SnortSnarf alert page

Destination: 192.168.1.6: #1601-1700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:42:20.126915 on 05/04/2003
Latest: 02:18:11.160549 on 05/05/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.126915 24.200.41.113:4775 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29053 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A13B759  Ack: 0x1090CB76  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.372103 24.200.41.113:4779 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29068 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A17F563  Ack: 0x1124F0F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.618033 24.200.41.113:4787 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6A1E4FD3  Ack: 0x11172D39  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:20.825247 24.200.41.113:4794 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29127 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6A245A03  Ack: 0x111AFC65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:21.022102 24.200.41.113:4797 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29143 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A27E0B3  Ack: 0x1100B3C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:21.219917 24.200.41.113:4801 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29157 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A2B97F4  Ack: 0x11459D5A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:42:21.448276 24.200.41.113:4806 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29189 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A301ACE  Ack: 0x114224EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:51:59.192676 24.80.9.168:3369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32335 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7F78A53  Ack: 0x3483CDF8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:51:59.241631 24.80.9.168:3369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32336 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7F79007  Ack: 0x3483CDF8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:07.597126 24.150.35.194:1318 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:48400 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCEE83309  Ack: 0x4FAB1EEC  Win: 0xC90  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:17.835895 24.150.35.194:1514 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49133 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCF9C801F  Ack: 0x50F044CF  Win: 0xC90  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:18.117357 24.150.35.194:1516 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49164 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCF9F3172  Ack: 0x50356E5D  Win: 0xC90  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:18.464403 24.150.35.194:1520 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49185 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCFA352D9  Ack: 0x50328B1E  Win: 0xC90  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:18.984051 24.150.35.194:1522 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49225 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCFA5BE36  Ack: 0x50ADE5D4  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:59:19.206523 24.150.35.194:1550 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49254 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCFBD003E  Ack: 0x50CFA2E7  Win: 0xC90  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-15:59:19.556604 24.150.35.194:1553 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49274 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCFC045DD  Ack: 0x509F88AF  Win: 0xC90  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:30.281616 24.150.35.194:1814 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50423 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD0A7735A  Ack: 0x519345C6  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:30.476651 24.150.35.194:1845 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50523 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0BEA2AE  Ack: 0x514527D0  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:33.791234 24.150.35.194:1929 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD108E8DE  Ack: 0x518E76BC  Win: 0xC90  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:34.067905 24.150.35.194:1935 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:50874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD10E0A62  Ack: 0x5133C368  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:37.843135 24.150.35.194:2014 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51086 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD15654A8  Ack: 0x51FADB6B  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:41.700196 24.150.35.194:2094 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51365 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD19FC995  Ack: 0x52588AFE  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:41.953927 24.150.35.194:2108 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1AC150E  Ack: 0x51E86C62  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:42.183041 24.150.35.194:2114 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51451 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD1B1CAE9  Ack: 0x520C6AD3  Win: 0xC90  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-15:59:42.402737 24.150.35.194:2121 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:51482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD1B8C26E  Ack: 0x523725FC  Win: 0xC90  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:11.284321 24.209.105.156:3248 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25679 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF70B8734  Ack: 0xAB62B2C6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:14.916325 24.209.105.156:3387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26215 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF77DD61D  Ack: 0xAB35A608  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:15.120110 24.209.105.156:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26241 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7854CD2  Ack: 0xAB6DF8F2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:28.358728 24.209.105.156:3660 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27632 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8707AE4  Ack: 0xAB77F4A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:32.260673 24.209.105.156:3872 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28094 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF924C06F  Ack: 0xAC330F36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:32.771035 24.209.105.156:3886 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28166 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF92F65BF  Ack: 0xAC9E0757  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-16:23:33.069169 24.209.105.156:3902 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28219 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF93DE2C7  Ack: 0xACAE263B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:33.380175 24.209.105.156:3922 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF94EB8F9  Ack: 0xAC8423F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:36.727808 24.209.105.156:4027 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28674 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9A5EE66  Ack: 0xACC4E996  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:40.252420 24.209.105.156:4130 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29112 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9FE0D86  Ack: 0xAC54E8DA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.104313 24.209.105.156:4274 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29682 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA758208  Ack: 0xAD0230DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:44.501453 24.209.105.156:4286 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29730 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA7F6443  Ack: 0xAD05E7AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:45.000178 24.209.105.156:4299 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29790 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFA89C227  Ack: 0xACDB94F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.549804 24.209.105.156:4382 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30125 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAD3C1FF  Ack: 0xAD7D0176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.664877 24.209.105.156:4396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30144 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFAE15A14  Ack: 0xAD0B98C4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-16:23:48.745764 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30156 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAE5A95D  Ack: 0xACE2AAC5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:34.223088 24.214.104.38:1545 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28288 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2D525EBF  Ack: 0x6907309A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:34.650045 24.214.104.38:1551 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28301 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2D57F60D  Ack: 0x690D57D5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:43.859540 24.214.104.38:1675 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28664 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DD50564  Ack: 0x696AAFA6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:44.152129 24.214.104.38:1681 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28687 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DD9A5FA  Ack: 0x69B10A78  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:44.497901 24.214.104.38:1686 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28710 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DDE6AEE  Ack: 0x699FF11C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-17:13:44.735489 24.214.104.38:1694 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28729 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2DE5F39F  Ack: 0x6A0E088C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-17:13:54.030322 24.214.104.38:1827 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29101 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2E6B2AF7  Ack: 0x6AE789A0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:54.263406 24.214.104.38:1831 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29111 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2E6F33D3  Ack: 0x69F2FADB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:13:54.531438 24.214.104.38:1834 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29126 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2E72A9F4  Ack: 0x6AB02A8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:03.778602 24.214.104.38:1946 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29430 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2EE79B4D  Ack: 0x6B72125C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.055788 24.214.104.38:1950 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2EEBBB76  Ack: 0x6B00C7B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.307754 24.214.104.38:1955 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29459 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2EF0A5CD  Ack: 0x6ACD73C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.662855 24.214.104.38:1963 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29475 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2EF86D6B  Ack: 0x6B0BD52B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:04.892071 24.214.104.38:1964 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29484 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2EFA3C24  Ack: 0x6AA33C67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:05.109533 24.214.104.38:1967 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29492 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2EFD3672  Ack: 0x6B5C9EC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-17:14:05.385229 24.214.104.38:1970 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29505 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2F0028E2  Ack: 0x6B630DE0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-18:07:48.149956 24.229.63.112:3605 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D3AECA7  Ack: 0x352A06D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-18:07:48.545623 24.229.63.112:3605 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:8307 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4D3AF25B  Ack: 0x352A06D4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:26.999656 24.209.105.156:4700 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39144 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x50929F3E  Ack: 0xBB0DDC12  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:36.962255 24.209.105.156:3011 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40581 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x51946D1C  Ack: 0xBB609480  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:40.197166 24.209.105.156:3150 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5206DFF6  Ack: 0xBB44CFDC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:43.985895 24.209.105.156:3303 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:41840 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5280C345  Ack: 0xBB76D722  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:53.958884 24.209.105.156:3594 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43188 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x537B0F6C  Ack: 0xBC1397BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.558751 24.209.105.156:3606 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43653 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53866BB6  Ack: 0xBBE228B2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-20:58:57.800117 24.209.105.156:3693 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x53D31F80  Ack: 0xBC9C9421  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.000920 24.209.105.156:3710 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43729 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x53E08C39  Ack: 0xBD13E865  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:58:58.591698 24.209.105.156:3733 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43821 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x53F3D184  Ack: 0xBCA4222B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:02.667071 24.209.105.156:3805 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x54350A54  Ack: 0xBCD0C5F1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:03.191129 24.209.105.156:3830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44315 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x544967CB  Ack: 0xBD5569B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.680931 24.209.105.156:3853 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x545BB650  Ack: 0xBD62C292  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:06.920514 24.209.105.156:3938 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44778 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x54A5E7BB  Ack: 0xBCD2B903  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.466988 24.209.105.156:3944 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44833 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54ABDE3D  Ack: 0xBCC9AB8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:07.979432 24.209.105.156:3959 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44905 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x54B918BC  Ack: 0xBD8782E1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-20:59:08.317951 24.209.105.156:3980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:44966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54CA63DC  Ack: 0xBD54D154  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:34.880955 24.44.2.165:2551 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24974 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4A38E656  Ack: 0x4BF4B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:35.260372 24.44.2.165:2553 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24987 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4A3BB1DC  Ack: 0x4B36DD3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:41.828769 24.44.2.165:2595 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25141 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4A683437  Ack: 0x4BBDACA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:45.131989 24.44.2.165:2672 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25233 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4AB793E1  Ack: 0x552113A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:48.430190 24.44.2.165:2711 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25317 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4AE0B68F  Ack: 0x54EB92C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-23:33:48.599652 24.44.2.165:2713 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25328 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4AE30531  Ack: 0x553C739  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/04-23:33:51.903641 24.44.2.165:2751 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25409 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4B0889D3  Ack: 0x5AD916F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.022261 24.44.2.165:2754 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25416 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4B0B542A  Ack: 0x5A8CF7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.135669 24.44.2.165:2757 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25426 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B0DF1F9  Ack: 0x600F236  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.304262 24.44.2.165:2759 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B10008D  Ack: 0x551D4FE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.461095 24.44.2.165:2761 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25445 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B11FCAE  Ack: 0x6096923  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.633397 24.44.2.165:2763 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25456 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B1475BD  Ack: 0x5E1F630  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:52.766617 24.44.2.165:2765 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25466 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B165F75  Ack: 0x5E11BA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:55.711064 24.44.2.165:2765 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25548 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B165F75  Ack: 0x5E11BA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.059348 24.44.2.165:2807 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25562 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B3FE8CF  Ack: 0x5D1EE02  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.168570 24.44.2.165:2810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25568 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B427F15  Ack: 0x60E1CC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/04-23:33:56.306356 24.44.2.165:2811 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25577 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B43D302  Ack: 0x64F2062  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-00:34:14.205249 24.239.142.141:2213 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31752 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37957A61  Ack: 0xE9403176  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-00:34:14.247447 24.239.142.141:2213 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37958015  Ack: 0xE9403176  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.255210 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8768D43  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:10:16.275891 24.209.39.246:4037 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB87692F7  Ack: 0x54683FA8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:16:45.752411 24.166.156.30:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:8775 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1AB393B  Ack: 0x6C88881E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:16:45.760079 24.166.156.30:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:8776 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1AB3EEF  Ack: 0x6C88881E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:08.038691 24.209.105.156:4086 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5750 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBD998CB0  Ack: 0x71F494E6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.160549 24.209.105.156:4170 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6031 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBDE0FB21  Ack: 0x727EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]