***AP*** Seq: 0x6ADE5B86  Ack: 0xF8FCD479  Win: 0x22FB  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-06:51:58.780051 192.168.24.52:1102 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1141
***AP*** Seq: 0x3C229134  Ack: 0x9BE7BCBB  Win: 0xFB1C  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-07:09:03.363861 192.168.24.52:1139 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2845
***AP*** Seq: 0xD9C14954  Ack: 0xED87D6CF  Win: 0x2C4F  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-07:09:49.709276 192.168.24.52:1143 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2079
***AP*** Seq: 0xCCD109F5  Ack: 0xE02B181C  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-07:46:29.296768 192.168.24.52:1222 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2443
***AP*** Seq: 0x6935045F  Ack: 0x45DF4DE1  Win: 0x2CB0  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/08-22:48:59.993132 192.168.24.52:1659 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:30050 IpLen:20 DgmLen:598 DF
***AP*** Seq: 0xC6D14EFF  Ack: 0xEAA048CF  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/09-00:06:56.264071 192.168.24.52:1722 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1719
***AP*** Seq: 0xBEBAA40E  Ack: 0x1029E769  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/09-00:07:45.700716 192.168.24.52:1724 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1719
***AP*** Seq: 0x1236CDC0  Ack: 0x308EF1F8  Win: 0x22FB  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/09-23:26:08.944922 192.168.24.52:1676 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18994 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x97409117  Ack: 0xAC0C3796  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/10-12:20:39.770060 192.168.24.52:1343 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2172
***AP*** Seq: 0x2085D001  Ack: 0x13EA4D0A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/10-12:21:29.248372 192.168.24.52:1344 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2076
***AP*** Seq: 0x1685F06F  Ack: 0xD2361313  Win: 0x25B0  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/10-22:23:40.955924 192.168.24.52:1421 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15855 IpLen:20 DgmLen:775 DF
***AP*** Seq: 0x563744A0  Ack: 0xF58F9217  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-00:11:08.387420 192.168.24.52:1588 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2198
***AP*** Seq: 0x7A4E067E  Ack: 0x8ADE7B31  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-00:13:24.609229 192.168.24.52:1590 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2288
***AP*** Seq: 0x93C6A1CE  Ack: 0x30D9A932  Win: 0x294E  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-20:59:48.675483 192.168.24.52:1278 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1062
***AP*** Seq: 0xC8D6F217  Ack: 0xEFB4541B  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:00:58.698777 192.168.24.52:1280 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1062
***AP*** Seq: 0x2E508324  Ack: 0xF3B2725F  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:02:22.804561 192.168.24.52:1282 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1666
***AP*** Seq: 0xB98D33A3  Ack: 0xF8FC8DBD  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:03:17.276855 192.168.24.52:1283 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1247
***AP*** Seq: 0x5AD12F0D  Ack: 0xFCD59D6E  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:03:54.056954 192.168.24.52:1284 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2616
***AP*** Seq: 0xFE488742  Ack: 0x72719B31  Win: 0x2F28  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/11-22:00:26.845120 192.168.24.52:1597 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:24609 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x43384DE5  Ack: 0xD40C37A6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/12-22:05:26.497490 192.168.24.52:1129 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2804 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x690CBD6B  Ack: 0x1BA1C31A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/12-22:11:10.317668 192.168.24.52:1154 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3461 IpLen:20 DgmLen:1014 DF
***AP*** Seq: 0x52B4675E  Ack: 0x31C0E87A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/12-23:29:39.623842 192.168.24.52:1708 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3021
***AP*** Seq: 0xEE8FB2D7  Ack: 0x596354F1  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/12-23:32:20.130811 192.168.24.52:1713 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1337
***AP*** Seq: 0xA44D6815  Ack: 0x64427266  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/13-22:36:54.266723 192.168.24.52:2621 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1734
***AP*** Seq: 0xC852D88B  Ack: 0xEBE658BA  Win: 0x2283  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/13-23:18:54.999976 192.168.24.52:2714 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:46118 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x99718E94  Ack: 0x66F3ECAB  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/14-22:48:04.243717 192.168.24.52:2133 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:25564 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBACFF8F7  Ack: 0x283F09E7  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/15-07:27:28.459701 192.168.24.52:1178 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2939
***AP*** Seq: 0xCDA20290  Ack: 0x8C96734D  Win: 0x2FD0  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/15-23:18:36.791087 192.168.24.52:1868 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38765 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x302BD844  Ack: 0xD0F3D221  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/17-21:39:30.990907 192.168.24.52:1631 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50515 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC2C9E877  Ack: 0xC73FDA6F  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/17-21:40:55.557426 192.168.24.52:1632 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50752 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x532F198B  Ack: 0xCC7BCE29  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/17-21:48:21.185130 192.168.24.52:1640 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51300 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x474CAC  Ack: 0xE83F5837  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/17-21:49:26.883452 192.168.24.52:1647 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51641 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC22A7F34  Ack: 0xEC4FDA18  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/18-15:19:37.181035 192.168.24.52:1401 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2228
***AP*** Seq: 0x63072BC0  Ack: 0x1B3AE7E1  Win: 0x2688  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/18-15:35:21.441997 192.168.24.52:1413 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3189
***AP*** Seq: 0x140B3B74  Ack: 0x9F42589D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/18-23:13:54.901534 192.168.24.52:1180 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4189 IpLen:20 DgmLen:953 DF
***AP*** Seq: 0x31F2E772  Ack: 0x5FFBDB78  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/20-23:38:17.753621 192.168.24.52:1841 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:23533 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7A60857  Ack: 0x27B8D160  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/21-23:47:28.153518 192.168.24.52:1490 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10475 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xF8C93F34  Ack: 0x7F179BB0  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/21-23:48:30.533789 192.168.24.52:1492 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10558 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x430BC21C  Ack: 0x82D1F0B1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/22-22:57:52.884401 192.168.24.52:1614 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18679 IpLen:20 DgmLen:1282 DF
***AP*** Seq: 0xE671F4A6  Ack: 0xFA69CC9E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/23-22:42:18.506831 192.168.24.52:1105 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1731 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xA027F4E8  Ack: 0xF5AC0B88  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/23-22:46:04.052913 192.168.24.52:1116 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2127 IpLen:20 DgmLen:321 DF
***AP*** Seq: 0x19495482  Ack: 0x3743F4F  Win: 0xFB34  TcpLen: 20

[**] [116:46:1] (snort_decoder) WARNING: TCP Data Offset is less than 5! [**]
06/24-20:53:22.423640 192.168.24.52:0 -> 192.168.24.11:0
TCP TTL:128 TOS:0x0 ID:35863 IpLen:20 DgmLen:40 DF
TCP header truncated

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/24-23:01:05.052518 192.168.24.52:1619 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:58884 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x50CB839E  Ack: 0x7217E10A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/24-23:05:15.156668 192.168.24.52:1623 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59195 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x190866B3  Ack: 0x80EE7465  Win: 0xFB34  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:29 2010

192.168.24.52	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade