SnortSnarf alert page

Destination: 192.168.1.6: #2601-2700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:36:04.600440 on 05/09/2003
Latest: 13:51:26.867772 on 05/11/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.600440 24.98.129.251:1144 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62564 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78D4959B  Ack: 0x6911DE43  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.794270 24.98.129.251:1169 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62662 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78E81D5E  Ack: 0x691369A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:04.953437 24.98.129.251:1194 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:62749 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x78FBBC03  Ack: 0x6926B7FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/09-22:36:14.371687 24.98.129.251:1856 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:64895 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B009C07  Ack: 0x694B4989  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:17.934906 24.98.129.251:2148 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:113 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7BE201F4  Ack: 0x69BB9475  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:36:18.119344 24.98.129.251:2161 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:158 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7BEC3EF2  Ack: 0x69A76230  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:04.161542 24.98.129.251:1897 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11620 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x87417A29  Ack: 0x6CD9DDFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:07.368465 24.98.129.251:1931 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:12401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8759F5B8  Ack: 0x6DE90205  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:16.904221 24.98.129.251:2217 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:14437 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x88368920  Ack: 0x6D720A4B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/09-22:37:20.110576 24.98.129.251:2846 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:15082 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A2D5DE5  Ack: 0x6E4ABC50  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:13:18.349429 24.209.196.254:1381 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:46882 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA60FC6E2  Ack: 0xD86D2AFA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:13:18.369653 24.209.196.254:1381 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:46883 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA60FCC96  Ack: 0xD86D2AFA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.020273 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C2349  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:34:38.071262 24.209.39.246:2268 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x343C28FD  Ack: 0x28764F3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:48:02.220030 24.217.69.93:3332 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34821 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDD2BE5BE  Ack: 0x5BB3622E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-00:48:02.225348 24.217.69.93:3332 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34822 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDD2BEB72  Ack: 0x5BB3622E  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.422821 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16441 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19F7CC  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-03:37:49.445221 24.209.39.246:4437 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16442 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBA19FD80  Ack: 0xDD37B3AE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.887145 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x349615CA  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:04:11.931820 24.209.39.246:3085 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:5634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x34961B7E  Ack: 0x41A1B265  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:29:19.507973 24.209.39.246:3948 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1968 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7A0665B  Ack: 0x9F36F6B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:24.948268 24.98.50.142:3000 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39106 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3F3A671  Ack: 0xD250F958  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:25.260674 24.98.50.142:3009 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39129 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3FB525F  Ack: 0xD2D4A3BD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:25.419046 24.98.50.142:3012 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39142 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3FDA857  Ack: 0xD25AE8B1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:25.587986 24.98.50.142:3018 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39158 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x40277DE  Ack: 0xD20062D3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:34.724535 24.98.50.142:3276 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:39730 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4CE3A4C  Ack: 0xD2D984AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-04:42:43.936945 24.98.50.142:3558 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40439 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5B3B8A8  Ack: 0xD3AB747E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-04:42:44.124007 24.98.50.142:3561 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40453 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5B64FF0  Ack: 0xD3F141B2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:44.343122 24.98.50.142:3567 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40475 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5BA9A76  Ack: 0xD32AED6B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:44.484067 24.98.50.142:3575 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40492 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C225FB  Ack: 0xD36224ED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:44.634686 24.98.50.142:3579 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40503 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C5BB02  Ack: 0xD3BCCAAD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:47.944979 24.98.50.142:3665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:40780 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x60DD284  Ack: 0xD36F83AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:51.250348 24.98.50.142:3787 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56097 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66A2B1B  Ack: 0xD3DAAEFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.452849 24.98.50.142:3886 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56275 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6B42192  Ack: 0xD464097B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.610349 24.98.50.142:3891 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56285 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6B907E3  Ack: 0xD3F082BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.760194 24.98.50.142:3893 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56294 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6BAAFF4  Ack: 0xD4135E65  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-04:42:54.901549 24.98.50.142:3894 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56304 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BC6ADA  Ack: 0xD426F114  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:40.627858 24.92.146.111:4698 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59142 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE129BFFC  Ack: 0x346D67F7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:40.973421 24.92.146.111:4708 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59158 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE132F37A  Ack: 0x34B25EDD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:50.379794 24.92.146.111:4953 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59774 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE20E75E8  Ack: 0x35429102  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:53.926912 24.92.146.111:1071 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59982 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE26056D7  Ack: 0x34F0D877  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:08:54.104046 24.92.146.111:1075 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:59998 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE26325BE  Ack: 0x358025B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-05:08:57.736419 24.92.146.111:1197 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60315 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE2CE0F17  Ack: 0x3543AC6C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-05:09:01.344057 24.92.146.111:1286 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60561 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE317A6BC  Ack: 0x354964C9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:08.027364 24.92.146.111:1383 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:60992 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE36DF0EE  Ack: 0x35789D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.409220 24.92.146.111:1741 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61780 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4A62468  Ack: 0x376D4BED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.618765 24.92.146.111:1748 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61803 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4AC7D18  Ack: 0x372AD498  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.787500 24.92.146.111:1755 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61824 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4B246D2  Ack: 0x37CE1828  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:17.971825 24.92.146.111:1759 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61844 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4B5A142  Ack: 0x37EE02FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.129060 24.92.146.111:1765 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61862 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE4BAB9D5  Ack: 0x37FBEB4D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.293567 24.92.146.111:1770 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61880 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4BF52FB  Ack: 0x375BBB4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.434773 24.92.146.111:1776 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61898 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE4C4ACA3  Ack: 0x378EC70E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-05:09:18.623458 24.92.146.111:1783 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:61925 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4CB0EC0  Ack: 0x37682E09  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-12:31:20.069422 24.209.98.148:1094 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:13398 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF4036E  Ack: 0xBCE9302B  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-12:35:19.984092 66.196.65.24:40171 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:52374 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDBDE23E2  Ack: 0xCBDCCADC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:05:48.492254 24.145.224.14:3689 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8407 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72A684BB  Ack: 0x3ED6705A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:05:48.504671 24.145.224.14:3689 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8408 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x72A68A6F  Ack: 0x3ED6705A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:33:01.472844 24.209.196.254:4278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x265DCB4A  Ack: 0xA648058E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:33:01.499946 24.209.196.254:4278 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34042 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x265DD0FE  Ack: 0xA648058E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:37:23.969307 24.209.98.148:4967 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40009 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9334C244  Ack: 0xB670B53B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:37:23.982587 24.209.98.148:4967 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:40010 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9334C7F8  Ack: 0xB670B53B  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:45:11.242358 24.209.196.254:4365 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47411 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A472335  Ack: 0xD4A9CC2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-13:45:11.264627 24.209.196.254:4365 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47412 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6A4728E9  Ack: 0xD4A9CC2D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-13:47:53.191111 66.196.65.24:57675 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:14062 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x175FC63D  Ack: 0xDE4BE070  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-16:06:09.189605 24.112.238.37:1783 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19286 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8363DA0C  Ack: 0xE83ADCD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-16:06:09.190212 24.112.238.37:1783 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19287 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8363DFC0  Ack: 0xE83ADCD1  Win: 0x4470  TcpLen: 20

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
05/10-16:50:53.792937 65.218.30.150:1997 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:38943 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0x28CC57A9  Ack: 0x9123D2D6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-17:36:57.552065 24.208.78.236:4640 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7EDFDE6  Ack: 0x3FA367A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-17:36:57.588838 24.208.78.236:4640 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7EE039A  Ack: 0x3FA367A0  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-18:14:06.899206 12.217.238.13:1989 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4379 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xFA888AA2  Ack: 0xCB7EBCCF  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-18:14:07.587108 12.217.238.13:1989 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4380 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0xFA888B35  Ack: 0xCB7EBE3D  Win: 0x4302  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-18:55:58.958321 66.196.65.24:61162 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:16134 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x28502BA2  Ack: 0x6992146E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-19:09:24.002318 24.209.42.242:4923 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44643 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0B14D95  Ack: 0x9BD53AEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-19:09:24.066494 24.209.42.242:4923 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:44644 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0B15349  Ack: 0x9BD53AEE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:22:13.388313 24.209.42.242:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46406969  Ack: 0xAFE28E19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:22:13.428589 24.209.42.242:3388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x46406F1D  Ack: 0xAFE28E19  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:31:59.046578 200.54.64.130:2081 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50812 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x375D27FF  Ack: 0xD5B2CC4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-20:31:59.047981 200.54.64.130:2081 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50813 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x375D2DB3  Ack: 0xD5B2CC4E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:20:56.228933 24.209.42.242:3980 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42024 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x812CC24C  Ack: 0x8D4A30B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:20:56.257993 24.209.42.242:3980 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:42025 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x812CC800  Ack: 0x8D4A30B3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:26:39.641001 24.209.42.242:1541 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3058 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9EDEFF98  Ack: 0xA2D90735  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-21:26:39.713345 24.209.42.242:1541 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:3059 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9EDF054C  Ack: 0xA2D90735  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:16:03.366008 24.209.196.254:1393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15252 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDA7EAC0  Ack: 0x5DB4A3F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:16:03.414612 24.209.196.254:1393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEDA7F074  Ack: 0x5DB4A3F9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:34:18.110279 24.209.196.254:2578 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34723 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38969B56  Ack: 0xA23BB8C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-22:34:18.133606 24.209.196.254:2578 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3896A10A  Ack: 0xA23BB8C2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/10-23:10:55.539863 66.196.65.24:20004 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:40617 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4A4A48CD  Ack: 0x2CC4B8A9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-23:16:18.310679 24.68.101.113:4311 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56523 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF268F2C3  Ack: 0x4166F298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/10-23:16:18.340396 24.68.101.113:4311 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56524 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF268F877  Ack: 0x4166F298  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-00:33:40.268383 66.196.65.24:60397 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:23926 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x43DF871E  Ack: 0x65824D8D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.265106 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6046 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F2861E  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:04:51.291702 24.209.39.246:4882 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6047 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3F28BD2  Ack: 0x7B100DAE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.054347 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22711 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331E53F  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:35:03.073569 24.209.39.246:2847 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22712 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5331EAF3  Ack: 0xED668FBF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-13:48:09.384240 66.196.65.24:16014 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:41806 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF3254B25  Ack: 0x1ED57D33  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:19.313674 24.99.90.28:1688 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49050 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCC383C9E  Ack: 0x2AAE52E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:22.629010 24.99.90.28:1790 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:49535 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCC907B08  Ack: 0x2B184C0E  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:26.256486 24.99.90.28:1927 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50132 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD01A566  Ack: 0x2ACD32B1  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:26.505659 24.99.90.28:1940 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50183 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD0CA217  Ack: 0x2BB74375  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:26.867772 24.99.90.28:1955 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50252 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xCD19FD08  Ack: 0x2AFF9361  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]