SnortSnarf alert page

Source: 192.168.24.52: #601-700

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 10:03:35.775558 on 06/25/2010
Latest: 22:15:27.126858 on 09/10/2010

6 different signatures are present for 192.168.24.52 as a source

1 instances of (snort_decoder) WARNING: TCP Data Offset is less than 5!
4 instances of (http_inspect) DOUBLE DECODING ATTACK
12 instances of (http_inspect) OVERSIZE CHUNK ENCODING
32 instances of (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
326 instances of (http_inspect) BARE BYTE UNICODE ENCODING
328 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.52 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/25-10:03:35.775558 192.168.24.52:1217 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3005
***AP*** Seq: 0x3303F830  Ack: 0xDDE44435  Win: 0x5C20  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/25-19:58:08.079464 192.168.24.52:4495 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2148
***AP*** Seq: 0x41E1F153  Ack: 0x83FC5023  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-20:52:30.350048 192.168.24.52:4768 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47566 IpLen:20 DgmLen:408 DF
***AP*** Seq: 0xB72CADBE  Ack: 0x5298A255  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-21:01:49.120562 192.168.24.52:4787 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50760 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xABC6C2ED  Ack: 0x75CC3399  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-21:08:57.527421 192.168.24.52:4788 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:64539 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3D3EBE47  Ack: 0x906504C6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-21:14:05.849584 192.168.24.52:4803 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x53189EB  Ack: 0xA3515F89  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/26-22:32:48.950378 192.168.24.52:1622 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22066 IpLen:20 DgmLen:1335 DF
***AP*** Seq: 0x924F913A  Ack: 0xA77C2C6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/26-22:34:13.880257 192.168.24.52:1628 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22279 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBA63D7DC  Ack: 0xF6BE1F5  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/27-23:33:30.612112 192.168.24.52:1663 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33240 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8484437  Ack: 0x2E1D909D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/28-23:29:21.224289 192.168.24.52:2689 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2124
***AP*** Seq: 0x59A2AC23  Ack: 0xF4783F87  Win: 0x4F7  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/28-23:50:48.981441 192.168.24.52:3239 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2228
***AP*** Seq: 0xAB74CE3C  Ack: 0xB5D1DEBC  Win: 0x50A  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/29-23:30:17.659025 192.168.24.52:2163 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3125 IpLen:20 DgmLen:816 DF
***AP*** Seq: 0x51C2432E  Ack: 0x9C8C6269  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/30-23:37:41.760637 192.168.24.52:1928 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:13101 IpLen:20 DgmLen:1297 DF
***AP*** Seq: 0xB01CE511  Ack: 0xF756175C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/30-23:45:47.376452 192.168.24.52:1948 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:20131 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xECAB6334  Ack: 0x1538A760  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/03-23:06:26.460984 192.168.24.52:1386 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11862 IpLen:20 DgmLen:370 DF
***AP*** Seq: 0xF76F58A4  Ack: 0x3AC1E9C5  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:26:44.208731 192.168.24.52:2265 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35013 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x765E609C  Ack: 0x37DDC08  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:38:15.183082 192.168.24.52:2285 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35821 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x2F0B72DF  Ack: 0x2DF04426  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:38:15.184467 192.168.24.52:2285 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35828 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x2F0B9919  Ack: 0x2DF04426  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:43:20.749390 192.168.24.52:2288 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36051 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x22300549  Ack: 0x4142DB33  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:43:20.751135 192.168.24.52:2288 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36058 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x22302B83  Ack: 0x4142DB33  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:44:30.706542 192.168.24.52:2289 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36106 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x2FCA3986  Ack: 0x45978C20  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:44:30.707971 192.168.24.52:2289 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36113 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x2FCA5FC0  Ack: 0x45978C20  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:54:31.717957 192.168.24.52:2340 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37837 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x833AD8FC  Ack: 0x6BC83665  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:54:31.719683 192.168.24.52:2340 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37844 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x833AFF36  Ack: 0x6BC83665  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:55:31.072230 192.168.24.52:2342 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37911 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xCE4F458B  Ack: 0x6F0BAB98  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:55:31.073876 192.168.24.52:2342 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37918 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xCE4F6BC5  Ack: 0x6F0BAB98  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:01:07.317136 192.168.24.52:2343 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38068 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3ADA741  Ack: 0x84E0FA69  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:01:07.318881 192.168.24.52:2343 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38075 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3ADCD7B  Ack: 0x84E0FA69  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:05:37.328294 192.168.24.52:2344 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38171 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3710D336  Ack: 0x94F5EA5F  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:05:37.329771 192.168.24.52:2344 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38178 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3710F970  Ack: 0x94F5EA5F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:16:14.151704 192.168.24.52:2353 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39231 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x4B7BDDBC  Ack: 0xBE1E51FE  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:16:14.153562 192.168.24.52:2353 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39238 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x4B7C03F6  Ack: 0xBE1E51FE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:17:38.722980 192.168.24.52:2355 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39316 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1763D9F4  Ack: 0xC2CA6A1D  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:17:38.724549 192.168.24.52:2355 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39323 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x1764002E  Ack: 0xC2CA6A1D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/07-23:08:34.177870 192.168.24.52:1124 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3615 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8AC34BC2  Ack: 0x39F1C3E1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/07-23:17:43.075150 192.168.24.52:1169 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4676 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1CDEDF63  Ack: 0x5C82DEC4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/07-23:20:14.954952 192.168.24.52:1172 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4782 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x14082FC  Ack: 0x65CE9B16  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/09-23:01:59.661612 192.168.24.52:1600 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18749 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8930FEB2  Ack: 0x9D220F94  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/11-23:12:16.962483 192.168.24.52:1084 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1617 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xFDF8301A  Ack: 0x3F5FD97D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/13-00:01:40.921401 192.168.24.52:1598 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19301 IpLen:20 DgmLen:1430 DF
***AP*** Seq: 0x337B859F  Ack: 0x37E83646  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/13-23:29:53.591740 192.168.24.52:1699 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:21889 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x9332C6CD  Ack: 0xFD75FB35  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/14-23:34:28.995243 192.168.24.52:2202 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:31766 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xE01F770E  Ack: 0x4C301426  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
07/14-23:34:30.974962 192.168.24.52:2202 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6098
***AP*** Seq: 0x4C30158C  Ack: 0xE01F8942  Win: 0x9EC  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-20:27:12.936313 192.168.24.52:1409 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2289
***AP*** Seq: 0x2E1EF6B  Ack: 0x1A3855BE  Win: 0x512  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-20:29:13.766016 192.168.24.52:1410 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1749
***AP*** Seq: 0xC199B2B  Ack: 0x7A7C9B4F  Win: 0x48D  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-22:31:59.880844 192.168.24.52:1939 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1804
***AP*** Seq: 0xDC59DC2C  Ack: 0x51544D24  Win: 0x493  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-23:09:17.934153 192.168.24.52:1981 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3125
***AP*** Seq: 0x670EDCDF  Ack: 0xFED80D81  Win: 0x5E3  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-23:19:35.928429 192.168.24.52:2040 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1996
***AP*** Seq: 0x901CCE4F  Ack: 0xA6A15881  Win: 0x4D5  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/17-22:41:12.236099 192.168.24.52:1551 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:12248 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x4EE25B07  Ack: 0x3C86DE4D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/19-22:08:02.287104 192.168.24.52:1557 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15841 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x78A4BFBC  Ack: 0x3B3A9F55  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/28-22:46:04.073989 192.168.24.52:1517 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:48879 IpLen:20 DgmLen:650 DF
***AP*** Seq: 0x92FDA664  Ack: 0xF76B1D7F  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/30-22:47:31.895419 192.168.24.52:1230 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11017 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3BC160B  Ack: 0x782DAEDE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/30-22:48:19.609594 192.168.24.52:1231 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11295 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x36ACA94A  Ack: 0x7C11B618  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/30-22:49:50.392170 192.168.24.52:1237 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11483 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x95FCD73  Ack: 0x81B0445F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/04-23:37:53.820063 192.168.24.52:1097 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3394 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x6232545C  Ack: 0x6CA71F68  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/05-23:30:30.734487 192.168.24.52:1423 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:42609 IpLen:20 DgmLen:414 DF
***AP*** Seq: 0x39ACDE84  Ack: 0x8DDA1BCD  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/07-22:28:05.747047 192.168.24.52:1204 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3833 IpLen:20 DgmLen:1273 DF
***AP*** Seq: 0x71841D68  Ack: 0x1E510090  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/08-23:23:57.189534 192.168.24.52:1223 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22789 IpLen:20 DgmLen:1228 DF
***AP*** Seq: 0x3A05D17E  Ack: 0x2E666E79  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:45:16.597041 192.168.24.52:1639 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51500 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3AA7CD19  Ack: 0x82B07B11  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
08/20-22:45:17.436614 192.168.24.52:1639 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51603 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3AA9FA1D  Ack: 0x82B07B11  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:46:40.718888 192.168.24.52:1641 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51732 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1E10F908  Ack: 0x87E585CC  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:51:49.013297 192.168.24.52:1667 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:54133 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x11ACC3A2  Ack: 0x9B46A535  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
08/20-22:51:49.852338 192.168.24.52:1667 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:54300 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x11AF792C  Ack: 0x9B46A535  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-22:59:41.153965 192.168.24.52:1684 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:63507 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3F115CAF  Ack: 0xB8C600A2  Win: 0xFB33  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:02:38.421811 192.168.24.52:1685 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:63768 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xEBF8393E  Ack: 0xC4615255  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/20-23:04:36.662362 192.168.24.52:1686 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:63944 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB73CF266  Ack: 0xCBB90745  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:04:37.895816 192.168.24.52:1686 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6436
***AP*** Seq: 0xCBB93D56  Ack: 0xB73D03AD  Win: 0xA7C  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/20-23:05:00.920382 192.168.24.52:1688 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:64107 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x41B6D9B2  Ack: 0xCD84CA8D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:05:24.109744 192.168.24.52:1688 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6029
***AP*** Seq: 0xCD852DC3  Ack: 0x41B6E984  Win: 0x916  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/20-23:28:33.655968 192.168.24.52:1744 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1085 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xE128096D  Ack: 0x265020FA  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/20-23:31:52.481730 192.168.24.52:1745 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1234 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB6C4B2B8  Ack: 0x32481795  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/21-23:03:18.814643 192.168.24.52:1484 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:32133 IpLen:20 DgmLen:587 DF
***AP*** Seq: 0x5CA79AD4  Ack: 0x4FC2361  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/22-23:37:45.238499 192.168.24.52:3251 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50413 IpLen:20 DgmLen:647 DF
***AP*** Seq: 0xE3801E94  Ack: 0xC513ADF1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/24-22:32:35.616122 192.168.24.52:1203 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4472 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3C651861  Ack: 0x4AC98E95  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/25-22:47:16.374797 192.168.24.52:1100 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5930 IpLen:20 DgmLen:549 DF
***AP*** Seq: 0xCD2242F5  Ack: 0xBED16EA1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/26-22:37:36.953272 192.168.24.52:3218 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2725 IpLen:20 DgmLen:259 DF
***AP*** Seq: 0x6019063A  Ack: 0xD96B4FD0  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/26-22:37:51.065258 192.168.24.52:3218 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2641
***AP*** Seq: 0x60190B19  Ack: 0xD96BC5A8  Win: 0xFB1C  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/26-22:42:30.272458 192.168.24.52:3220 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:10477
***AP*** Seq: 0xE92C1641  Ack: 0x774BFA34  Win: 0x105E  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/27-22:32:44.586164 192.168.24.52:1260 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:940 IpLen:20 DgmLen:1225 DF
***AP*** Seq: 0xFCC66062  Ack: 0x4445603  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/28-22:25:34.264730 192.168.24.52:1169 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:48397 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x86CC2C15  Ack: 0x26A2F62E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/29-22:13:09.075345 192.168.24.52:1470 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18823 IpLen:20 DgmLen:434 DF
***AP*** Seq: 0x960D1505  Ack: 0x3636D868  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/29-22:25:21.775238 192.168.24.52:1487 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19518 IpLen:20 DgmLen:1410 DF
***AP*** Seq: 0x2D6522AC  Ack: 0x64087093  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/29-23:27:53.785005 192.168.24.52:1745 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47651 IpLen:20 DgmLen:281 DF
***AP*** Seq: 0x72038D7  Ack: 0x51148B40  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/30-22:45:51.056749 192.168.24.52:1113 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2503 IpLen:20 DgmLen:1348 DF
***AP*** Seq: 0x9BEAC309  Ack: 0xEF043BF7  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/30-22:50:53.201127 192.168.24.52:1210 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:7415 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xACB2F5D8  Ack: 0x23FB04F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
08/30-22:51:47.380709 192.168.24.52:1213 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:7535 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1DF27544  Ack: 0x538D520  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
08/31-23:16:30.690640 192.168.24.52:1072 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3758
***AP*** Seq: 0xA011269A  Ack: 0x55238FD8  Win: 0x70A  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/01-22:44:13.802106 192.168.24.52:1985 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:60034 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3A80D0E  Ack: 0x64D2EB7E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/02-23:35:58.573917 192.168.24.52:2430 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:31548 IpLen:20 DgmLen:1111 DF
***AP*** Seq: 0x729ED8F8  Ack: 0x6587B66B  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/03-23:11:49.293178 192.168.24.52:2665 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:42426 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xF37FBD83  Ack: 0x4F6EF10C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/04-23:04:06.004884 192.168.24.52:1123 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3936 IpLen:20 DgmLen:869 DF
***AP*** Seq: 0x7EC0778C  Ack: 0x70C83F0B  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/09-23:20:34.939019 192.168.24.52:1222 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9351 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x989AF0F8  Ack: 0xE3C01143  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/09-23:24:40.332093 192.168.24.52:1224 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:9541 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x58EB25DE  Ack: 0xF2DFB436  Win: 0xFB33  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
09/09-23:40:31.653430 192.168.24.52:1280 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10700 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x5D43163F  Ack: 0x2E9D96F4  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:43:51.097644 192.168.24.52:1281 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10833 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xA59A5509  Ack: 0x3C4B9DD4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:47:03.511149 192.168.24.52:1287 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11243 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x197E872F  Ack: 0x47C29BBE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:53:27.052641 192.168.24.52:1296 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11536 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7F35E840  Ack: 0x5FFE469A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/09-23:54:42.239949 192.168.24.52:1325 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:12049 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x17179140  Ack: 0x645E7E41  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/10-00:41:40.607793 192.168.24.52:1425 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15356 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xE4ABC67F  Ack: 0x157AFF7D  Win: 0xFB34  TcpLen: 20

[**] [119:2:1] (http_inspect) DOUBLE DECODING ATTACK [**]
09/10-22:15:27.126858 192.168.24.52:1911 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1126 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB72576A2  Ack: 0x2BA85E54  Win: 0xFB34  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:30 2010

192.168.24.52	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade