[Silicon Defense logo]

SnortSnarf alert page

Source: 221.187.5.138

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

13 such alerts found using input module SnortFileInput, with sources:
Earliest: 12:11:30.476652 on 06/08/2010
Latest: 12:14:23.415832 on 06/08/2010

1 different signatures are present for 221.187.5.138 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

221.187.5.138 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:30.476652 221.187.5.138:51369 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:687
***AP*** Seq: 0x32D01E8 Ack: 0x8650AAA7 Win: 0x8644 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:30.543879 221.187.5.138:21175 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:485
***AP*** Seq: 0x2CBF250 Ack: 0x8718FA16 Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:30.674964 221.187.5.138:30637 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:480
***AP*** Seq: 0x307E293 Ack: 0x8728B3B1 Win: 0x33A4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:30.964479 221.187.5.138:56206 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x3B8C5A9 Ack: 0x86CEFD52 Win: 0xA540 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:30.978891 221.187.5.138:36665 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x2FDA5E4 Ack: 0x866F9FA6 Win: 0xBF12 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:31.059165 221.187.5.138:9527 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x3A27157 Ack: 0x86B7029C Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:31.114887 221.187.5.138:35113 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x37B587A Ack: 0x87171331 Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:31.123693 221.187.5.138:46234 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x38F02B6 Ack: 0x86EE3A00 Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:31.195332 221.187.5.138:19420 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x32D7764 Ack: 0x86B60DD6 Win: 0xA540 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:31.330027 221.187.5.138:38394 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x2E06B93 Ack: 0x86E1BBD6 Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:11:31.343331 221.187.5.138:41716 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:495
***AP*** Seq: 0x3C33C3D Ack: 0x869D2F3E Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:14:23.314319 221.187.5.138:9382 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:422
***AP*** Seq: 0xD8013EB Ack: 0x90FB9AD4 Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
[**] [1:2570:7] WEB-MISC Invalid HTTP Version String [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2]
06/08-12:14:23.415832 221.187.5.138:19839 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:475
***AP*** Seq: 0xD21D4A1 Ack: 0x91225537 Win: 0x16D0 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11593][Xref => http://www.securityfocus.com/bid/9809]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:22 2010