[Silicon Defense logo]

SnortSnarf signature page

WEB-MISC Invalid HTTP Version String

SnortSnarf v021111.1

Signature section (16810)Top 20 source IPsTop 20 dest IPs

144 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 22:51:09.411512 on 09/17/2009
Latest such alert at 16:41:30.878689 on 08/30/2010

WEB-MISC Invalid HTTP Version String 54 sources 1 destinations
Priority: 2Classification: Detection of a non-standard protocol or event
[sid:2570] [BUGTRAQ:9809]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
221.187.5.138131311
136.187.19.99132311
130.54.208.201112511
202.23.125.131111111
210.188.189.65101011
130.54.208.193969811
210.249.184.606611
210.2.158.36611
210.128.52.44411
202.246.252.974411
198.209.42.94411
195.150.76.1844511
66.249.66.3922211
202.249.200.112211
220.96.213.72411
217.83.150.862211
205.188.116.742211
58.13.255.1942211
219.176.196.1012211
64.121.61.541111
202.32.132.41111
67.184.234.2241211
126.112.32.2261111
124.84.133.2321111
202.166.172.2511111
80.80.111.2001111
58.1.110.2501111
151.198.75.341111
218.219.14.1421111
196.20.38.101111
221.114.175.2531111
213.236.139.1301211
24.225.178.2171111
220.104.237.2541111
58.188.73.2041111
210.168.228.1621111
71.192.139.211111
83.167.112.11111
218.117.11.541111
87.206.88.411111
163.143.94.1121111
217.83.133.721111
150.162.181.2001211
200.88.46.581111
80.35.163.521111
125.203.97.171211
222.8.39.561211
58.188.73.271111
200.47.37.11211
58.88.124.91111
87.185.175.1621111
60.38.168.711111
205.188.117.681111
210.251.71.1371111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.24.111441680354935
SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 14 05:05:17 2010