SnortSnarf alert page

Source: 200.192.140.144

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

7 such alerts found using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 20:57:40.434518 on 11/04/2009
Latest: 08:01:45.061218 on 11/06/2009

1 different signatures are present for 200.192.140.144 as a source

7 instances of WEB-MISC http directory traversal

There are 1 distinct destination IPs in the alerts of the type on this page.

200.192.140.144 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/04-20:57:40.434518 200.192.140.144:64169 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:9797
***AP*** Seq: 0x379C8C94  Ack: 0xEFE66E3E  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/05-00:03:18.293869 200.192.140.144:36749 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:9797
***AP*** Seq: 0xF548685A  Ack: 0xACCE0007  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/06-02:36:17.967701 200.192.140.144:64035 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:53079
***AP*** Seq: 0x74E2DA30  Ack: 0x2B38CB21  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/06-04:31:53.839896 200.192.140.144:8814 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:58583
***AP*** Seq: 0x2946FE4C  Ack: 0xE13C6969  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/06-04:48:53.079742 200.192.140.144:13091 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:53079
***AP*** Seq: 0x6906B6A4  Ack: 0x2026DF96  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/06-05:17:07.193167 200.192.140.144:19494 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:53273
***AP*** Seq: 0xD33ADCC2  Ack: 0x8C0B3694  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

[**] [1:1113:5] WEB-MISC http directory traversal [**]
[Classification: Attempted Information Leak] [Priority: 2] 
11/06-08:01:45.061218 200.192.140.144:65469 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:53273
***AP*** Seq: 0x416DB891  Ack: 0xF8E6FB6C  Win: 0x5C  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS297]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:19 2010

200.192.140.144	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade