[Silicon Defense logo]

SnortSnarf alert page

Source: 38.113.234.181

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

9 such alerts found using input module SnortFileInput, with sources:
Earliest: 22:30:36.798833 on 11/18/2009
Latest: 10:21:28.162511 on 05/02/2010

1 different signatures are present for 38.113.234.181 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

38.113.234.181 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
11/18-22:30:36.798833 38.113.234.181:37104 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0x59430149 Ack: 0xAF6CE122 Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
11/20-22:39:35.043879 38.113.234.181:52749 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0xF6A2C3DF Ack: 0x4D3CE3BB Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
11/22-10:10:56.306172 38.113.234.181:55480 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0x6817B6FF Ack: 0xBE4CB165 Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
11/26-15:01:37.259508 38.113.234.181:40230 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0xA925858E Ack: 0xFF29C9C7 Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
01/11-05:54:50.896914 38.113.234.181:57081 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0xB72DE036 Ack: 0xB050537 Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
01/15-01:10:21.611451 38.113.234.181:36177 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0x7BFCAA4B Ack: 0xCFE6C11E Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
01/16-12:15:13.736266 38.113.234.181:60180 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0x88FCF364 Ack: 0xDC5BC592 Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
01/24-18:24:26.825523 38.113.234.181:54630 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0xE9EE9C23 Ack: 0x3DC46441 Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/02-10:21:28.162511 38.113.234.181:42230 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:194
***AP*** Seq: 0x3E438DE4 Ack: 0x2C1C993D Win: 0x5B4 TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:23 2010