SnortSnarf alert page

Destination: 192.168.1.6: #2001-2100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:00:25.835135 on 05/05/2003
Latest: 13:30:36.780614 on 05/06/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:25.835135 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:7706 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA204D9EF  Ack: 0xB120F122  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:29.406004 24.209.39.246:2238 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA25AE5ED  Ack: 0xB1A40A87  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.036532 24.209.39.246:2251 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8266 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA265D886  Ack: 0xB1C18BD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.403158 24.209.39.246:2272 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8334 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA2777E4E  Ack: 0xB232C924  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:00:30.914714 24.209.39.246:2285 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:8416 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA28263B7  Ack: 0xB1B98B80  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:01:58.121908 24.209.39.246:4855 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20612 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAB23F68E  Ack: 0xB800AC01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:01.531467 24.209.39.246:4867 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21146 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAB2CEF69  Ack: 0xB78C9684  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:04.952476 24.209.39.246:4971 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:21580 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAB816012  Ack: 0xB8CA4A8B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:14.904827 24.209.39.246:1367 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22857 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xACBFFA23  Ack: 0xB8A60908  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:36.743774 24.209.39.246:2012 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26020 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEE8A511  Ack: 0xBA2FF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:37.245020 24.209.39.246:2035 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26114 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAEFB08F9  Ack: 0xBA199275  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-15:02:43.751192 24.209.39.246:2162 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27333 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF652A28  Ack: 0xBA53B874  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:44.274922 24.209.39.246:2309 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27398 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAFDFD930  Ack: 0xBABA3DCD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.245990 24.209.39.246:2427 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27980 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB0449B26  Ack: 0xBAB76D60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:48.637632 24.209.39.246:2440 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05079C0  Ack: 0xBB778611  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.044944 24.209.39.246:2456 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28101 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB05D8702  Ack: 0xBB0B1878  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.518553 24.209.39.246:2465 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28165 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB06583FC  Ack: 0xBAFE1843  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:49.960178 24.209.39.246:2477 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28236 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB07034E8  Ack: 0xBAEB4FE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.400684 24.209.39.246:2489 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28291 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB079B333  Ack: 0xBB53DF17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:50.701211 24.209.39.246:2500 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28343 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB083FB40  Ack: 0xBB2F67CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:02:51.177254 24.209.39.246:2508 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB08B5AAA  Ack: 0xBBA172C1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-15:45:41.848546 200.50.90.247:4055 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25815 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43CBB9F6  Ack: 0x5C119DAE  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:12:23.708479 24.209.196.254:2594 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15586 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60C16AD2  Ack: 0xC120C738  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:12:23.741721 24.209.196.254:2594 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15587 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60C17086  Ack: 0xC120C738  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-16:41:14.237664 129.142.34.137:1273 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:51996 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xCB34CF1F  Ack: 0x2F4683BE  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:56:19.400706 24.209.98.148:4397 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:26023 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1110C2BD  Ack: 0x682466F0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-16:56:19.412852 24.209.98.148:4397 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:26024 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1110C871  Ack: 0x682466F0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:02:46.954276 24.209.98.148:3172 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9718 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3597B0C4  Ack: 0x80120D66  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:02:46.962652 24.209.98.148:3172 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:9719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3597B678  Ack: 0x80120D66  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:26:25.019770 24.209.196.254:2102 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38498 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF56BE718  Ack: 0xD85CE42E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-17:26:25.067437 24.209.196.254:2102 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:38499 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF56BECCC  Ack: 0xD85CE42E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:41:57.966533 24.25.55.93:4222 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:46830 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAA13FEBA  Ack: 0xD94B3CAD  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:00.398291 24.25.55.93:4290 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47079 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAA4FE72B  Ack: 0xD993792A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:00.573030 24.25.55.93:4294 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47091 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAA5328DD  Ack: 0xD9E8B17C  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:03.739936 24.25.55.93:4394 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47457 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAAA4A00C  Ack: 0xD9DC20F8  Win: 0x44E8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:06.902659 24.25.55.93:4467 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:47873 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAAE8DB5A  Ack: 0xD9CA8ECE  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-19:42:10.144962 24.25.55.93:4477 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48240 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAAEF3BBA  Ack: 0xDAB5A617  Win: 0x44E8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-19:42:10.410059 24.25.55.93:4569 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48278 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAB35B352  Ack: 0xDACDB541  Win: 0x44E8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:10.647219 24.25.55.93:4579 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48328 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAB3DE048  Ack: 0xDAEC7607  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:10.995006 24.25.55.93:4590 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB477057  Ack: 0xDAE42BEB  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:11.232485 24.25.55.93:4597 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48391 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB4D465F  Ack: 0xDAABC37E  Win: 0x44E8  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:11.446342 24.25.55.93:4602 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48424 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB51E4D1  Ack: 0xDA08A587  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:14.994728 24.25.55.93:4722 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48908 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xABADE261  Ack: 0xDB29939F  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.176464 24.25.55.93:4731 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48934 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xABB4476B  Ack: 0xDAB741DD  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.352777 24.25.55.93:4738 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48952 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xABB8EEBA  Ack: 0xDAC1D9C0  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.507973 24.25.55.93:4748 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:48981 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xABBF1A52  Ack: 0xDB2FA6EC  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-19:42:15.697593 24.25.55.93:4760 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:49015 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xABC7833D  Ack: 0xDB22A092  Win: 0x44E8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-20:31:05.062022 24.209.196.254:4124 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32076 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x854D34AC  Ack: 0x933D12D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-20:31:05.081976 24.209.196.254:4124 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32077 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x854D3A60  Ack: 0x933D12D8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:21.003791 24.98.23.210:4012 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:4232 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB781230E  Ack: 0x1ED787CA  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:33.306165 24.98.23.210:4378 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5905 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB8BBC3E4  Ack: 0x1FFE2275  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:34.015639 24.98.23.210:4402 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6001 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8D22F5A  Ack: 0x20EDB237  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:34.669022 24.98.23.210:4415 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6084 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB8DF47D2  Ack: 0x202E91DC  Win: 0x44E8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:35.301132 24.98.23.210:4432 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6143 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB8EEE180  Ack: 0x202A9DE5  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-21:08:36.022852 24.98.23.210:4446 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6222 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8FB42EF  Ack: 0x2115246F  Win: 0x44E8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/05-21:08:36.619067 24.98.23.210:4462 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6308 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB9096788  Ack: 0x2025BDE6  Win: 0x44E8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:37.473316 24.98.23.210:4480 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6387 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB9194FD8  Ack: 0x20EC46CE  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:08:37.930155 24.98.23.210:4502 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB92E3E57  Ack: 0x20F15EC3  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:11.930620 24.98.23.210:3090 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18301 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC1E8B661  Ack: 0x26988DB2  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:12.249998 24.98.23.210:3171 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC23380F6  Ack: 0x262D20F5  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:12.725505 24.98.23.210:3182 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18413 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC23D2AB6  Ack: 0x2653ECD6  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:10:13.368049 24.98.23.210:3193 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18481 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC245AB57  Ack: 0x262DD449  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:51:02.581827 24.132.247.34:1691 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55069 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEF8C001  Ack: 0xBFFB7A5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/05-21:51:02.590562 24.132.247.34:1691 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55070 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFEF8C5B5  Ack: 0xBFFB7A5C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-00:45:00.926164 24.209.196.254:3191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44598 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2F68D5E  Ack: 0x51C83CBE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-00:45:00.954346 24.209.196.254:3191 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB2F69312  Ack: 0x51C83CBE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:31:56.228112 24.175.171.180:4530 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEC2C140F  Ack: 0xC90DD7BA  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:31:59.871250 24.175.171.180:4570 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC561455  Ack: 0xC92F1451  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:01.328305 24.175.171.180:4585 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:394 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC666061  Ack: 0xC9911903  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:04.665271 24.175.171.180:4596 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:631 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC709D3A  Ack: 0xC8D373C9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-03:32:05.360047 24.175.171.180:4641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:677 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC9E0FEE  Ack: 0xC9A31CCC  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-03:32:15.623039 24.175.171.180:4773 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1360 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xED24A4F6  Ack: 0xCA78539E  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:16.297894 24.175.171.180:4786 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1414 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xED32EB07  Ack: 0xCAA22E42  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:29.505346 24.175.171.180:4984 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:2361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEDC5675C  Ack: 0xCA47B00A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:39.841226 24.175.171.180:3177 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3180 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE77DED2  Ack: 0xCB69A9C9  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:40.500364 24.175.171.180:3194 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3254 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEE879DD8  Ack: 0xCB8A77C9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:53.585494 24.175.171.180:3349 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEF1D50C6  Ack: 0xCBD9B882  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:54.325686 24.175.171.180:3420 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4417 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEF5C426F  Ack: 0xCBF84647  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:55.239480 24.175.171.180:3436 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4499 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF6A84C5  Ack: 0xCC27CF4D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:55.548191 24.175.171.180:3452 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4552 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEF79EF2F  Ack: 0xCC756061  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-03:32:56.066640 24.175.171.180:3465 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4604 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF84522D  Ack: 0xCD03424B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-09:13:07.683412 24.132.66.239:3888 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57522 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB588EEA  Ack: 0xD19F6AE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-09:13:07.685868 24.132.66.239:3888 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:57523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB58949E  Ack: 0xD19F6AE3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:12:43.717676 24.132.247.34:2162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:63146 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD54F34E  Ack: 0x5A30C659  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:12:43.725764 24.132.247.34:2162 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:63147 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD54F902  Ack: 0x5A30C659  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:05.455927 24.161.112.40:4345 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17799 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7F68F51  Ack: 0x9CF1AEF8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:08.481695 24.161.112.40:4365 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18001 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x80E1C57  Ack: 0x9D48F104  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:13.161360 24.161.112.40:4438 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18318 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x859E9F4  Ack: 0x9CE4838E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:14.824522 24.161.112.40:4461 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18460 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8716510  Ack: 0x9D0E67CF  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:16.416300 24.161.112.40:4476 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18561 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8821647  Ack: 0x9D0CD6D4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-13:30:21.493958 24.161.112.40:4545 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18978 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8C7A4B3  Ack: 0x9E2293CF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-13:30:22.581907 24.161.112.40:4571 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19103 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8E22007  Ack: 0x9E15C712  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:32.039675 24.161.112.40:4740 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20231 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x987026F  Ack: 0x9E360A76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:32.203961 24.161.112.40:4742 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20246 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x98A063A  Ack: 0x9E297D32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:32.400523 24.161.112.40:4745 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20261 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x98CCC28  Ack: 0x9E4B78DF  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:35.995859 24.161.112.40:4802 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20644 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C23935  Ack: 0x9E5BE8CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.203692 24.161.112.40:4808 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20685 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9C7B628  Ack: 0x9E5A7326  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.389795 24.161.112.40:4814 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20718 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9CD0557  Ack: 0x9EA94F1B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.576012 24.161.112.40:4818 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9D0B46B  Ack: 0x9F30BB46  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-13:30:36.780614 24.161.112.40:4821 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20779 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9D3D6F8  Ack: 0x9EACB877  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]