SnortSnarf alert page

Destination: 192.168.1.6: #2201-2300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:33:01.292272 on 05/06/2003
Latest: 15:31:17.765475 on 05/07/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:01.292272 24.122.7.136:4984 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:53995 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9D71122C  Ack: 0x81A4D33D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:01.450739 24.122.7.136:4991 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54013 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9D773BD5  Ack: 0x81B4F237  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:01.629298 24.122.7.136:4998 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9D7D4DDD  Ack: 0x81967536  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/06-23:33:11.075029 24.122.7.136:1285 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54807 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9E618922  Ack: 0x8283DCC0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:33:11.204300 24.122.7.136:1287 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54819 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E632B8B  Ack: 0x82C57E2A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/06-23:33:11.359833 24.122.7.136:1291 -> 192.168.1.6:80
TCP TTL:46 TOS:0x0 ID:54837 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9E6764EF  Ack: 0x82008809  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:00.530934 24.245.2.233:2803 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39608 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5A9A0DF  Ack: 0x244A9F4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:01.970634 24.245.2.233:2821 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB5BD2189  Ack: 0x251223A8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:23.696566 24.245.2.233:3121 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40472 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6EB9431  Ack: 0x25FFCA48  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:24.109329 24.245.2.233:3126 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40487 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6F0EB18  Ack: 0x266B26A4  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:24.505643 24.245.2.233:3131 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40502 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB6F6898F  Ack: 0x25FBF7FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:16:25.325799 24.245.2.233:3140 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40531 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7003845  Ack: 0x2603AE49  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:16:25.719867 24.245.2.233:3147 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40548 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB7070231  Ack: 0x26436EB1  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.130849 24.245.2.233:3151 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40561 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB70BBE88  Ack: 0x269A0CC2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.545787 24.245.2.233:3154 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40581 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB70FB9AE  Ack: 0x263B45FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:26.929035 24.245.2.233:3158 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7142E5A  Ack: 0x2678D2CA  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:27.397163 24.245.2.233:3167 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40623 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB71C1EC6  Ack: 0x25C2A253  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:27.780400 24.245.2.233:3177 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40667 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB7268917  Ack: 0x26B1DB4B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:28.180484 24.245.2.233:3188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40701 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB72F87F9  Ack: 0x26132AEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:31.141538 24.245.2.233:3188 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40817 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB72F87F9  Ack: 0x26132AEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:31.745310 24.245.2.233:3236 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40835 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7618A56  Ack: 0x26683F94  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:32.158121 24.245.2.233:3244 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40854 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB768F9E7  Ack: 0x260F2962  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:16:32.596231 24.245.2.233:3252 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB770F442  Ack: 0x26CC8FF2  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:30.302662 24.243.175.144:3749 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49344 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBCA51688  Ack: 0x3CB2D007  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:30.929455 24.243.175.144:3762 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49404 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBCB0ABAA  Ack: 0x3D25FBD1  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:31.456543 24.243.175.144:3777 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49461 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBCBE4F1F  Ack: 0x3C70430A  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:32.219687 24.243.175.144:3796 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49545 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBCCE33F6  Ack: 0x3CEA2B22  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:22:42.307878 24.243.175.144:4054 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50461 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBDB515B3  Ack: 0x3D7D59D1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:22:42.880440 24.243.175.144:4076 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50519 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBDC76852  Ack: 0x3DC8D523  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:53.189531 24.243.175.144:4332 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51504 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBEA81E54  Ack: 0x3E2E50D5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:57.580699 24.243.175.144:4460 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52056 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF1652A2  Ack: 0x3EA76657  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:58.275678 24.243.175.144:4485 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52129 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF2B17DB  Ack: 0x3EDDF171  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:22:59.166570 24.243.175.144:4503 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF3A00A0  Ack: 0x3E1062FB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:02.917076 24.243.175.144:4598 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:52580 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF8DE39C  Ack: 0x3EB0F0EA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:25.200132 24.243.175.144:1246 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54498 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC1594EA1  Ack: 0x3FDE1BCC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:25.937885 24.243.175.144:1263 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54560 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC1682CB3  Ack: 0x40774F84  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:26.754713 24.243.175.144:1285 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:54628 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC17CDF28  Ack: 0x405F078F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:23:40.157101 24.243.175.144:1559 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56063 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC27139E4  Ack: 0x4149AFD2  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-00:32:57.802390 66.196.65.24:63552 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:1348 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x42948918  Ack: 0x6413DAC6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:48:58.193563 24.42.35.231:3386 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44071 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEC4ACC0  Ack: 0xA0CA04E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-00:48:58.258151 24.42.35.231:3386 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:44072 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEC4B274  Ack: 0xA0CA04E6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-02:16:18.353498 24.157.60.48:2016 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36721 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37FC8A15  Ack: 0xEAF9BA65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-02:16:18.417861 24.157.60.48:2016 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:36722 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x37FC8FC9  Ack: 0xEAF9BA65  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:27.366918 24.98.22.117:3587 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16666 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8CB64D5D  Ack: 0x7A37AF52  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:28.060328 24.98.22.117:3688 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16827 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8D021B6C  Ack: 0x7B00C6EB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:28.341857 24.98.22.117:3697 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16863 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8D087BCB  Ack: 0x7B328B66  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:38.106433 24.98.22.117:3998 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18119 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8E0979DE  Ack: 0x7BA57C2D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:39.036019 24.98.22.117:4087 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18166 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8E4D8536  Ack: 0x7B4687D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-04:02:51.904691 24.98.22.117:4467 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:19762 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8F8E4183  Ack: 0x7C4C4FE6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-04:02:55.365836 24.98.22.117:4574 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20147 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8FEB1001  Ack: 0x7C7BEC14  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:55.939711 24.98.22.117:4807 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20278 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x906746DF  Ack: 0x7BF6A980  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-04:02:56.457822 24.98.22.117:4856 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:20329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9075CD38  Ack: 0x7CE60C0A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:30.173443 24.147.143.32:4278 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:5638 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF88C1EBE  Ack: 0x12449177  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:33.811437 24.147.143.32:4294 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:5952 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF89A32D2  Ack: 0x1255F093  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:33.998086 24.147.143.32:4402 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:5982 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF8F47D23  Ack: 0x1285F3F5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:37.305855 24.147.143.32:4526 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF95CD282  Ack: 0x1321F2E8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:37.486232 24.147.143.32:4531 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF9616127  Ack: 0x1342A96B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-09:13:37.702856 24.147.143.32:4543 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6425 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF96BA31B  Ack: 0x12A81735  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-09:13:40.873201 24.147.143.32:4624 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6620 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF9AF85E5  Ack: 0x13494189  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:41.071955 24.147.143.32:4630 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6635 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF9B534E5  Ack: 0x1386A616  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:41.242932 24.147.143.32:4634 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6653 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF9B8EEF6  Ack: 0x12FC36E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:44.437350 24.147.143.32:4741 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6979 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA12A242  Ack: 0x136DB9DA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:44.624749 24.147.143.32:4746 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:6995 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA16A85C  Ack: 0x138C0932  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:47.809442 24.147.143.32:4881 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFA850828  Ack: 0x139C623F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:47.996192 24.147.143.32:4893 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7424 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFA8E49E2  Ack: 0x13D1B426  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:48.152694 24.147.143.32:4895 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7435 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFA904684  Ack: 0x13EE73D2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:48.325912 24.147.143.32:4903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7466 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFA965153  Ack: 0x134705D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-09:13:51.496695 24.147.143.32:4994 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:7741 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFAE206D9  Ack: 0x136415B3  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-09:23:50.223040 66.77.73.64:3715 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:60480 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0xCE2142F2  Ack: 0x397A2E37  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 240485034 1303706320 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-10:59:19.725573 24.132.129.206:3811 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34C0B32E  Ack: 0xA287FEA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-10:59:19.726880 24.132.129.206:3811 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:47260 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34C0B8E2  Ack: 0xA287FEA0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:06:39.990177 24.74.84.124:2693 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27597 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7204CC0B  Ack: 0x83F9E739  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:06:41.906877 24.74.84.124:2746 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27862 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x72326573  Ack: 0x832E50D3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:06:43.696150 24.74.84.124:2796 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x725DEA2A  Ack: 0x8350A2B6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:06.409016 24.74.84.124:3454 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x74949C61  Ack: 0x85865419  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:11.019717 24.74.84.124:3587 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31962 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7502CB18  Ack: 0x858B08D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-13:07:12.721001 24.74.84.124:3631 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32209 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x752A32CD  Ack: 0x8531574E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-13:07:14.580790 24.74.84.124:3678 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32470 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7553420C  Ack: 0x85AB717E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:16.664943 24.74.84.124:3734 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32720 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7582CC34  Ack: 0x857BBD4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:27.734108 24.74.84.124:4027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34149 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x767CD6D2  Ack: 0x86838301  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:29.743542 24.74.84.124:4083 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76A9594C  Ack: 0x8686F052  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:31.410778 24.74.84.124:4141 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34633 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76DD4E70  Ack: 0x86B81689  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:33.202141 24.74.84.124:4188 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34885 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7706803C  Ack: 0x86E691AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:43.876671 24.74.84.124:4492 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36397 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x78115094  Ack: 0x873D1FED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:45.484626 24.74.84.124:4548 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36647 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x784273C7  Ack: 0x8777FFAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:48.561431 24.74.84.124:4548 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x784273C7  Ack: 0x8777FFAF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:07:56.218073 24.74.84.124:4875 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38236 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7957B965  Ack: 0x8843A5BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:08:06.904639 24.74.84.124:1225 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39757 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A60F0CA  Ack: 0x88E2303D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:28:45.635768 24.98.209.119:3531 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11949 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0x2F1C799  Ack: 0xD54A9526  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-13:28:45.646876 24.98.209.119:3531 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11950 IpLen:20 DgmLen:1372 DF
***A**** Seq: 0x2F1CCCD  Ack: 0xD54A9526  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-14:36:00.488288 66.77.73.149:1668 -> 192.168.1.6:80
TCP TTL:45 TOS:0x0 ID:49909 IpLen:20 DgmLen:225 DF
***AP*** Seq: 0xB3777FFE  Ack: 0xD477C23B  Win: 0xE070  TcpLen: 32
TCP Options (3) => NOP NOP TS: 242419408 1313299405 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:07:49.983844 24.42.59.140:1224 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:17745 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3059BA1A  Ack: 0x4BEACDB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:07:50.047206 24.42.59.140:1224 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:17747 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3059BFCE  Ack: 0x4BEACDB3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:44.924055 24.209.39.246:3900 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB5B40E6F  Ack: 0xA3D15401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:56.209416 24.209.39.246:4178 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29198 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB6AAC3A6  Ack: 0xA470F415  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:30:57.404619 24.209.39.246:4214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29396 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB6CC1807  Ack: 0xA542EFCF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:11.314921 24.209.39.246:4523 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31521 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB7D97D45  Ack: 0xA561BC76  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/07-15:31:12.814806 24.209.39.246:4633 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31746 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB83C4885  Ack: 0xA5453C8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:16.744185 24.209.39.246:4676 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32385 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8628417  Ack: 0xA5AE1B7E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/07-15:31:17.765475 24.209.39.246:4793 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32544 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xB8C81BC0  Ack: 0xA585636D  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]