SnortSnarf alert page

Source: 66.249.66.2

SnortSnarf v021111.1

Signature section (16810)

Top 20 source IPs

Top 20 dest IPs

10 such alerts found using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest: 10:24:47.333915 on 06/10/2010
Latest: 02:26:51.322056 on 06/16/2010

2 different signatures are present for 66.249.66.2 as a source

1 instances of (http_inspect) OVERSIZE CHUNK ENCODING
9 instances of WEB-MISC robots.txt access

There are 1 distinct destination IPs in the alerts of the type on this page.

66.249.66.2 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-10:24:47.333915 66.249.66.2:33197 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1861
***AP*** Seq: 0x5E20698A  Ack: 0x45360CD4  Win: 0x3240  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:53:27.130606 66.249.66.2:58946 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1046
***AP*** Seq: 0x7E90A446  Ack: 0x7196EC6F  Win: 0x25B0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:53:49.592183 66.249.66.2:58946 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2863
***AP*** Seq: 0x7E91F747  Ack: 0x7196F776  Win: 0x53C0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-08:53:55.096084 66.249.66.2:38818 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:1500
***AP*** Seq: 0x6A006897  Ack: 0x73870A60  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-01:44:23.509530 66.249.66.2:65286 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:592
***AP*** Seq: 0x51C153DB  Ack: 0x564E414E  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-15:04:19.336412 66.249.66.2:42956 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6870
***AP*** Seq: 0x1E763E6D  Ack: 0x1E2D5BBA  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-14:46:46.917233 66.249.66.2:41296 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:526
***AP*** Seq: 0x1A34E7A7  Ack: 0x11EE5071  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-16:35:30.674011 66.249.66.2:64132 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6616
***AP*** Seq: 0xF23978ED  Ack: 0xE1D9308E  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/15-16:35:30.674011 66.249.66.2:64132 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:6616
***AP*** Seq: 0xF23978ED  Ack: 0xE1D9308E  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/16-02:26:51.322056 66.249.66.2:52623 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:529
***AP*** Seq: 0xACF16C6B  Ack: 0x9718E585  Win: 0x1658  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:27 2010

66.249.66.2	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade