SnortSnarf alert page

Destination: 192.168.1.6: #1401-1500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 03:34:50.972658 on 05/03/2003
Latest: 06:10:40.890761 on 05/04/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-03:34:50.972658 216.211.89.221:4324 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33224 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0xD41115AE  Ack: 0x144D956D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-07:03:55.891581 24.93.51.106:1832 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2F30B1F  Ack: 0x2A019E7F  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-07:03:55.898148 24.93.51.106:1832 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2F310D3  Ack: 0x2A019E7F  Win: 0x16D0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:19.984803 24.201.150.218:4781 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2459 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9EBB0DD5  Ack: 0x44DCD667  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:21.312677 24.201.150.218:4816 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9EDCD65A  Ack: 0x44CA0DE4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:25.326239 24.201.150.218:4829 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2875 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9EE7EFB4  Ack: 0x45158E66  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:26.383316 24.201.150.218:4899 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:2966 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9F243352  Ack: 0x451D9063  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:28.121361 24.201.150.218:4923 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3050 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9F3553DD  Ack: 0x45218128  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:57:29.269827 24.201.150.218:4948 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3160 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9F47DAEC  Ack: 0x4515997D  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:57:30.364357 24.201.150.218:4996 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3268 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9F5A9443  Ack: 0x45604054  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:31.480480 24.201.150.218:1046 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3380 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9F70A34F  Ack: 0x45118266  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:36.232406 24.201.150.218:1120 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3744 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FB6B1AC  Ack: 0x456A3D4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:37.238223 24.201.150.218:1148 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3853 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FD27535  Ack: 0x454D8E39  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:38.311732 24.201.150.218:1162 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:3950 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FE0AB5B  Ack: 0x45D5DC81  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:39.328216 24.201.150.218:1180 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9FF3241D  Ack: 0x45C06C51  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:40.391473 24.201.150.218:1197 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4138 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA0042B1B  Ack: 0x45B14E46  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:41.380028 24.201.150.218:1219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4210 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA017EEB2  Ack: 0x465A027A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:44.372258 24.201.150.218:1219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA017EEB2  Ack: 0x465A027A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:46.450748 24.201.150.218:1286 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:4590 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA057EF21  Ack: 0x464446EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:56.609768 24.201.150.218:1450 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5352 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA0F8E9D6  Ack: 0x46ABF2E3  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:57:57.038535 24.150.202.37:4664 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36184 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFEC07CF6  Ack: 0x46C0A37F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.029246 24.150.202.37:1042 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36748 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFFAFBE1C  Ack: 0x470CECB0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.263899 24.150.202.37:1048 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36788 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFFB556C5  Ack: 0x46C1285B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.514859 24.150.202.37:1052 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36826 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFFB99539  Ack: 0x4750710A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:00.850592 24.150.202.37:1055 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFFBD510B  Ack: 0x478AA910  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:58:04.196023 24.150.202.37:1063 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37504 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFFC458D2  Ack: 0x46FF87B4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-13:58:13.404496 24.150.202.37:1156 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38775 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x147777  Ack: 0x47251578  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:13.752024 24.150.202.37:1347 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38827 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC68C6A  Ack: 0x48008D98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:22.937227 24.150.202.37:1357 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40047 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCC8B96  Ack: 0x47CB43DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:26.210397 24.150.202.37:1529 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1713BAF  Ack: 0x48BFE65F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:26.497425 24.150.202.37:1586 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40472 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1A4710B  Ack: 0x48DD4203  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:29.960303 24.150.202.37:1648 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40918 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1E0889F  Ack: 0x49152EFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:39.420967 24.150.202.37:1831 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42223 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2871B4B  Ack: 0x4930D731  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:48.778720 24.150.202.37:1837 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43286 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28D10CE  Ack: 0x4908C570  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:49.013105 24.150.202.37:1996 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43339 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3233265  Ack: 0x49E7BCD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-13:58:49.232138 24.150.202.37:2006 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:43391 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x32B22F3  Ack: 0x4A05F7C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-15:35:15.619878 24.99.77.52:1343 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:4460 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0xB761119D  Ack: 0xB602B411  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-15:35:15.620420 24.99.77.52:1343 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:4461 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0xB76116ED  Ack: 0xB602B411  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-17:00:42.167858 24.174.80.15:3400 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22207 IpLen:20 DgmLen:1496 DF
***A**** Seq: 0x5B3D1ED7  Ack: 0xF91AFDAE  Win: 0x4440  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-17:00:42.169203 24.174.80.15:3400 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:22208 IpLen:20 DgmLen:1496 DF
***A**** Seq: 0x5B3D2487  Ack: 0xF91AFDAE  Win: 0x4440  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-17:48:42.957428 65.214.36.115:45266 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:32519 IpLen:20 DgmLen:195 DF
***AP*** Seq: 0xFFBD27B5  Ack: 0xACD2749F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 216291880 1142213443 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:35:24.638803 24.214.98.64:2756 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:112
***AP*** Seq: 0x554A5F28  Ack: 0xBDDC4E4F  Win: 0x0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:35:25.061610 24.214.98.64:2788 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:44698 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5564CF1A  Ack: 0x5EF6F82B  Win: 0x16D0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:35:34.899918 24.214.98.64:3312 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:46241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5708BC45  Ack: 0x5F1FD3B7  Win: 0x16D0  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:36:14.775394 24.214.98.64:1613 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0x62BF0840  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:36:15.514936 24.214.98.64:1642 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:138
***AP*** Seq: 0x62E4E29D  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-18:36:16.726231 24.214.98.64:1668 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0x622FE8B7  Ack: 0x0  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/03-19:38:36.798373 64.210.196.198:36221 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:514 IpLen:20 DgmLen:219 DF
***AP*** Seq: 0xF29CE80E  Ack: 0x4D7AA816  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:25.956687 61.143.118.72:2159 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:64965 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x25D36311  Ack: 0x7F20FE25  Win: 0x4410  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:25.984902 61.143.118.72:2159 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:64966 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x25D368BD  Ack: 0x7F20FE25  Win: 0x4410  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.088909 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC467B  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-20:59:58.110065 24.209.39.246:2101 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x52AC4C2F  Ack: 0x80B7C4E7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.572739 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65165 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D35116  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/03-21:06:39.594753 24.209.39.246:1710 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:65166 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x79D356CA  Ack: 0x99241FFD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-00:03:27.689241 216.39.48.207:44629 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:50569 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xE185F990  Ack: 0x35C7DEC4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 25640258 1153731304 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:30.543338 24.209.105.156:4331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26805 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3DDE23CA  Ack: 0xE067EFF3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:32.859267 24.209.105.156:4417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27202 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3E285316  Ack: 0xE0BE7455  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:33.047326 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E2D0AF6  Ack: 0xE0A965FF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.672741 24.209.105.156:4531 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27796 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3E87D16A  Ack: 0xE0BA235F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:36.967702 24.209.105.156:4548 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27834 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E96C301  Ack: 0xE0CDC083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:37.251893 24.209.105.156:4554 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3E9C876C  Ack: 0xE0F6166B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:04:40.694698 24.209.105.156:4634 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28352 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3EE4165E  Ack: 0xE1BEC78C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:44.436077 24.209.105.156:4650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28912 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3EF17D8B  Ack: 0xE221AEBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:48.100957 24.209.105.156:4757 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29424 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3F4BC9F4  Ack: 0xE308F50C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:49.256114 24.209.105.156:4876 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29568 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FAFBD18  Ack: 0xE2722841  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.350302 24.209.105.156:4905 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29721 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FC89145  Ack: 0xE32EB63E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:50.827340 24.209.105.156:4918 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3FD4C053  Ack: 0xE297969E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:51.790702 24.209.105.156:4956 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29936 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3FF394E6  Ack: 0xE2DEEC9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.237698 24.209.105.156:4965 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29993 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3FFB718A  Ack: 0xE2995FBD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.483323 24.209.105.156:4978 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30031 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x40069EF2  Ack: 0xE33D96BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:04:52.615673 24.209.105.156:4982 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30060 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x400A46C6  Ack: 0xE2BC8F85  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:57:54.161462 24.99.37.186:3361 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24902 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x92742B5F  Ack: 0xAC0B2BDF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:57:54.848538 24.99.37.186:3384 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25003 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9286E301  Ack: 0xAC0AC82C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:04.216136 24.99.37.186:3709 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26408 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x939DD825  Ack: 0xACCA2615  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:04.347100 24.99.37.186:3713 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93A1C35B  Ack: 0xAC4E6552  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:13.735616 24.99.37.186:3996 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:27556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x94971147  Ack: 0xACF731C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:58:23.092889 24.99.37.186:4299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28705 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9596852B  Ack: 0xAD2F6CE1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-03:58:32.500164 24.99.37.186:4626 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30118 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96B057CA  Ack: 0xADD85F86  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:32.665524 24.99.37.186:4630 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30124 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x96B3719B  Ack: 0xADDE8E85  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:35.775949 24.99.37.186:4709 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30381 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96F81BF9  Ack: 0xAE703939  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:35.906136 24.99.37.186:4713 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30394 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FB0049  Ack: 0xAE52161F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:36.027122 24.99.37.186:4717 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:30411 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FE7ECA  Ack: 0xAE9C7FA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.443481 24.99.37.186:4939 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31157 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97C4F21F  Ack: 0xAEABE7D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.577356 24.99.37.186:4949 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31175 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x97CD2644  Ack: 0xAE897660  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.695409 24.99.37.186:4951 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31185 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97CF33C0  Ack: 0xAE5C21D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.827691 24.99.37.186:4961 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31214 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97D70B65  Ack: 0xAF1D843E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-03:58:45.970330 24.99.37.186:4963 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:31231 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97D8CD82  Ack: 0xAEB8D03F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.161969 24.209.105.156:3318 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39842 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x93D78D31  Ack: 0x9F7130F7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.423643 24.209.105.156:3322 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39888 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x93DB5A2D  Ack: 0x9FCD19FE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.652951 24.209.105.156:3331 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39933 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E358BD  Ack: 0x9F6DCAFF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:20.859016 24.209.105.156:3339 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39973 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93E94DB5  Ack: 0x9F5A1F1E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:21.107071 24.209.105.156:3346 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40014 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x93EF5E94  Ack: 0x9F463DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.657301 24.209.105.156:3659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41641 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94F83DF4  Ack: 0x9FB9CD67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:10:30.795342 24.209.105.156:3666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x94FEC3E4  Ack: 0xA07BA238  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:30.928126 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41703 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9504948F  Ack: 0xA026FEE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.038713 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41729 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9507C0E5  Ack: 0x9FB34EE4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.161857 24.209.105.156:3679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41758 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9509A6C2  Ack: 0xA0336DBD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:31.440678 24.209.105.156:3687 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41801 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x950FF526  Ack: 0x9FFA4670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.707992 24.209.105.156:3962 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95FB24A4  Ack: 0xA09F4DC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:40.890761 24.209.105.156:3967 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43271 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x95FFA285  Ack: 0xA0C9C19E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]