[Silicon Defense logo]

SnortSnarf alert page

Source: 62.210.152.90

SnortSnarf v021111.1

Signature section (145)Top 20 source IPsTop 20 dest IPs

3 such alerts found using input module SnortFileInput, with sources:
Earliest: 15:10:08.635239 on 10/13/2017
Latest: 15:10:08.635239 on 10/13/2017

3 different signatures are present for 62.210.152.90 as a source

There are 1 distinct destination IPs in the alerts of the type on this page.

62.210.152.90 (62-210-152-90.rev.poneytelecom.eu) Whois lookup at: ARIN RIPE APNIC Geektools
DNS lookup at: Amenesi TRIUMF Princeton
More lookup links: Dshield Sam Spade


[**] [1:19438:13] SQL url ending in comment characters - possible sql injection attempt [**]
[Classification: Web Application Attack] [Priority: 1]
10/13-15:10:08.635239 62.210.152.90:57557 -> 192.168.0.37:80
TCP TTL:108 TOS:0x0 ID:9996 IpLen:20 DgmLen:2396 DF
***AP*** Seq: 0x638CD16B Ack: 0x0 Win: 0x0 TcpLen: 20
[Xref => http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2998]
[**] [1:19439:8] SQL 1 = 1 - possible sql injection attempt [**]
[Classification: Web Application Attack] [Priority: 1]
10/13-15:10:08.635239 62.210.152.90:57557 -> 192.168.0.37:80
TCP TTL:108 TOS:0x0 ID:9996 IpLen:20 DgmLen:2396 DF
***AP*** Seq: 0x638CD16B Ack: 0x0 Win: 0x0 TcpLen: 20
[Xref => http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/]
[**] [1:19440:8] SQL 1 = 0 - possible sql injection attempt [**]
[Classification: Web Application Attack] [Priority: 1]
10/13-15:10:08.635239 62.210.152.90:57557 -> 192.168.0.37:80
TCP TTL:108 TOS:0x0 ID:9996 IpLen:20 DgmLen:2396 DF
***AP*** Seq: 0x638CD16B Ack: 0x0 Win: 0x0 TcpLen: 20
[Xref => http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/]

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 19 05:01:23 2018