SnortSnarf alert page

Destination: 192.168.1.6: #1701-1800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 02:18:11.250352 on 05/05/2003
Latest: 07:25:46.663905 on 05/05/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:11.250352 24.209.105.156:4175 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:6048 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBDE53AA8  Ack: 0x72B62D90  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:20.669223 24.209.105.156:4478 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBEE23A1E  Ack: 0x7368F28C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:24.630828 24.209.105.156:4503 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7570 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBEF68674  Ack: 0x72B7DADB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:24.759519 24.209.105.156:4612 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7590 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBF5289DF  Ack: 0x739265B1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:18:37.780751 24.209.105.156:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8686 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xC045DF30  Ack: 0x743E2B74  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:37.914298 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8702 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xC096F10A  Ack: 0x73DE69D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:38.022328 24.209.105.156:4992 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8719 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC09939DF  Ack: 0x73E953FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.392513 24.209.105.156:3242 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17200B1  Ack: 0x75054B10  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.486776 24.209.105.156:3246 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9668 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17565ED  Ack: 0x7518DC27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.601557 24.209.105.156:3253 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC17B0EE9  Ack: 0x74E1D6C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:47.722309 24.209.105.156:3258 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9700 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC17FC092  Ack: 0x74B23626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.019259 24.209.105.156:3263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1841355  Ack: 0x752EC7CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:18:51.130656 24.209.105.156:3345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10005 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC1CA3C60  Ack: 0x752A97F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:19:00.472173 24.209.105.156:3677 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11183 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2D74C99  Ack: 0x75A2B101  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.450371 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB72CDC  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:22:28.474117 24.209.39.246:1222 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:58087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEB73290  Ack: 0x81EAD9F8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:10.480227 24.171.142.32:2547 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23547 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2EE9892  Ack: 0xAF04F23B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:10.974476 24.171.142.32:2563 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23588 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2FC94F3  Ack: 0xAEA2C7B4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:11.310141 24.171.142.32:2578 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:23619 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3083A9C  Ack: 0xAE936B34  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:20.699905 24.171.142.32:2957 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24578 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43ED406  Ack: 0xAF2EE52D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:21.030763 24.171.142.32:2971 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24621 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44A23F9  Ack: 0xAF8FBA7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:34:21.388745 24.171.142.32:2986 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24669 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4568F3A  Ack: 0xAEED44CE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-02:34:21.858001 24.171.142.32:3006 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24737 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x466E5F2  Ack: 0xAFA1069F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:22.240090 24.171.142.32:3023 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24791 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4743311  Ack: 0xAF003EB2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:22.777320 24.171.142.32:3052 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:24871 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x48BE37A  Ack: 0xAF1C485F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:25.990664 24.171.142.32:3069 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25297 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x49A7422  Ack: 0xAFDF8AFB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:26.375979 24.171.142.32:3221 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:25321 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x51354A9  Ack: 0xAFED2BE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:35.860137 24.171.142.32:3618 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65A7896  Ack: 0xB08E7417  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:36.207438 24.171.142.32:3639 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26395 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x66A055F  Ack: 0xAFFFA10C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:36.520765 24.171.142.32:3650 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67156F2  Ack: 0xAFE7E40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:39.492478 24.171.142.32:3650 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26696 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x67156F2  Ack: 0xAFE7E40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:39.879839 24.171.142.32:3781 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26744 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6DF4CF8  Ack: 0xB0F56022  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:34:40.260248 24.171.142.32:3794 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:26791 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6EB3131  Ack: 0xB08C51A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:49:47.817072 24.239.159.159:3647 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3829 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F5758B6  Ack: 0xE9695F9A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-02:49:47.827608 24.239.159.159:3647 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3830 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8F575E6A  Ack: 0xE9695F9A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:25.761551 24.209.105.156:3295 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:32952 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xC997AA90  Ack: 0xB7B22741  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.728826 24.209.105.156:3587 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34014 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCA913E84  Ack: 0xB8E78F67  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.824643 24.209.105.156:3691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34030 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE2DFB1  Ack: 0xB8B87BE4  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:38.923511 24.209.105.156:3696 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34046 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCAE6DF77  Ack: 0xB93C9CEB  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:44:39.031894 24.209.105.156:3698 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34058 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCAE89B7D  Ack: 0xB8FAEDF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:48.395788 24.209.105.156:3985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34899 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCBD7D6F9  Ack: 0xB9AC0B88  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:44:57.698400 24.209.105.156:4288 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35823 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCCD3E1C0  Ack: 0xBA52CF05  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.306152 24.209.105.156:4386 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36048 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCD23A3C5  Ack: 0xBA6D3032  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.385207 24.209.105.156:4387 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36058 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD249205  Ack: 0xBA7F4A0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:01.461414 24.209.105.156:4388 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD25130C  Ack: 0xB9DA5C00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.227240 24.209.105.156:4401 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCD31199B  Ack: 0xBAA69065  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:06.336767 24.209.105.156:4557 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCDB364B2  Ack: 0xBA956B38  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.418177 24.209.105.156:4666 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36929 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xCE0ACF7F  Ack: 0xBAEDBB2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:09.484108 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:36939 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:12.726705 24.209.105.156:4670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37238 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCE0E4D60  Ack: 0xBA83BB45  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:18.594376 24.209.105.156:4952 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37711 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xCEFB7F6F  Ack: 0xBB9DBCED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:45:27.980702 24.209.105.156:3359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39103 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0430FB2  Ack: 0xBBFE4E73  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.771399 24.209.105.156:4494 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22543 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1F255C9  Ack: 0xDC7BA09B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.850751 24.209.105.156:4496 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22551 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1F43E65  Ack: 0xDBC2C992  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:53:53.940196 24.209.105.156:4498 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22566 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1F5A79A  Ack: 0xDC3C8F3D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:06.911995 24.209.105.156:4756 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23693 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2D28B44  Ack: 0xDC3FA9ED  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:16.200125 24.209.105.156:3137 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24682 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x40F54C3  Ack: 0xDCDE1DB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:25.890939 24.209.105.156:3451 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25769 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5185DDB  Ack: 0xDDFCBF89  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-03:54:26.018199 24.209.105.156:3455 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x51B2BC0  Ack: 0xDD785420  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.118898 24.209.105.156:3460 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25811 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x51F8770  Ack: 0xDDB709F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:26.222819 24.209.105.156:3470 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25833 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5263BFD  Ack: 0xDE132678  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.548796 24.209.105.156:3809 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x640922C  Ack: 0xDE13BF14  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.645778 24.209.105.156:3812 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x64380BF  Ack: 0xDE6A7408  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.762439 24.209.105.156:3813 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27238 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x644D9A6  Ack: 0xDE895085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.866852 24.209.105.156:3817 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27258 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6480945  Ack: 0xDE9F2B86  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:35.967204 24.209.105.156:3822 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27278 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64C5D21  Ack: 0xDEB131A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:36.037599 24.209.105.156:3826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27294 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x64ED4FC  Ack: 0xDEA71083  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-03:54:39.381518 24.209.105.156:3949 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27721 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6AFEEF4  Ack: 0xDE82176A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.588659 24.209.105.156:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47341 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x64221DA7  Ack: 0xFBF2A3BC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:56.851098 24.209.105.156:4252 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47386 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x642F3923  Ack: 0xFC32BD66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.163092 24.209.105.156:4259 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47426 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6435AF63  Ack: 0xFBFB3AE2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:57.410159 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x643CD46E  Ack: 0xFC276AB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:17:58.354123 24.209.105.156:4289 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47566 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x644F8E4F  Ack: 0xFC2F5597  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:11.812153 24.209.105.156:4575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49030 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6541689F  Ack: 0xFD7B7FD0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-06:18:21.137712 24.209.105.156:4951 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50065 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x668232BA  Ack: 0xFD4CC0EE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.528101 24.209.105.156:4961 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x668AF36C  Ack: 0xFE0CA105  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:21.799465 24.209.105.156:4973 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50141 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669587A8  Ack: 0xFD604C22  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.034566 24.209.105.156:4979 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50179 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x669AD08C  Ack: 0xFDD03B61  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.274106 24.209.105.156:4989 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50206 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A325EF  Ack: 0xFE1282C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:22.814956 24.209.105.156:4994 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50265 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A86385  Ack: 0xFD9D443D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.289863 24.209.105.156:3013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50323 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x66B6DC8F  Ack: 0xFDE260B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:23.784087 24.209.105.156:3023 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66BE460B  Ack: 0xFDADE307  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.305282 24.209.105.156:3034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50426 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x66C92254  Ack: 0xFE2E063B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-06:18:24.810547 24.209.105.156:3049 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:50493 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66D6EA82  Ack: 0xFE31B5C7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.205804 24.209.105.156:3440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8593 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF4C789D5  Ack: 0xF9D4EED1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.400271 24.209.105.156:3558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8614 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF528343E  Ack: 0xF9ED54AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.493081 24.209.105.156:3559 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8627 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF529868B  Ack: 0xFA7E542E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.585174 24.209.105.156:3564 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8640 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF52E01D8  Ack: 0xFA09E5FC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:17.681608 24.209.105.156:3567 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8660 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF530502D  Ack: 0xFA3D3830  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.789030 24.209.105.156:3572 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5346702  Ack: 0xFA34B1ED  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:25:17.882886 24.209.105.156:3575 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8690 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF5367FB0  Ack: 0xFA6F3B5F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:18.001646 24.209.105.156:3580 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8705 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF53A52A7  Ack: 0xFA524F35  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:27.300734 24.209.105.156:3917 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9777 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF650F1EA  Ack: 0xFABB1806  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.751644 24.209.105.156:4254 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10850 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7699477  Ack: 0xFB80BE76  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:36.865878 24.209.105.156:4257 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF76C82CC  Ack: 0xFB5B795C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.015685 24.209.105.156:4263 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF7709A60  Ack: 0xFBCB9263  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.100871 24.209.105.156:4264 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10888 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF771EA3C  Ack: 0xFB57B7A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.173655 24.209.105.156:4266 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10893 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF7737AA7  Ack: 0xFB0E9C28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:37.268913 24.209.105.156:4267 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10902 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF7749B0C  Ack: 0xFB3012A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:25:46.663905 24.209.105.156:4530 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:11639 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF8536013  Ack: 0xFB886E13  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]