SnortSnarf alert page

Destination: 192.168.1.6: #1501-1600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 06:10:44.090620 on 05/04/2003
Latest: 15:42:19.893341 on 05/04/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.090620 24.209.105.156:4073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43790 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9656278C  Ack: 0xA0BA7010  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.193817 24.209.105.156:4080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43814 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x965B79F3  Ack: 0xA0A026F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:10:44.378402 24.209.105.156:4083 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x965EBE7B  Ack: 0xA09692DE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:36.265979 24.209.105.156:4422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47473 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5EB09D8F  Ack: 0x20E314A3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.857158 24.209.105.156:4610 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5F5519E7  Ack: 0x21414FCA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:39.959651 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47845 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F56F490  Ack: 0x21D6185E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.057753 24.209.105.156:4617 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5F5B6B02  Ack: 0x21845C1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:44:40.138220 24.209.105.156:4621 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F5EBCFA  Ack: 0x21C083EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:44:49.952193 24.209.105.156:4881 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48850 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x603D71FE  Ack: 0x226917D7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-06:45:11.736843 24.209.105.156:3506 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:51259 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x62484886  Ack: 0x2372F86F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:21.772044 24.209.105.156:3736 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52117 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x63157F11  Ack: 0x237784AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.043574 24.209.105.156:3751 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52167 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63221BB1  Ack: 0x236FC67A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.190300 24.209.105.156:3759 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52191 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63297D89  Ack: 0x23F4290A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.421607 24.209.105.156:3764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x632DD294  Ack: 0x2430C2BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:22.693351 24.209.105.156:3769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52253 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x63328122  Ack: 0x2402EAAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.153827 24.209.105.156:3780 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52302 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x633BCBA2  Ack: 0x243CBF52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.476152 24.209.105.156:3797 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52350 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6349C010  Ack: 0x2431F69A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:23.924031 24.209.105.156:3807 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52399 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6351F635  Ack: 0x23C5DE51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-06:45:34.152530 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64532422  Ack: 0x2436265E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.821977 24.209.105.156:4458 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10674 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x34705DD6  Ack: 0x2625341B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:17.966910 24.209.105.156:4462 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10689 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3474285C  Ack: 0x26216A5C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.079617 24.209.105.156:4469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10702 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3479F123  Ack: 0x260166C3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.191794 24.209.105.156:4475 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10719 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x347E9BD3  Ack: 0x25F46DF3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:18.286749 24.209.105.156:4477 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10731 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x348067EB  Ack: 0x25FBC3E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.377285 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34815343  Ack: 0x26CA356F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:09:18.467416 24.209.105.156:4483 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10763 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34854B96  Ack: 0x268C772A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.809620 24.209.105.156:4764 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11809 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3573ECA7  Ack: 0x26BBE6C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.916272 24.209.105.156:4768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11820 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x35770064  Ack: 0x26F26C2A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:27.998623 24.209.105.156:4769 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11834 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3577C60E  Ack: 0x27387EC5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:37.637674 24.209.105.156:3009 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36474998  Ack: 0x28090F02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:46.957736 24.209.105.156:3299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13681 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x373B6F59  Ack: 0x285D819C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:50.191527 24.209.105.156:3410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14148 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3795D838  Ack: 0x27DFF2CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.330501 24.209.105.156:3529 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14580 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37F90A33  Ack: 0x28DC8949  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.536097 24.209.105.156:3533 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14610 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x37FC0A36  Ack: 0x283A23BF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-10:09:53.642312 24.209.105.156:3539 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38014859  Ack: 0x2891490F  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-10:37:08.472124 12.148.209.198:65502 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:55797 IpLen:20 DgmLen:256 DF
***AP*** Seq: 0x67DB17F3  Ack: 0x8F36C3C1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 224399758 1173204446 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.299968 24.209.105.156:3495 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38013 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x75EA4D16  Ack: 0xF29FA6EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:26.816518 24.209.105.156:3509 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38082 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75F68EAC  Ack: 0xF30FE75C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:36.642490 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39724 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x771A8F1A  Ack: 0xF34753D8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.490767 24.209.105.156:4120 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41085 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77FC9000  Ack: 0xF463AFB8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:03:46.748806 24.209.105.156:4133 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x780745B8  Ack: 0xF42E4967  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:47.026630 24.209.105.156:4147 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41185 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78113D0D  Ack: 0xF4993944  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:03:56.862290 24.209.105.156:4403 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42404 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x78EE4209  Ack: 0xF4B24016  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.275468 24.209.105.156:4415 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42850 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x78F8B7F8  Ack: 0xF4EC6B95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:00.768038 24.209.105.156:4513 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42920 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x794F1E1C  Ack: 0xF519C419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.310561 24.209.105.156:4525 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x795A1D63  Ack: 0xF4F8D6D4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:01.643211 24.209.105.156:4545 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43050 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x796A9B07  Ack: 0xF579B0C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:11.540043 24.209.105.156:4841 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A67B170  Ack: 0xF605ECC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.032623 24.209.105.156:4855 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A744811  Ack: 0xF6242BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:12.563425 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44618 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A816C21  Ack: 0xF56C917B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.012606 24.209.105.156:4885 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44675 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A8E3C0A  Ack: 0xF5B9D76B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:04:13.528783 24.209.105.156:4899 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A9B1E63  Ack: 0xF63AAD99  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:26.592821 24.209.105.156:4871 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:55680 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDDC08037  Ack: 0x32B88BD0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.093174 24.209.105.156:3166 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57288 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDEBA5242  Ack: 0x33147C02  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:40.601792 24.209.105.156:3270 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:57342 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF0EC020  Ack: 0x335B81F8  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:50.648310 24.209.105.156:3611 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58735 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE02C330A  Ack: 0x345AC442  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.168597 24.209.105.156:3631 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE03F4AE1  Ack: 0x34D73CE1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.478711 24.209.105.156:3652 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58865 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE04E2017  Ack: 0x343B2A87  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-11:20:51.742320 24.209.105.156:3663 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58918 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE0580A48  Ack: 0x34DA104C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-11:20:51.987478 24.209.105.156:3673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:58970 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE060207C  Ack: 0x34B943FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:03:57.440185 24.209.105.156:3832 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43811 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4DDFED5F  Ack: 0xB92004B2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:06.937495 24.209.105.156:4159 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:45159 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4EF0815A  Ack: 0xB95D52F2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:16.695500 24.209.105.156:4488 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46545 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5001B977  Ack: 0xBAABE9F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.171437 24.209.105.156:4783 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47718 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x50F99789  Ack: 0xBB60ED3A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:26.278297 24.209.105.156:4786 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47736 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50FCE742  Ack: 0xBAAA067F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.691926 24.209.105.156:3055 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48793 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DAAB17  Ack: 0xBCC80887  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-13:04:35.990035 24.209.105.156:3061 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48826 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51DFB87F  Ack: 0xBCCD4B52  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.392142 24.209.105.156:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48856 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51E47036  Ack: 0xBC5CD3A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:36.891076 24.209.105.156:3080 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51EDD580  Ack: 0xBCBB3541  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.773121 24.209.105.156:3336 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49922 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52C83DF3  Ack: 0xBD75A498  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:46.930670 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49958 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D00F72  Ack: 0xBDAC50A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:47.119447 24.209.105.156:3352 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x52D5E987  Ack: 0xBD76BCAD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.652811 24.209.105.156:3501 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50559 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x534A8AB9  Ack: 0xBD718FC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.720708 24.209.105.156:3505 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50573 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x534DCC9C  Ack: 0xBD5C93D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:50.983138 24.209.105.156:3510 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50606 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5351BDEC  Ack: 0xBD031976  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-13:04:54.170050 24.209.105.156:3598 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x53A0CC72  Ack: 0xBDC3693D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:03.122399 24.209.105.156:4597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14991 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB858A3BB  Ack: 0xE5376045  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:13.685928 24.209.105.156:4941 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16586 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB97C12F7  Ack: 0xE68C3F1E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:14.211316 24.209.105.156:4949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:16653 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB9837D9E  Ack: 0xE5AC1FD4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:17.880696 24.209.105.156:4964 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17214 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB990AE74  Ack: 0xE6A7F1D7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:18.354709 24.209.105.156:3073 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17281 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EA5B0A  Ack: 0xE6AEA477  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:18.709223 24.209.105.156:3091 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:17342 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB9F9DF94  Ack: 0xE5F3EB12  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:31:40.339199 24.209.105.156:3718 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20474 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC0F651A  Ack: 0xE803011E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:40.648523 24.209.105.156:3726 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20529 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC16B00D  Ack: 0xE7D2A6CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:54.854595 24.209.105.156:4030 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22530 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD193D6F  Ack: 0xE83C823C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.163416 24.209.105.156:4162 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22586 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8D9195  Ack: 0xE9AF1BCF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:55.618031 24.209.105.156:4168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22648 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD933987  Ack: 0xE9BE8885  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:31:56.079696 24.209.105.156:4178 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22713 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD9CFDD3  Ack: 0xE9ECA86B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.100134 24.209.105.156:4292 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23246 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBDFC210A  Ack: 0xE9A83299  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.590077 24.209.105.156:4301 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBE0448DC  Ack: 0xEA2DF2F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:32:00.980304 24.209.105.156:4312 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23369 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBE0EF9E0  Ack: 0xE97AB13B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:09.230370 24.200.41.113:4596 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28438 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x69664359  Ack: 0x105AD181  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:12.166875 24.200.41.113:4633 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28565 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x698DE788  Ack: 0x100C99CA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:15.347171 24.200.41.113:4684 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28729 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69BF2868  Ack: 0x10B23295  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:15.580276 24.200.41.113:4690 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28756 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69C51A3C  Ack: 0x10C5C310  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:19.018026 24.200.41.113:4754 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A005358  Ack: 0x10F23430  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:42:19.210626 24.200.41.113:4760 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28986 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A06086D  Ack: 0x10B2E54E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:42:19.420670 24.200.41.113:4762 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:28998 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6A085662  Ack: 0x10B2E568  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:19.664487 24.200.41.113:4764 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29020 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6A0ABC98  Ack: 0x10D7EAD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:19.893341 24.200.41.113:4768 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29031 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A0E734D  Ack: 0x111D0418  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]