SnortSnarf alert page

Destination: 192.168.1.6: #201-300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:13:30.330130 on 04/22/2003
Latest: 00:47:16.738663 on 04/23/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:13:30.330130 216.39.48.4:39601 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:36524 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4D70EEA4  Ack: 0x899A6DA0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70541334 652522764 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:23:06.000420 216.39.48.64:58186 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58226 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x738A10BF  Ack: 0xAE5DEDC5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371258331 652817606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:26:46.793703 216.39.48.64:44398 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43420 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x80A5E3A0  Ack: 0xBBDC1339  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371280405 652930674 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:31:06.562443 66.196.65.24:35113 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:42797 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5B694660  Ack: 0xCC650FE0  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:33:55.360222 216.39.48.13:38182 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34315 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9BA683B7  Ack: 0xD6829168  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371328462 653150181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:46:56.883335 24.209.184.90:4976 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37645 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB85ADE7  Ack: 0x97647E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:46:56.901648 24.209.184.90:4976 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37646 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAB85B39B  Ack: 0x97647E0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-16:51:00.716894 209.237.238.158:2181 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:10211 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x2BCC5084  Ack: 0x17E4A8BE  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 631348573 653675344 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:51:41.616906 24.209.203.150:3400 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:59069 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0485C26  Ack: 0x1AD72A18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-16:51:41.653107 24.209.203.150:3400 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:59070 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC04861DA  Ack: 0x1AD72A18  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:27.110047 24.166.119.88:4711 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:59357 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x95CC79E9  Ack: 0x610E2DCB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:30.008864 24.166.119.88:4711 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:59757 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x95CC79E9  Ack: 0x610E2DCB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:31.640088 24.166.119.88:4881 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:59975 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9631B885  Ack: 0x614D2473  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:34.416211 24.166.119.88:4881 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60385 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9631B885  Ack: 0x614D2473  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:40.236902 24.166.119.88:1105 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61165 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x96AAE47E  Ack: 0x61A7F760  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:42.483298 24.166.119.88:1250 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:61500 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x972A0DAB  Ack: 0x61D42A39  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:10:47.900496 24.166.119.88:1391 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62250 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97A3541B  Ack: 0x624942AF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:10:53.061106 24.166.119.88:1530 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:63013 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x981F2A35  Ack: 0x633C1F98  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:11:01.494021 24.166.119.88:1658 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:64144 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x98900F25  Ack: 0x63B59957  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:03.727724 24.166.119.88:1798 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:64467 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9909F8AC  Ack: 0x63E18D67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:05.984677 24.166.119.88:1860 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:64769 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x993E23A1  Ack: 0x640D527C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:08.149118 24.166.119.88:1917 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:65078 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x996FBE5A  Ack: 0x640FAF7C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:13.857077 24.166.119.88:2053 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E78BB8  Ack: 0x6418E411  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:16.659155 24.166.119.88:2053 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:639 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E78BB8  Ack: 0x6418E411  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1394:3] SHELLCODE x86 NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/22-17:11:18.406820 206.252.192.18:65354 -> 192.168.1.6:54732
TCP TTL:52 TOS:0x0 ID:22330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9B29AA3C  Ack: 0x5F3FA68F  Win: 0x21F0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1795337102 654299046

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:25.620384 24.166.119.88:2329 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:1698 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9ADFD8EE  Ack: 0x651BBA68  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:28.286069 24.166.119.88:2397 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2002 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9B1AC410  Ack: 0x64891FFA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:31.413942 24.166.119.88:2466 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2355 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B597242  Ack: 0x64FCF676  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:34.545525 24.166.119.88:2539 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2733 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9B9A4372  Ack: 0x656422A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:11:37.184371 24.166.119.88:2618 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:3052 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9BDB7D6A  Ack: 0x65F7E03B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:15:36.078292 24.209.203.150:1916 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EB36326  Ack: 0x75305B8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:15:36.110417 24.209.203.150:1916 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4EB368DA  Ack: 0x75305B8E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:21:05.162131 24.209.37.151:3296 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA992A6E  Ack: 0x89C2C579  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:21:05.181395 24.209.37.151:3296 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:60198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA993022  Ack: 0x89C2C579  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:27:00.625900 24.209.184.90:2102 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7AF1E552  Ack: 0x9F3CEE2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:27:00.630619 24.209.184.90:2102 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23898 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7AF1EB06  Ack: 0x9F3CEE2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:31:05.011256 81.57.79.96:3875 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:53836 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1FB184E  Ack: 0xAF4CFB6B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-17:31:05.045244 81.57.79.96:3875 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:53837 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1FB1E02  Ack: 0xAF4CFB6B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:31:06.048236 216.39.48.94:43514 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:5934 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x73D52907  Ack: 0xAF6904BF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371670585 654907277 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:32:32.423789 66.196.65.24:57596 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:58118 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD13E1C83  Ack: 0xB4DC480F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-17:46:15.665598 216.39.48.54:51393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53134 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xACF64056  Ack: 0xE821DE59  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371757031 655373163 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:02:47.562175 216.39.48.13:45402 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44603 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEBBC860A  Ack: 0x27DC7936  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371861565 655881186 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:02:53.481882 24.209.203.150:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x60959D82  Ack: 0x27C7EBB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:02:53.505187 24.209.203.150:3370 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:24608 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6095A336  Ack: 0x27C7EBB8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:09:40.918331 216.39.48.114:57124 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25787 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x51FDEEE  Ack: 0x41C40E8E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 371898978 656092892 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:34:43.177141 24.209.203.150:1741 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2669 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17412A60  Ack: 0x9F5140B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:34:43.207395 24.209.203.150:1741 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:2670 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17413014  Ack: 0x9F5140B1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:39:14.730411 24.209.203.150:1572 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A0B7A2  Ack: 0xB0C49080  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:39:14.750516 24.209.203.150:1572 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27298 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A0BD56  Ack: 0xB0C49080  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-18:40:21.981384 216.39.48.44:55376 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18039 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x787BF802  Ack: 0xB49B7247  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 362724994 657035828 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:45:11.904210 24.209.184.90:3125 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47015 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F5DE80  Ack: 0xC6F6BFC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:45:11.912106 24.209.184.90:3125 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:47016 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9F5E434  Ack: 0xC6F6BFC7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:55:01.647024 218.151.92.100:3214 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:12070 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x33A995F  Ack: 0xECBCA486  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-18:55:01.669134 218.151.92.100:3214 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:12071 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x33A9EE5  Ack: 0xECBCA486  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:04:01.366505 216.39.48.54:48623 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21143 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD1C7FF63  Ack: 0xD609DDE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372223492 657762800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:04:01.753496 216.39.48.54:48623 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21144 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD1C7FF63  Ack: 0xD609DDE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372223531 657762800 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:11:13.648217 24.209.203.150:3560 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE777B61D  Ack: 0x296D39CA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:11:13.676689 24.209.203.150:3560 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:63276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE777BBD1  Ack: 0x296D39CA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:18:33.953759 24.209.37.151:1988 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18383 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27466A20  Ack: 0x4496E149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:18:33.999740 24.209.37.151:1988 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18384 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x27466FD4  Ack: 0x4496E149  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:37:30.155967 24.209.97.26:4116 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7A59F87  Ack: 0x8D764A1A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:37:30.188008 24.209.97.26:4116 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:5957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7A5A53B  Ack: 0x8D764A1A  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:38:06.079061 24.209.184.90:3263 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:13004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA385CA  Ack: 0x8FDBA56C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-19:38:06.085106 24.209.184.90:3263 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:13005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEA38B7E  Ack: 0x8FDBA56C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:43:34.442336 216.39.48.94:38137 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49900 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x67339CBF  Ack: 0xA498558B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372465249 658978218 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:50:15.570389 216.39.48.114:39086 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28521 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x80998077  Ack: 0xBCEBBB1F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 372502304 659183654 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-19:56:43.591871 216.39.48.4:37296 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44248 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x992E6252  Ack: 0xD522FE56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71880342 659382385 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-20:02:32.445463 216.39.48.44:44359 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4044 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xAF614C3F  Ack: 0xEAB2EE34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 363217921 659561070 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
04/22-20:26:58.416448 66.185.140.170 -> 192.168.1.6
ICMP TTL:239 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:55642 -> 66.135.209.203:113
TCP TTL:48 TOS:0x0 ID:22552 IpLen:20 DgmLen:60 DF
Seq: 0x47C5D740  Ack: 0xD2DDA53E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-21:10:18.035796 24.209.203.150:1093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1922 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A21AC6F  Ack: 0xEBDB066B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-21:10:18.058895 24.209.203.150:1093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1923 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A21B223  Ack: 0xEBDB066B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-21:40:27.926476 216.39.48.24:50184 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25951 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x1FB45E3D  Ack: 0x5E8C7F51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 355154799 662570316 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-21:51:47.096051 216.39.48.104:36007 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:44572 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4BCBAC40  Ack: 0x8933D3BD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373228082 662918165 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-22:02:38.828190 216.39.48.94:56587 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25797 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x745C7DE2  Ack: 0xB1618445  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373299503 663251967 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:17:38.934484 24.209.203.150:3890 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:85 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC86AAB48  Ack: 0xEA9AF894  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:17:38.954319 24.209.203.150:3890 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:86 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC86AB0FC  Ack: 0xEA9AF894  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:41:33.727328 24.209.203.150:3849 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54355 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42EA8993  Ack: 0x43F3DF94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:41:33.778423 24.209.203.150:3849 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:54356 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x42EA8F47  Ack: 0x43F3DF94  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:57:17.339488 24.209.37.151:2294 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49654 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA6320229  Ack: 0x7F279858  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-22:57:17.379748 24.209.37.151:2294 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49655 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA63207DD  Ack: 0x7F279858  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-22:57:28.990021 216.39.48.64:38133 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20426 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x439A4337  Ack: 0x8005D322  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373624077 664937081 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:37.163239 24.112.68.208:5835 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:33924 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x55A97E65  Ack: 0x6B6D006B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:38.663615 24.112.68.208:5962 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34241 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x560F2912  Ack: 0x6B16E2DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:39.659538 24.112.68.208:6004 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34449 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56319AE7  Ack: 0x6B292AE5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:49.673259 24.112.68.208:6543 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36481 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x57E9CFDB  Ack: 0x6B8655B8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:50.673574 24.112.68.208:6594 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36649 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58156F22  Ack: 0x6C310CDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-23:59:52.182312 24.112.68.208:6680 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36925 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5857E9E9  Ack: 0x6C299AD6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/22-23:59:53.175223 24.112.68.208:6754 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37132 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5896BAF4  Ack: 0x6C961531  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:57.174755 24.112.68.208:6786 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:37738 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x58B1E784  Ack: 0x6C97D26E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/22-23:59:59.167451 24.112.68.208:7035 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38133 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5982E5A6  Ack: 0x6C0AB6DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:00.195515 24.112.68.208:7082 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38230 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x59A96CCF  Ack: 0x6C16823C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:01.181100 24.112.68.208:7096 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38493 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x59B83551  Ack: 0x6CCFB7A3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:14.184252 24.112.68.208:7609 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40534 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5B5BD7F4  Ack: 0x6DA30AE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:15.695423 24.112.68.208:7845 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40772 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5C162C77  Ack: 0x6D28973B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:25.236404 24.112.68.208:7859 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42576 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C22BEA8  Ack: 0x6D542FA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:26.215962 24.112.68.208:8409 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:42743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5DD75F7B  Ack: 0x6DE3B93A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:00:36.724668 24.112.68.208:8996 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44968 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5FAC64AB  Ack: 0x6EC70737  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-00:28:01.622430 216.39.48.84:51399 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16940 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9AC8093E  Ack: 0xD62F2B3D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374164260 667719525 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:16.462901 24.29.173.81:1289 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54638 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x90A860FC  Ack: 0x1E79E65A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-00:47:16.738663 24.29.173.81:1292 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54650 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x90AB945D  Ack: 0x1E7B40D0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]