[Silicon Defense logo]

SnortSnarf alert page

Source: 192.168.24.52: #701-703

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

Looking using input module SnortFileInput, with sources:
Earliest: 22:15:27.127262 on 09/10/2010
Latest: 23:39:55.534902 on 09/13/2010

6 different signatures are present for 192.168.24.52 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

192.168.24.52 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page
[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/10-22:15:27.127262 192.168.24.52:1911 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:1128 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB725818E Ack: 0x2BA85E54 Win: 0xFB34 TcpLen: 20
[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/11-22:58:58.081928 192.168.24.52:1072 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:2876 IpLen:20 DgmLen:232 DF
***AP*** Seq: 0xC4A5C9D2 Ack: 0xE62E793 Win: 0xFB34 TcpLen: 20
[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
09/13-23:39:55.534902 192.168.24.52:1165 -> 192.168.24.11:80
TCP TTL:128 TOS:0x0 ID:3989 IpLen:20 DgmLen:1438 DF
***A**** Seq: 0xB1534DFD Ack: 0x249B21A2 Win: 0xFB34 TcpLen: 20
Go to: previous range, all alerts, overview page
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:30 2010