SnortSnarf alert page

Destination: 192.168.1.6: #1801-1900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 07:28:42.072960 on 05/05/2003
Latest: 11:24:20.898172 on 05/05/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:42.072960 24.243.144.13:2563 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57599 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18B1770E  Ack: 0x766B6D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:44.516903 24.243.144.13:2563 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59311 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18B1770E  Ack: 0x766B6D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:50.340597 24.243.144.13:2563 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63491 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18B1770E  Ack: 0x766B6D1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:56.590869 24.243.144.13:1575 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1602 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x217FC062  Ack: 0x8413DAA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:28:57.537290 24.243.144.13:1819 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2167 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x223659DC  Ack: 0x81F6A3F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:07.620306 24.243.144.13:3708 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8017 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x27D631B5  Ack: 0x8870430  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:09.244506 24.243.144.13:3915 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:8929 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x286C9B8F  Ack: 0x8DAB98C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:29:19.886612 24.243.144.13:2001 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:15421 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2E87D9A4  Ack: 0x9A08596  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-07:29:30.921076 24.243.144.13:4047 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:21595 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x34A21DCA  Ack: 0x9F3C812  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:32.621475 24.243.144.13:4436 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:22636 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x35C9539A  Ack: 0x9F4E9E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:34.312904 24.243.144.13:4757 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:23623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36BCC992  Ack: 0xA93100F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:44.988414 24.243.144.13:2895 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:30448 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CF549FD  Ack: 0xB7BC081  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:29:55.466169 24.243.144.13:1096 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:37340 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x436B347A  Ack: 0xC36956D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:06.337459 24.243.144.13:2837 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42779 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x489BDF1B  Ack: 0xC92B78B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:08.061226 24.243.144.13:3156 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43678 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x498FD272  Ack: 0xC137AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:10.541618 24.243.144.13:3156 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:45187 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x498FD272  Ack: 0xC137AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:13.135887 24.243.144.13:3940 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46228 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BE94016  Ack: 0xCC6D095  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:15.528882 24.243.144.13:3940 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BE94016  Ack: 0xCC6D095  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:21.530064 24.243.144.13:4786 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50515 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4E6EAF32  Ack: 0xD18C780  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-07:30:23.233776 24.243.144.13:1698 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51411 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5110FCEB  Ack: 0xCF0EDA7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.105921 24.209.39.246:2099 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60165 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE50FB1ED  Ack: 0x86CAB07D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.288944 24.209.39.246:2113 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60192 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE51B0D9E  Ack: 0x86947CA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:32.349642 24.209.39.246:2117 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:60211 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE51E354A  Ack: 0x8680C94C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.246869 24.209.39.246:2414 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61733 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE61C34EC  Ack: 0x878501D3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:45.305203 24.209.39.246:2538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61738 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE68337C8  Ack: 0x87824984  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.643368 24.209.39.246:2539 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62055 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE68462CE  Ack: 0x86F8CE25  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:02:48.713611 24.209.39.246:2629 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62061 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE6D0DC9F  Ack: 0x87C4DD98  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:48.800672 24.209.39.246:2631 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:62068 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE6D2B4B6  Ack: 0x875D7E83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.212047 24.209.39.246:2939 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D7AAB4  Ack: 0x8795C37A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:02:58.272725 24.209.39.246:2941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:63131 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE7D9917B  Ack: 0x87A95139  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.177700 24.209.39.246:3212 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64614 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE8C2F8D4  Ack: 0x88CE6887  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.283944 24.209.39.246:3343 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64631 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9306BF3  Ack: 0x89029D10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.372387 24.209.39.246:3346 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64646 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE932C8D9  Ack: 0x893C8243  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.449487 24.209.39.246:3348 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64654 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE934F7DC  Ack: 0x892A4FCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:11.546163 24.209.39.246:3352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE938A1ED  Ack: 0x89241177  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:03:20.821223 24.209.39.246:3605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:35 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA13274D  Ack: 0x8962B58F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:47.414750 24.209.39.246:2666 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34804 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCF54BD8  Ack: 0x48ADFD7C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:53:57.477624 24.209.39.246:2975 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:36488 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDFE5142  Ack: 0x49DF1F89  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:01.271444 24.209.39.246:3063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:37053 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4D5C9C  Ack: 0x49CE396B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:11.509996 24.209.39.246:3360 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38741 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF4B2043  Ack: 0x4A7799B7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:12.300183 24.209.39.246:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF60A19E  Ack: 0x4A0999E7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:22.595079 24.209.39.246:3698 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40586 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1069F334  Ack: 0x4A765963  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-08:54:23.196773 24.209.39.246:3717 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:40684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x107AE9A5  Ack: 0x4B3D23AD  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:33.420540 24.209.39.246:3993 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42229 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x116642DE  Ack: 0x4CC4FDDF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:37.666100 24.209.39.246:4111 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42899 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11D081F4  Ack: 0x4CEC8330  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.318080 24.209.39.246:4127 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11DED384  Ack: 0x4C682404  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:38.953085 24.209.39.246:4146 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43125 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x11EF78F3  Ack: 0x4D0225FA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:39.544850 24.209.39.246:4165 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43220 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x120089DD  Ack: 0x4CAC441F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.148092 24.209.39.246:4181 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x120DAB74  Ack: 0x4CAA1345  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:40.693607 24.209.39.246:4193 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43419 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1218C173  Ack: 0x4CCBEF73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:41.267671 24.209.39.246:4216 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43515 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x122A296A  Ack: 0x4D2AD406  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-08:54:45.362729 24.209.39.246:4324 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44151 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12882298  Ack: 0x4D021340  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:22:36.013963 200.67.24.138:1301 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:48070 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x8FEA3821  Ack: 0x983F29E7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:22:36.066925 200.67.24.138:1301 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:48071 IpLen:20 DgmLen:1492 DF
***A**** Seq: 0x8FEA3DCD  Ack: 0x983F29E7  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:45:51.268499 24.209.39.246:1327 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:980 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA25C5F58  Ack: 0xEFDE6431  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.642160 24.209.39.246:1606 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1986 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA34A489A  Ack: 0xF0800BB2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.741722 24.209.39.246:1611 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2008 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA34E57A4  Ack: 0xEFEA55BA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.820830 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2029 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA353400D  Ack: 0xF01C0764  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:00.901545 24.209.39.246:1620 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2039 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3558C58  Ack: 0xF0682BD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:00.978956 24.209.39.246:1622 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2047 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA357C688  Ack: 0xF0476B95  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:46:04.062914 24.209.39.246:1704 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2337 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA39B19BD  Ack: 0xF069BAEC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.181548 24.209.39.246:1705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2356 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA39C0789  Ack: 0xF018C80D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:04.257962 24.209.39.246:1712 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:2366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA3A22C83  Ack: 0xF0C61006  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.633137 24.209.39.246:1957 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47893F0  Ack: 0xF104651F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:13.758995 24.209.39.246:1964 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3526 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA47DD442  Ack: 0xF11EEDCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.610690 24.209.39.246:2078 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4E00924  Ack: 0xF1629106  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.717550 24.209.39.246:2226 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4617 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA55C6035  Ack: 0xF3011E50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.779815 24.209.39.246:2231 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4627 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA560846B  Ack: 0xF274DDF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.852971 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4645 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5660791  Ack: 0xF260A334  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:46:20.952956 24.209.39.246:2240 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4661 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA567D3B4  Ack: 0xF2FC6E86  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:09.571639 24.209.105.156:4016 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5853 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA4DCEEE3  Ack: 0xFCE997B6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.205921 24.209.105.156:4313 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7562 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA5DD4FF8  Ack: 0xFCE77C77  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:19.306470 24.209.105.156:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:7586 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA5E05AF5  Ack: 0xFD1DFDF6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.238016 24.209.105.156:4424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8147 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA63E384B  Ack: 0xFDC7A134  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:23.374401 24.209.105.156:4434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:8180 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA645F9CB  Ack: 0xFD2538E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:33.239293 24.209.105.156:4688 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:9308 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA721D58F  Ack: 0xFE5AC83B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-10:49:40.538864 24.209.105.156:4799 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:10248 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA7816C5B  Ack: 0xFE1F26BE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.460723 24.209.105.156:3198 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12017 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA8CEA269  Ack: 0xFEAE03F4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:53.770124 24.209.105.156:3308 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12048 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9275481  Ack: 0xFEDFFE8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:54.224527 24.209.105.156:3316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12099 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA92EA044  Ack: 0xFF079388  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:49:55.055355 24.209.105.156:3344 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:12208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9467B42  Ack: 0xFF38A8E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:04.763070 24.209.105.156:3640 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAA443C02  Ack: 0xFFE20D2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.014207 24.209.105.156:3650 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13655 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA4BCB7E  Ack: 0xFFD3F765  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.450824 24.209.105.156:3657 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13708 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA51D032  Ack: 0x501685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:05.937731 24.209.105.156:3670 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13771 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA5CFF98  Ack: 0x2E30AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-10:50:06.179624 24.209.105.156:3686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:13820 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA6A01A6  Ack: 0x863C0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:41.050697 24.209.39.246:3151 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:4401 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7F3E5114  Ack: 0x7EA49A3E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:50.691000 24.209.39.246:3450 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5798 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x803E8247  Ack: 0x7F692E6F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.438235 24.209.39.246:3538 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6333 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x808C87A9  Ack: 0x8016789D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.644183 24.209.39.246:3544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6369 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x80905D1B  Ack: 0x7FC3EF44  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:54.773017 24.209.39.246:3554 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6388 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8099188A  Ack: 0x7FFFF8E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:54.891451 24.209.39.246:3558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6408 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809C64A5  Ack: 0x7FEE0E54  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-11:23:55.017231 24.209.39.246:3561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6426 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x809F623F  Ack: 0x8034E782  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:55.091450 24.209.39.246:3563 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6437 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x80A11A12  Ack: 0x80446A7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.538100 24.209.39.246:3634 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E41C86  Ack: 0x803BB5FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:23:58.755424 24.209.39.246:3639 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6797 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x80E9529B  Ack: 0x8089FECA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:08.221245 24.209.39.246:3892 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8114 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x81C91635  Ack: 0x80BA816E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.473000 24.209.39.246:4149 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9374 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82AC3DAD  Ack: 0x80F68F79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:17.877670 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9408 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-11:24:20.898172 24.209.39.246:4159 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:9802 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82B5418E  Ack: 0x81959FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]