SnortSnarf alert page

Source: 192.168.24.52: #601-700

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 23:16:16.229158 on 06/06/2010
Latest: 23:19:35.928429 on 07/16/2010

6 different signatures are present for 192.168.24.52 as a source

1 instances of (snort_decoder) WARNING: TCP Data Offset is less than 5!
4 instances of (http_inspect) DOUBLE DECODING ATTACK
12 instances of (http_inspect) OVERSIZE CHUNK ENCODING
32 instances of (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
326 instances of (http_inspect) BARE BYTE UNICODE ENCODING
328 instances of (http_inspect) IIS UNICODE CODEPOINT ENCODING

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.52 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

Go to: previous range, next range, all alerts, overview page

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:16:16.229158 192.168.24.52:1551 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1706
***AP*** Seq: 0xA394353B  Ack: 0xE6019A6A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:26:53.615041 192.168.24.52:1623 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1706
***AP*** Seq: 0xCF0302A  Ack: 0x67B7FC08  Win: 0x22FB  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:31:59.869377 192.168.24.52:1643 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1178
***AP*** Seq: 0x53E702B9  Ack: 0x21A04FE2  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:35:06.869130 192.168.24.52:1648 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2184
***AP*** Seq: 0xC0135A14  Ack: 0x2C64D907  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:35:51.119840 192.168.24.52:1649 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2838
***AP*** Seq: 0x481D6138  Ack: 0x2F968E34  Win: 0xFB04  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:36:38.418231 192.168.24.52:1651 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1187
***AP*** Seq: 0xFD5E359C  Ack: 0x33A33306  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:51:49.281721 192.168.24.52:1727 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1468
***AP*** Seq: 0x79690E93  Ack: 0x6BF4A5A4  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/06-23:52:09.189125 192.168.24.52:1725 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1710
***AP*** Seq: 0x6ADE5B86  Ack: 0xF8FCD479  Win: 0x22FB  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-06:51:58.780051 192.168.24.52:1102 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1141
***AP*** Seq: 0x3C229134  Ack: 0x9BE7BCBB  Win: 0xFB1C  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-07:09:03.363861 192.168.24.52:1139 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2845
***AP*** Seq: 0xD9C14954  Ack: 0xED87D6CF  Win: 0x2C4F  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-07:09:49.709276 192.168.24.52:1143 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2079
***AP*** Seq: 0xCCD109F5  Ack: 0xE02B181C  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/07-07:46:29.296768 192.168.24.52:1222 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2443
***AP*** Seq: 0x6935045F  Ack: 0x45DF4DE1  Win: 0x2CB0  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/08-22:48:59.993132 192.168.24.52:1659 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:30050 IpLen:20 DgmLen:598 DF
***AP*** Seq: 0xC6D14EFF  Ack: 0xEAA048CF  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/09-00:06:56.264071 192.168.24.52:1722 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1719
***AP*** Seq: 0xBEBAA40E  Ack: 0x1029E769  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/09-00:07:45.700716 192.168.24.52:1724 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1719
***AP*** Seq: 0x1236CDC0  Ack: 0x308EF1F8  Win: 0x22FB  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/09-23:26:08.944922 192.168.24.52:1676 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18994 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x97409117  Ack: 0xAC0C3796  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/10-12:20:39.770060 192.168.24.52:1343 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2172
***AP*** Seq: 0x2085D001  Ack: 0x13EA4D0A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/10-12:21:29.248372 192.168.24.52:1344 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2076
***AP*** Seq: 0x1685F06F  Ack: 0xD2361313  Win: 0x25B0  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/10-22:23:40.955924 192.168.24.52:1421 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:15855 IpLen:20 DgmLen:775 DF
***AP*** Seq: 0x563744A0  Ack: 0xF58F9217  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-00:11:08.387420 192.168.24.52:1588 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2198
***AP*** Seq: 0x7A4E067E  Ack: 0x8ADE7B31  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-00:13:24.609229 192.168.24.52:1590 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2288
***AP*** Seq: 0x93C6A1CE  Ack: 0x30D9A932  Win: 0x294E  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-20:59:48.675483 192.168.24.52:1278 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1062
***AP*** Seq: 0xC8D6F217  Ack: 0xEFB4541B  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:00:58.698777 192.168.24.52:1280 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1062
***AP*** Seq: 0x2E508324  Ack: 0xF3B2725F  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:02:22.804561 192.168.24.52:1282 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1666
***AP*** Seq: 0xB98D33A3  Ack: 0xF8FC8DBD  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:03:17.276855 192.168.24.52:1283 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1247
***AP*** Seq: 0x5AD12F0D  Ack: 0xFCD59D6E  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/11-21:03:54.056954 192.168.24.52:1284 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2616
***AP*** Seq: 0xFE488742  Ack: 0x72719B31  Win: 0x2F28  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/11-22:00:26.845120 192.168.24.52:1597 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:24609 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x43384DE5  Ack: 0xD40C37A6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/12-22:05:26.497490 192.168.24.52:1129 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2804 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x690CBD6B  Ack: 0x1BA1C31A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/12-22:11:10.317668 192.168.24.52:1154 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3461 IpLen:20 DgmLen:1014 DF
***AP*** Seq: 0x52B4675E  Ack: 0x31C0E87A  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/12-23:29:39.623842 192.168.24.52:1708 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3021
***AP*** Seq: 0xEE8FB2D7  Ack: 0x596354F1  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/12-23:32:20.130811 192.168.24.52:1713 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1337
***AP*** Seq: 0xA44D6815  Ack: 0x64427266  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/13-22:36:54.266723 192.168.24.52:2621 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1734
***AP*** Seq: 0xC852D88B  Ack: 0xEBE658BA  Win: 0x2283  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/13-23:18:54.999976 192.168.24.52:2714 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:46118 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x99718E94  Ack: 0x66F3ECAB  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/14-22:48:04.243717 192.168.24.52:2133 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:25564 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBACFF8F7  Ack: 0x283F09E7  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/15-07:27:28.459701 192.168.24.52:1178 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2939
***AP*** Seq: 0xCDA20290  Ack: 0x8C96734D  Win: 0x2FD0  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/15-23:18:36.791087 192.168.24.52:1868 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38765 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x302BD844  Ack: 0xD0F3D221  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/17-21:39:30.990907 192.168.24.52:1631 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50515 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC2C9E877  Ack: 0xC73FDA6F  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/17-21:40:55.557426 192.168.24.52:1632 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50752 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x532F198B  Ack: 0xCC7BCE29  Win: 0xFB33  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/17-21:48:21.185130 192.168.24.52:1640 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51300 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x474CAC  Ack: 0xE83F5837  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/17-21:49:26.883452 192.168.24.52:1647 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:51641 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xC22A7F34  Ack: 0xEC4FDA18  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/18-15:19:37.181035 192.168.24.52:1401 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2228
***AP*** Seq: 0x63072BC0  Ack: 0x1B3AE7E1  Win: 0x2688  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/18-15:35:21.441997 192.168.24.52:1413 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3189
***AP*** Seq: 0x140B3B74  Ack: 0x9F42589D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/18-23:13:54.901534 192.168.24.52:1180 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4189 IpLen:20 DgmLen:953 DF
***AP*** Seq: 0x31F2E772  Ack: 0x5FFBDB78  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/20-23:38:17.753621 192.168.24.52:1841 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:23533 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x7A60857  Ack: 0x27B8D160  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/21-23:47:28.153518 192.168.24.52:1490 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10475 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xF8C93F34  Ack: 0x7F179BB0  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/21-23:48:30.533789 192.168.24.52:1492 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:10558 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x430BC21C  Ack: 0x82D1F0B1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/22-22:57:52.884401 192.168.24.52:1614 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18679 IpLen:20 DgmLen:1282 DF
***AP*** Seq: 0xE671F4A6  Ack: 0xFA69CC9E  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/23-22:42:18.506831 192.168.24.52:1105 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1731 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xA027F4E8  Ack: 0xF5AC0B88  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/23-22:46:04.052913 192.168.24.52:1116 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2127 IpLen:20 DgmLen:321 DF
***AP*** Seq: 0x19495482  Ack: 0x3743F4F  Win: 0xFB34  TcpLen: 20

[**] [116:46:1] (snort_decoder) WARNING: TCP Data Offset is less than 5! [**]
06/24-20:53:22.423640 192.168.24.52:0 -> 192.168.24.11:0
TCP TTL:128 TOS:0x0 ID:35863 IpLen:20 DgmLen:40 DF
TCP header truncated

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/24-23:01:05.052518 192.168.24.52:1619 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:58884 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x50CB839E  Ack: 0x7217E10A  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/24-23:05:15.156668 192.168.24.52:1623 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:59195 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x190866B3  Ack: 0x80EE7465  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/25-10:03:35.775558 192.168.24.52:1217 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3005
***AP*** Seq: 0x3303F830  Ack: 0xDDE44435  Win: 0x5C20  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/25-19:58:08.079464 192.168.24.52:4495 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2148
***AP*** Seq: 0x41E1F153  Ack: 0x83FC5023  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-20:52:30.350048 192.168.24.52:4768 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:47566 IpLen:20 DgmLen:408 DF
***AP*** Seq: 0xB72CADBE  Ack: 0x5298A255  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-21:01:49.120562 192.168.24.52:4787 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:50760 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xABC6C2ED  Ack: 0x75CC3399  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-21:08:57.527421 192.168.24.52:4788 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:64539 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3D3EBE47  Ack: 0x906504C6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/25-21:14:05.849584 192.168.24.52:4803 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:5 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x53189EB  Ack: 0xA3515F89  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/26-22:32:48.950378 192.168.24.52:1622 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22066 IpLen:20 DgmLen:1335 DF
***AP*** Seq: 0x924F913A  Ack: 0xA77C2C6  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/26-22:34:13.880257 192.168.24.52:1628 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:22279 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xBA63D7DC  Ack: 0xF6BE1F5  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/27-23:33:30.612112 192.168.24.52:1663 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:33240 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8484437  Ack: 0x2E1D909D  Win: 0xFB34  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/28-23:29:21.224289 192.168.24.52:2689 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2124
***AP*** Seq: 0x59A2AC23  Ack: 0xF4783F87  Win: 0x4F7  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
06/28-23:50:48.981441 192.168.24.52:3239 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2228
***AP*** Seq: 0xAB74CE3C  Ack: 0xB5D1DEBC  Win: 0x50A  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/29-23:30:17.659025 192.168.24.52:2163 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3125 IpLen:20 DgmLen:816 DF
***AP*** Seq: 0x51C2432E  Ack: 0x9C8C6269  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/30-23:37:41.760637 192.168.24.52:1928 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:13101 IpLen:20 DgmLen:1297 DF
***AP*** Seq: 0xB01CE511  Ack: 0xF756175C  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
06/30-23:45:47.376452 192.168.24.52:1948 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:20131 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xECAB6334  Ack: 0x1538A760  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/03-23:06:26.460984 192.168.24.52:1386 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:11862 IpLen:20 DgmLen:370 DF
***AP*** Seq: 0xF76F58A4  Ack: 0x3AC1E9C5  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:26:44.208731 192.168.24.52:2265 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35013 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x765E609C  Ack: 0x37DDC08  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:38:15.183082 192.168.24.52:2285 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35821 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x2F0B72DF  Ack: 0x2DF04426  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:38:15.184467 192.168.24.52:2285 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:35828 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x2F0B9919  Ack: 0x2DF04426  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:43:20.749390 192.168.24.52:2288 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36051 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x22300549  Ack: 0x4142DB33  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:43:20.751135 192.168.24.52:2288 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36058 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x22302B83  Ack: 0x4142DB33  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:44:30.706542 192.168.24.52:2289 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36106 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x2FCA3986  Ack: 0x45978C20  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:44:30.707971 192.168.24.52:2289 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:36113 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x2FCA5FC0  Ack: 0x45978C20  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:54:31.717957 192.168.24.52:2340 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37837 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x833AD8FC  Ack: 0x6BC83665  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:54:31.719683 192.168.24.52:2340 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37844 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x833AFF36  Ack: 0x6BC83665  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/05-23:55:31.072230 192.168.24.52:2342 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37911 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xCE4F458B  Ack: 0x6F0BAB98  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/05-23:55:31.073876 192.168.24.52:2342 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:37918 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0xCE4F6BC5  Ack: 0x6F0BAB98  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:01:07.317136 192.168.24.52:2343 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38068 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3ADA741  Ack: 0x84E0FA69  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:01:07.318881 192.168.24.52:2343 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38075 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3ADCD7B  Ack: 0x84E0FA69  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:05:37.328294 192.168.24.52:2344 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38171 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x3710D336  Ack: 0x94F5EA5F  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:05:37.329771 192.168.24.52:2344 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:38178 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x3710F970  Ack: 0x94F5EA5F  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:16:14.151704 192.168.24.52:2353 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39231 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x4B7BDDBC  Ack: 0xBE1E51FE  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:16:14.153562 192.168.24.52:2353 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39238 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x4B7C03F6  Ack: 0xBE1E51FE  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/06-00:17:38.722980 192.168.24.52:2355 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39316 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1763D9F4  Ack: 0xC2CA6A1D  Win: 0xFB34  TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
07/06-00:17:38.724549 192.168.24.52:2355 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:39323 IpLen:20 DgmLen:1438 DF
***AP*** Seq: 0x1764002E  Ack: 0xC2CA6A1D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/07-23:08:34.177870 192.168.24.52:1124 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3615 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8AC34BC2  Ack: 0x39F1C3E1  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/07-23:17:43.075150 192.168.24.52:1169 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4676 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x1CDEDF63  Ack: 0x5C82DEC4  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/07-23:20:14.954952 192.168.24.52:1172 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:4782 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x14082FC  Ack: 0x65CE9B16  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/09-23:01:59.661612 192.168.24.52:1600 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:18749 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x8930FEB2  Ack: 0x9D220F94  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/11-23:12:16.962483 192.168.24.52:1084 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1617 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xFDF8301A  Ack: 0x3F5FD97D  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/13-00:01:40.921401 192.168.24.52:1598 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:19301 IpLen:20 DgmLen:1430 DF
***AP*** Seq: 0x337B859F  Ack: 0x37E83646  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/13-23:29:53.591740 192.168.24.52:1699 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:21889 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0x9332C6CD  Ack: 0xFD75FB35  Win: 0xFB34  TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
07/14-23:34:28.995243 192.168.24.52:2202 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:31766 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xE01F770E  Ack: 0x4C301426  Win: 0xFB34  TcpLen: 20

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
07/14-23:34:30.974962 192.168.24.52:2202 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6098
***AP*** Seq: 0x4C30158C  Ack: 0xE01F8942  Win: 0x9EC  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-20:27:12.936313 192.168.24.52:1409 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2289
***AP*** Seq: 0x2E1EF6B  Ack: 0x1A3855BE  Win: 0x512  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-20:29:13.766016 192.168.24.52:1410 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1749
***AP*** Seq: 0xC199B2B  Ack: 0x7A7C9B4F  Win: 0x48D  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-22:31:59.880844 192.168.24.52:1939 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1804
***AP*** Seq: 0xDC59DC2C  Ack: 0x51544D24  Win: 0x493  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-23:09:17.934153 192.168.24.52:1981 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:3125
***AP*** Seq: 0x670EDCDF  Ack: 0xFED80D81  Win: 0x5E3  TcpLen: 20

[**] [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING [**]
07/16-23:19:35.928429 192.168.24.52:2040 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1996
***AP*** Seq: 0x901CCE4F  Ack: 0xA6A15881  Win: 0x4D5  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Fri Jul 30 05:05:23 2010

192.168.24.52	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade