[Silicon Defense logo]

SnortSnarf alert page

Source: 72.30.99.84

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

15 such alerts found using input module SnortFileInput, with sources:
Earliest: 06:38:05.911439 on 08/06/2010
Latest: 21:33:50.925787 on 08/06/2010

1 different signatures are present for 72.30.99.84 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

72.30.99.84 Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-06:38:05.911439 72.30.99.84:50326 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x5810A15C Ack: 0xDD17F3FF Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-07:39:30.655407 72.30.99.84:35767 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x3FB26F34 Ack: 0xC4B265BF Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-08:55:02.900683 72.30.99.84:37002 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x5C71BB35 Ack: 0xE190AECD Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-10:12:08.185071 72.30.99.84:56789 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7FE5179E Ack: 0x5B2AD28 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-10:43:31.336035 72.30.99.84:44054 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xF6EBF151 Ack: 0x7C1AD8B3 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-11:52:08.219816 72.30.99.84:43746 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xFA1EF43B Ack: 0x7E9CCD79 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-13:20:45.236973 72.30.99.84:40412 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x4836E5E8 Ack: 0xCC7AAAEF Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-14:42:25.620458 72.30.99.84:49142 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x7D353846 Ack: 0x19838A7 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-15:55:55.608382 72.30.99.84:33520 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x91B94133 Ack: 0x166E4724 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-16:48:22.102548 72.30.99.84:53673 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x58356B07 Ack: 0xDDE6C916 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-17:31:50.223676 72.30.99.84:37792 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xFB839ADF Ack: 0x80FDB95E Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-18:36:23.490172 72.30.99.84:60021 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xEF88DEF5 Ack: 0x75132FA6 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-19:46:00.463528 72.30.99.84:59477 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0xF63EAD89 Ack: 0x7BA474F1 Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-20:24:56.456311 72.30.99.84:49323 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x8A52A646 Ack: 0xF62E29E Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2]
08/06-21:33:50.925787 72.30.99.84:42791 -> 192.168.24.11:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:232
***AP*** Seq: 0x8E9B753D Ack: 0x12FA753C Win: 0x5C TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:25 2010