SnortSnarf alert page

Destination: 192.168.1.6: #1301-1400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 03:30:12.950567 on 05/02/2003
Latest: 03:17:10.497767 on 05/03/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:12.950567 24.74.84.124:4657 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38456 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x471AB8B2  Ack: 0xC29D35C5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:23.774212 24.74.84.124:1100 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40150 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x48679DBB  Ack: 0xC3B921FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-03:30:25.160403 24.74.84.124:1178 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40415 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48A04C5F  Ack: 0xC47887D8  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-03:30:35.789814 24.74.84.124:1582 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42079 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x49EACE55  Ack: 0xC49FEF5F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:37.558363 24.74.84.124:1645 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42377 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4A211AF4  Ack: 0xC4CFB1BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:51.031256 24.74.84.124:2068 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B7E2ECD  Ack: 0xC565D028  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:30:56.200627 24.74.84.124:2381 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:45422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C7D2DC4  Ack: 0xC66C6DA4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:01.045934 24.74.84.124:2563 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46194 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D17583E  Ack: 0xC6905E01  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:02.996105 24.74.84.124:2629 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46487 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D4E4399  Ack: 0xC6FEB895  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:04.685312 24.74.84.124:2692 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:46784 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4D85E424  Ack: 0xC6461620  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:06.147135 24.74.84.124:2764 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47015 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4DC16DE9  Ack: 0xC6CAA5A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:09.266485 24.74.84.124:2764 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47524 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4DC16DE9  Ack: 0xC6CAA5A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:16.607747 24.74.84.124:3157 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:48720 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4F050728  Ack: 0xC75E6DF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-03:31:27.162067 24.74.84.124:3571 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50452 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x505A30A7  Ack: 0xC785ADC4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-04:33:50.587716 24.209.238.177:4615 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:19998 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB05791E7  Ack: 0xB3EAC98D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-04:33:50.618731 24.209.238.177:4615 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:19999 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB057979B  Ack: 0xB3EAC98D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-05:33:58.966241 24.33.80.121:2347 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:34949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A7D705  Ack: 0x979E5751  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-05:33:58.995569 24.33.80.121:2347 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:34950 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A7DCB9  Ack: 0x979E5751  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:25:44.193227 24.141.105.208:3378 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x541A68AA  Ack: 0x5A259554  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:25:44.200021 24.141.105.208:3378 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:42775 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x541A6E5E  Ack: 0x5A259554  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:49:12.330828 24.209.238.177:1602 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:51349 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x78BC8286  Ack: 0xB3F98E76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:49:12.360633 24.209.238.177:1602 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:51350 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x78BC883A  Ack: 0xB3F98E76  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-06:54:14.780156 209.237.238.174:34653 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:65188 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x76287E04  Ack: 0xC6B5605C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 117277146 1077851796 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:54:22.522831 24.209.238.177:1364 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:8860 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9357EE42  Ack: 0xC70C4710  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-06:54:22.555358 24.209.238.177:1364 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:8861 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9357F3F6  Ack: 0xC70C4710  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-06:59:49.911459 209.237.238.162:1277 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:13021 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x5F135353  Ack: 0xDB404CB2  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 263785068 1078023429 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-07:11:47.722391 203.93.167.60:4638 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:53863 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0x79DEA203  Ack: 0x7F89DC1  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-08:10:34.131291 209.237.238.159:4671 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:44421 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xF3FF90CA  Ack: 0xE622E6CA  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 715033505 1080197190 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-08:12:12.790714 24.209.238.177:2506 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:29244 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23C39058  Ack: 0xEC468D09  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-08:12:12.821473 24.209.238.177:2506 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:29245 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23C3960C  Ack: 0xEC468D09  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-09:48:00.695395 24.209.203.150:2601 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41683 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99DB26B  Ack: 0x575596DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-09:48:00.715681 24.209.203.150:2601 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:41684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB99DB81F  Ack: 0x575596DF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:04:36.708829 24.207.196.229:4040 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57929 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD63E6B35  Ack: 0x95DC64FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:04:36.816186 24.207.196.229:4040 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57930 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD63E70E9  Ack: 0x95DC64FD  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:07:57.579333 24.209.203.150:2747 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3276BD6D  Ack: 0xA26D50C6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:07:57.610671 24.209.203.150:2747 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:28897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3276C321  Ack: 0xA26D50C6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.837320 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC51B99  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:44:09.843262 24.209.105.156:3207 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4DC5214D  Ack: 0x29F7ED57  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:50:19.515909 24.209.203.150:1189 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C59BAE8  Ack: 0x41294606  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-10:50:19.548350 24.209.203.150:1189 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9260 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2C59C09C  Ack: 0x41294606  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.583102 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39826 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B25C  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:08:33.621461 24.209.39.246:3390 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39827 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DF6B810  Ack: 0x8781F1EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.723914 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53810 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA598C1  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-11:11:34.771935 24.209.39.246:4627 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53811 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6DA59E75  Ack: 0x93622D25  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.081641 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630AF78  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:38:02.088355 24.209.105.156:4339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30117 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD630B52C  Ack: 0xD82E165B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:43:35.366664 24.209.238.177:4785 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:39378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D3F3604  Ack: 0xED989EB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:43:35.399339 24.209.238.177:4785 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:39379 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2D3F3BB8  Ack: 0xED989EB4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:41.216076 24.220.31.3:4393 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18515 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x24B5394D  Ack: 0xF1E76176  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:50.813970 24.220.31.3:1108 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20078 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x264ECE7E  Ack: 0xF2B551A9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:51.079575 24.220.31.3:1121 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20116 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x265A3166  Ack: 0xF33B830A  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:51.360740 24.220.31.3:1127 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20153 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x265F520B  Ack: 0xF30E61A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:44:51.598896 24.220.31.3:1136 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20180 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2667AE07  Ack: 0xF2D72FFC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-12:44:51.825955 24.220.31.3:1149 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20207 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x26718E8C  Ack: 0xF26F2D51  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-12:44:52.078311 24.220.31.3:1157 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20238 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2678379A  Ack: 0xF2DE6FA1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:04.475466 24.220.31.3:1601 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22155 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x27DAFE18  Ack: 0xF30A61B9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:04.930231 24.220.31.3:1790 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28718E2C  Ack: 0xF3F3D1DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:05.391191 24.220.31.3:1818 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28883EDB  Ack: 0xF359BD6D  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:05.890139 24.220.31.3:1841 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22421 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x289B0D59  Ack: 0xF3EDACC1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:06.321892 24.220.31.3:1867 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22498 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28B25C40  Ack: 0xF391E2B2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:06.761767 24.220.31.3:1885 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22587 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x28BFF3D6  Ack: 0xF3E837C0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:07.216528 24.220.31.3:1910 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22669 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28D31034  Ack: 0xF3AA7278  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:07.579780 24.220.31.3:1933 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:22747 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x28E66472  Ack: 0xF441BB67  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-12:45:16.805979 24.220.31.3:2448 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24589 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2A8C560A  Ack: 0xF446CC32  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.282017 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F0C3E  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:04:16.289166 24.209.105.156:3878 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x668F11F2  Ack: 0x3C2B79EE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.885533 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50814 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EA4BD  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:20:13.927932 24.209.39.246:2709 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF31EAA71  Ack: 0x78CACEA7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.894290 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916802  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-13:29:58.914096 24.209.39.246:2159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23916DB6  Ack: 0x9CBB273D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:17:45.046537 24.209.203.150:1764 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31383 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F1F4B68  Ack: 0x51420549  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:17:45.079048 24.209.203.150:1764 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31384 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F1F511C  Ack: 0x51420549  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:20:00.431703 24.209.203.150:1188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAC74D52  Ack: 0x59E06101  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-14:20:00.463907 24.209.203.150:1188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43775 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAAC75306  Ack: 0x59E06101  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.278670 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0A463  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:17:16.300070 24.209.39.246:1799 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19135 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25F0AA17  Ack: 0x329317A1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:55:24.189246 24.209.238.177:2089 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:25686 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x739C3E67  Ack: 0xC10FD6DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-15:55:24.219654 24.209.238.177:2089 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:25687 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x739C441B  Ack: 0xC10FD6DC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:25:43.577080 24.209.238.177:1609 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59499 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6643507  Ack: 0xFA2B6BF2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:25:43.611479 24.209.238.177:1609 -> 192.168.1.6:80
TCP TTL:122 TOS:0x0 ID:59500 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6643ABB  Ack: 0xFA2B6BF2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.270684 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD02055DB  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-18:43:20.304375 24.209.39.246:2129 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0205B8F  Ack: 0x3BD1C669  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-19:41:17.376488 24.102.7.235:3361 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x713FF4A2  Ack: 0x178A4590  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-19:41:17.440607 24.102.7.235:3361 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x713FFA56  Ack: 0x178A4590  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/02-20:11:58.317129 64.68.82.39:34974 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:47423 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3A0B4AE4  Ack: 0x8B2A6895  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1599599614 1102365972 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.790023 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7515 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96BAFF  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:40:42.818167 24.209.39.246:2798 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7516 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA96C0B3  Ack: 0xF7DBC85F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:42:56.668575 24.172.109.3:2689 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59792 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FE01B8E  Ack: 0x656930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/02-20:42:56.675935 24.172.109.3:2689 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:59793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7FE02142  Ack: 0x656930  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.022233 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62565 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BD6CC  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:25:30.044824 24.209.39.246:1697 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC79BDC80  Ack: 0x2C6CF8D3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:20.793242 24.118.109.209:1891 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10527 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD11FD684  Ack: 0x8E840EA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:20.799247 24.118.109.209:1891 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10528 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD11FDC38  Ack: 0x8E840EA0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:53.776613 24.151.33.76:1129 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10948 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72C6866  Ack: 0x9024A191  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-01:51:53.786949 24.151.33.76:1129 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10949 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72C6E1A  Ack: 0x9024A191  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-02:06:59.565927 24.148.85.85:1895 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44174 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A93EA0B  Ack: 0xC9140306  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-02:06:59.611128 24.148.85.85:1895 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:44175 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4A93EFBF  Ack: 0xC9140306  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.527589 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11553 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE95D12  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:15:37.573104 24.209.39.246:4965 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11554 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE962C6  Ack: 0xCBD47BA3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:17:10.497767 218.58.6.15:2817 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:15042 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0xC6D79AC8  Ack: 0xD20A3B98  Win: 0x4410  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]