[Silicon Defense logo]

SnortSnarf alert page

Source: 72.30.110.224: #201-209

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

Looking using input module SnortFileInput, with sources:
Earliest: 05:19:24.643688 on 05/27/2010
Latest: 15:29:03.261836 on 06/16/2010

1 different signatures are present for 72.30.110.224 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

72.30.110.224 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

Go to: previous range, all alerts, overview page
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-05:19:24.643688 72.30.110.224:46771 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x66BE7070 Ack: 0xF278C177 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-10:27:34.228233 72.30.110.224:56876 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xF2106108 Ack: 0x7D29B8A5 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-12:01:00.842223 72.30.110.224:43900 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x5304C0F7 Ack: 0xDD11FB7E Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/27-13:19:32.500286 72.30.110.224:41069 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7B6E8079 Ack: 0x530A1D3 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/28-10:45:03.286114 72.30.110.224:38171 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7287F63D Ack: 0xF47DA309 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/28-18:15:47.677366 72.30.110.224:49283 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x17DAB5E0 Ack: 0x97408FCE Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/28-22:33:48.497294 72.30.110.224:46769 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xE74EA612 Ack: 0x647B6784 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
05/29-09:44:09.458871 72.30.110.224:41548 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xCA5E72C0 Ack: 0x444B0FDD Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
06/16-15:29:03.261836 72.30.110.224:40702 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x3A20FA93 Ack: 0x1CF852ED Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
Go to: previous range, all alerts, overview page
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:29 2010