SnortSnarf alert page

Destination: 192.168.1.6: #1001-1100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 05:56:21.059123 on 04/28/2003
Latest: 11:06:22.244377 on 04/29/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-05:56:21.059123 159.134.176.59:4279 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31777 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x67C98CFB  Ack: 0xEC626288  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-07:37:57.703972 63.197.51.170:1466 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22006 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D447799  Ack: 0x6C3B1722  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-07:37:57.813580 63.197.51.170:1466 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22007 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6D447D4D  Ack: 0x6C3B1722  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-12:16:43.608054 24.71.45.89:1406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A9F5FF9  Ack: 0x8A349EB2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-12:16:43.645591 24.71.45.89:1406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5A9F65AD  Ack: 0x8A349EB2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-12:51:33.831010 209.237.238.159:2591 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:48525 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x43FA5A3E  Ack: 0xD6EAD6D  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 682164517 911826238 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-13:54:49.309170 24.209.203.150:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:36683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B3826F8  Ack: 0xFB8E1D81  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-13:54:49.331393 24.209.203.150:3278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:36684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B382CAC  Ack: 0xFB8E1D81  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-14:53:23.225172 24.61.2.118:1394 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:7307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15728573  Ack: 0xD966C684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-14:53:23.231574 24.61.2.118:1394 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:7308 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15728B27  Ack: 0xD966C684  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-15:55:43.635997 66.196.65.24:31654 -> 192.168.1.6:80
TCP TTL:231 TOS:0x0 ID:13728 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1FF13226  Ack: 0xC4C90AA3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-15:59:46.618189 24.209.97.60:3083 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:30546 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC6D63F7  Ack: 0xD3E92855  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-15:59:46.654901 24.209.97.60:3083 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:30547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAC6D69AB  Ack: 0xD3E92855  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-17:10:37.156175 24.209.97.60:2431 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:3229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F6EFBAD  Ack: 0xDFE9965D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-17:10:37.176916 24.209.97.60:2431 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:3230 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F6F0161  Ack: 0xDFE9965D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-20:41:48.576237 24.209.238.177:1184 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FABCA90  Ack: 0xFD69BC42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-20:41:48.607655 24.209.238.177:1184 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FABD044  Ack: 0xFD69BC42  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:02:06.248576 24.209.238.177:3846 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:42086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF4B943B0  Ack: 0x4A0779A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:02:06.296842 24.209.238.177:3846 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:42087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF4B94964  Ack: 0x4A0779A1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:39:25.725095 24.209.97.60:4371 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:24448 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B2A5F1  Ack: 0xD730D12E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-21:39:25.737411 24.209.97.60:4371 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:24449 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7B2ABA5  Ack: 0xD730D12E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:10:03.515145 24.209.37.151:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35953 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25604A  Ack: 0x4AA3D696  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:10:03.561197 24.209.37.151:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35954 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2565FE  Ack: 0x4AA3D696  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:52:50.050234 24.209.37.151:3687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8090 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC6E3403  Ack: 0xECA8AAD7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-22:52:50.070289 24.209.37.151:3687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8091 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFC6E39B7  Ack: 0xECA8AAD7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-23:06:47.964344 66.196.65.24:14204 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:52599 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3A730E3F  Ack: 0x21457821  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/28-23:27:00.469528 67.68.242.158:22581 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:519 IpLen:20 DgmLen:242 DF
***AP*** Seq: 0x22FD62D5  Ack: 0x6DDB55DD  Win: 0x43F8  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-23:34:50.612267 24.63.13.186:2299 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12844 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x74945608  Ack: 0x8A9372F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/28-23:34:50.643732 24.63.13.186:2299 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:12845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x74945BBC  Ack: 0x8A9372F5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-00:00:15.792941 66.230.140.66:6297 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:52602 IpLen:20 DgmLen:155 DF
***AP*** Seq: 0x541CC8C3  Ack: 0xEA8FF27A  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 165135871 932375549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-00:30:37.749516 24.209.238.177:1592 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:24064 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5ADEAE5  Ack: 0x5EA46F13  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-00:30:37.775119 24.209.238.177:1592 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:24065 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD5ADF099  Ack: 0x5EA46F13  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-00:31:12.614525 66.196.65.24:41287 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:4759 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x24A5F52A  Ack: 0x6062B26F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:27:19.982469 24.209.238.177:4946 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:48030 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17B8E474  Ack: 0x3449FE77  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:27:20.023795 24.209.238.177:4946 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:48031 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17B8EA28  Ack: 0x3449FE77  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:59:06.469768 24.209.37.151:3653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE149EF04  Ack: 0xABF06DD5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-01:59:08.772701 24.209.37.151:3653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE149F4B8  Ack: 0xABF06DD5  Win: 0x4470  TcpLen: 20

[**] [1:648:5] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/29-02:01:17.272997 209.249.123.243:80 -> 192.168.1.6:32841
TCP TTL:52 TOS:0x0 ID:4689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6B50ED00  Ack: 0xB4FC214B  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 234462599 936094658 
[Xref => http://www.whitehats.com/info/IDS181]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-02:14:14.810249 24.209.37.151:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E928A0E  Ack: 0xE51BC2A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-02:14:14.835224 24.209.37.151:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25751 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E928FC2  Ack: 0xE51BC2A3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:08:47.338421 24.209.238.177:1279 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:14809 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4549F346  Ack: 0xB395AA0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:08:47.371762 24.209.238.177:1279 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:14810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4549F8FA  Ack: 0xB395AA0C  Win: 0x4470  TcpLen: 20

[**] [1:241:2] DDOS shaft synflood [**]
[Classification: Attempted Denial of Service] [Priority: 2] 
04/29-03:42:58.630205 195.28.200.200:80 -> 192.168.1.6:80
TCP TTL:11 TOS:0x0 ID:889 IpLen:20 DgmLen:40 DF
******S* Seq: 0x28374839  Ack: 0x5EFD59A8  Win: 0x888  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS253]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:07.671773 24.186.148.24:1497 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7796 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x12A2CF3C  Ack: 0x5E43B46D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:08.020265 24.186.148.24:1501 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7806 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x12A6D0F1  Ack: 0x5EF4E94A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:11.680224 24.186.148.24:1560 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:7968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12DD5D53  Ack: 0x5F2E6A4D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:14.969071 24.186.148.24:1604 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8052 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x130BE85F  Ack: 0x5F0AEAFB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:24.265944 24.186.148.24:1741 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8444 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x139480BA  Ack: 0x5FC19079  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-03:54:30.921302 24.186.148.24:1787 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8659 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x13C29BAE  Ack: 0x5FF63172  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-03:54:43.627339 24.186.148.24:1952 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9041 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x146DCC66  Ack: 0x60C73201  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:53.029527 24.186.148.24:2098 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9285 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x150AA19D  Ack: 0x61403FD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:53.170125 24.186.148.24:2099 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9291 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x150BA62B  Ack: 0x60B84160  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.538469 24.186.148.24:2143 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9387 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1536C5FB  Ack: 0x6157A94E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.645340 24.186.148.24:2148 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x153B1218  Ack: 0x61DFC24D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.751435 24.186.148.24:2150 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9406 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x153CE6F8  Ack: 0x61939B44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.879126 24.186.148.24:2151 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9413 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x153E3CE2  Ack: 0x61AD118F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:56.974627 24.186.148.24:2154 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9422 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x154100AC  Ack: 0x61AF92E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:54:59.920821 24.186.148.24:2154 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9501 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x154100AC  Ack: 0x61AF92E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:55:03.070714 24.186.148.24:2190 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9595 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x15672AEB  Ack: 0x618CAA5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-03:55:03.410220 24.186.148.24:2226 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9608 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x158CDA9A  Ack: 0x61CB53F8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-05:38:34.064352 64.210.196.198:50457 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:13085 IpLen:20 DgmLen:219 DF
***AP*** Seq: 0x99698771  Ack: 0xE9FDCAED  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:42:59.810672 24.209.37.151:4531 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39338 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18398CE0  Ack: 0xFA4E869A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:42:59.830268 24.209.37.151:4531 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18399294  Ack: 0xFA4E869A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:55:27.022543 24.209.37.151:4610 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20947 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA749A9  Ack: 0x29244E62  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-05:55:27.046926 24.209.37.151:4610 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4FA74F5D  Ack: 0x29244E62  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:52:43.513844 24.209.238.177:1712 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:45009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFCAC0B1  Ack: 0x14A5439  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:52:43.539981 24.209.238.177:1712 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:45010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFCAC665  Ack: 0x14A5439  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:58:00.926147 24.209.238.177:1332 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:2032 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA01763D  Ack: 0x157A9654  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-06:58:00.954845 24.209.238.177:1332 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:2033 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA017BF1  Ack: 0x157A9654  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:14:02.881360 61.189.217.31:3641 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x191333F8  Ack: 0x51DAD26A  Win: 0x3908  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:14:02.903092 61.189.217.31:3641 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:34490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x191339AC  Ack: 0x51DAD26A  Win: 0x3908  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:32:07.129717 24.27.172.150:4464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47996 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xDA44736E  Ack: 0x96B2D88F  Win: 0x43A4  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-07:32:07.191087 24.27.172.150:4464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47997 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0xDA4478A2  Ack: 0x96B2D88F  Win: 0x43A4  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-07:37:30.489499 66.196.65.24:63623 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:19497 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC75D29AF  Ack: 0xAA4FC05C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:05.270031 24.131.113.37:3860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25550 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA6E1F4A4  Ack: 0x567B7713  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:05.903105 24.131.113.37:3888 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25611 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA6F87FAB  Ack: 0x564BB5E9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:06.116384 24.131.113.37:3899 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25628 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA700DE8D  Ack: 0x56F83507  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:06.303167 24.131.113.37:3902 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25649 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA7040CF5  Ack: 0x56D1E366  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:15.820170 24.131.113.37:4336 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:26891 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA864BD74  Ack: 0x5762B3F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-08:23:19.586676 24.131.113.37:4473 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27190 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA8D58E52  Ack: 0x57B7785B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-08:23:19.767975 24.131.113.37:4482 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27210 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA8DC76D4  Ack: 0x57F1F144  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:19.967347 24.131.113.37:4486 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27230 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8DFF43C  Ack: 0x57A0E11E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-08:23:20.292227 24.131.113.37:4495 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:27271 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8E7AA1B  Ack: 0x574FF2C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:04.280517 24.99.37.186:3219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46810 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9DA4A657  Ack: 0xBF2668DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:04.737052 24.99.37.186:3233 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46855 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9DB173C3  Ack: 0xBEB2D0E4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:04.890423 24.99.37.186:3237 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46874 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DB4847D  Ack: 0xBEDAB28C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:08.235438 24.99.37.186:3295 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47034 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9DECBAA2  Ack: 0xBF3F06CD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:11.659780 24.99.37.186:3350 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47201 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E22ADDD  Ack: 0xBF8C3311  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:06:11.806640 24.99.37.186:3353 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47210 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E25733D  Ack: 0xBFB3973E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/29-11:06:11.919942 24.99.37.186:3356 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47215 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E27FFAA  Ack: 0xBEE9BFBD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:12.050281 24.99.37.186:3358 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47224 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9E296AB9  Ack: 0xBF0EA569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.170827 24.99.37.186:3398 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47338 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E52E110  Ack: 0xBF07BFA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.290124 24.99.37.186:3402 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47345 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E569A0B  Ack: 0xBF4F4C07  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.430021 24.99.37.186:3404 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E590D49  Ack: 0xBF550A94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.546090 24.99.37.186:3405 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9E5A6BFA  Ack: 0xBEFB8373  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:15.678760 24.99.37.186:3406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47369 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E5B8854  Ack: 0xBF9C7A74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:18.639514 24.99.37.186:3406 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47449 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9E5B8854  Ack: 0xBF9C7A74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:18.950082 24.99.37.186:3449 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47462 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E87B79B  Ack: 0xBFFEB403  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:21.942599 24.99.37.186:3449 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47537 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E87B79B  Ack: 0xBFFEB403  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/29-11:06:22.244377 24.99.37.186:3491 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47548 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9EB278B2  Ack: 0xBFC72A44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]