SnortSnarf alert page

Destination: 192.168.1.6: #2701-2800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:51:27.231909 on 05/11/2003
Latest: 09:35:23.555119 on 05/12/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-13:51:27.231909 24.99.90.28:1968 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50312 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD2418A6  Ack: 0x2B421A3B  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-13:51:27.551086 24.99.90.28:1987 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:50372 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xCD339D5F  Ack: 0x2B04DBC2  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:37.293306 24.99.90.28:2226 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:51513 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xCE0B4903  Ack: 0x2C2451E5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:51:37.680215 24.99.90.28:2242 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:51563 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCE18CC05  Ack: 0x2C55B282  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:02.661384 24.99.90.28:2813 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:54727 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD01567BB  Ack: 0x2CCD472F  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:06.128735 24.99.90.28:2988 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0AC99B7  Ack: 0x2DAEA47D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:06.669426 24.99.90.28:3003 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55205 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD0BAC305  Ack: 0x2D1F98D9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:07.111861 24.99.90.28:3017 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55264 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD0C734FF  Ack: 0x2DE9094E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:07.532035 24.99.90.28:3034 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55335 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD0D604D1  Ack: 0x2D80D917  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:08.126063 24.99.90.28:3050 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55414 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD0E40020  Ack: 0x2D38873A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-13:52:12.095625 24.99.90.28:3166 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:55964 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD147DA23  Ack: 0x2D7196F0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:18:39.162119 24.73.104.66:3097 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D5618D  Ack: 0x92504EE5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:18:39.170096 24.73.104.66:3097 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4331 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D56741  Ack: 0x92504EE5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:56:54.780053 24.148.37.196:2824 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35403 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x47DD7BA2  Ack: 0x22B70EF5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:05.595077 24.148.37.196:3234 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36854 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x492FBC12  Ack: 0x23782D5E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:06.828001 24.148.37.196:3286 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37032 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x495CC284  Ack: 0x23252A58  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:08.144903 24.148.37.196:3335 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37210 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x49872E24  Ack: 0x23AD138F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:12.886674 24.148.37.196:3521 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37883 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A1C05B0  Ack: 0x23FD8DFF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-14:57:14.096665 24.148.37.196:3573 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38071 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A4741B8  Ack: 0x238F3936  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-14:57:15.338313 24.148.37.196:3617 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38267 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4A6BCC16  Ack: 0x23B74D08  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:26.140593 24.148.37.196:4055 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39899 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4BD761D7  Ack: 0x2480C5C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:31.018702 24.148.37.196:4238 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40584 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C6E4CC4  Ack: 0x24A40603  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:32.274200 24.148.37.196:4293 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:40770 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4C9C6A01  Ack: 0x2506492B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:37.106980 24.148.37.196:4467 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D2C7276  Ack: 0x24EA7480  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:38.509108 24.148.37.196:4520 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41630 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4D5A2E52  Ack: 0x25505B8D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:46.371587 24.148.37.196:4779 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42753 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4DF47E70  Ack: 0x252926BA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:47.546208 24.148.37.196:1084 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:42924 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4E83557F  Ack: 0x25A13DDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:48.990468 24.148.37.196:1136 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43125 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4EB096B5  Ack: 0x25718685  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-14:57:50.353445 24.148.37.196:1185 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4ED56006  Ack: 0x262DCB1A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-15:40:27.253234 24.68.67.114:1396 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59101 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CBE3F92  Ack: 0xC690A973  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-15:40:27.301042 24.68.67.114:1396 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59102 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CBE4546  Ack: 0xC690A973  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:05:10.991186 24.209.39.246:3841 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:2398
***AP*** Seq: 0x240D3811  Ack: 0x3DA3197A  Win: 0x3908  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:45:22.679817 24.148.85.85:3146 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36412 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5A8775D4  Ack: 0xBC74DAFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:45:23.145663 24.148.85.85:3264 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36426 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5AED164E  Ack: 0xBC6B8843  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-16:45:23.400645 24.148.85.85:3265 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36438 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5AEE8C6E  Ack: 0xBC84834D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:04:59.531135 24.148.85.85:2098 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:48544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x17DB5ADE  Ack: 0xE7C54085  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:20.907414 24.148.85.85:2748 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50729 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1A0DE19E  Ack: 0xE992ABE5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:21.110392 24.148.85.85:2751 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:50748 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A111BB6  Ack: 0xE95A3E35  Win: 0x4470  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-18:05:33.728383 24.148.85.85:3001 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1AECD7A8  Ack: 0xEA0A1B9F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-18:05:33.922882 24.148.85.85:3061 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51895 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1B26FB82  Ack: 0xEA6704EE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:34.142405 24.148.85.85:3062 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51904 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1B2872DE  Ack: 0xEA02BB63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:43.420431 24.148.85.85:3314 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:52855 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C086DD3  Ack: 0xEB7CCAF4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:43.636722 24.148.85.85:3341 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:52863 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C1DEB9B  Ack: 0xEC195D87  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:43.822830 24.148.85.85:3344 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:52873 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C20CB7A  Ack: 0xEB8E1DB3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:47.929043 24.148.85.85:3456 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:53304 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1C844868  Ack: 0xEBD4F79E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:51.315725 24.148.85.85:3463 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:138
***AP*** Seq: 0x1C8A3D62  Ack: 0x1C897897  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:54.612747 24.148.85.85:3659 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:54059 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1D32DEBB  Ack: 0xEC62DC32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:05:57.752204 24.148.85.85:3691 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:54462 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D4B3B15  Ack: 0xEC5D94F0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:44:51.470683 24.74.60.176:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:33311 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA658CF53  Ack: 0x7FA0F943  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-18:44:51.476032 24.74.60.176:2567 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:33312 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA658D507  Ack: 0x7FA0F943  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:02.234808 24.158.5.113:3907 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52443 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x43A5E94B  Ack: 0xF9D5E100  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:06.945710 24.158.5.113:3988 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52852 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x43F4C618  Ack: 0xFA652BC2  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:07.933486 24.158.5.113:4003 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52960 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x44031EC0  Ack: 0xFAC5B880  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:08.774026 24.158.5.113:4021 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53039 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x44146D47  Ack: 0xFAC9CA84  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:13.221109 24.158.5.113:4094 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53432 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x445D33DC  Ack: 0xFA63BF60  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-19:17:17.589969 24.158.5.113:4164 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53802 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44A33810  Ack: 0xFA95110F  Win: 0xFC00  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-19:17:18.415838 24.158.5.113:4180 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53874 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44B2F200  Ack: 0xFAA7ABDE  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:22.600926 24.158.5.113:4230 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54155 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x44E74ABB  Ack: 0xFB531D95  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:23.327164 24.158.5.113:4244 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54208 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44F338AD  Ack: 0xFAFA6718  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:27.187244 24.158.5.113:4292 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x45243C4A  Ack: 0xFB2653CB  Win: 0xFC00  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:28.036975 24.158.5.113:4300 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54537 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x452BF103  Ack: 0xFBC51077  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:28.892930 24.158.5.113:4314 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54599 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x453676A9  Ack: 0xFB88A7AC  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:33.089897 24.158.5.113:4368 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54898 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x456EEF51  Ack: 0xFC208D4C  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:33.860210 24.158.5.113:4383 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54966 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457E538A  Ack: 0xFBDD6558  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:34.781521 24.158.5.113:4398 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x458CBCF3  Ack: 0xFB807335  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:17:39.068490 24.158.5.113:4463 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55415 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x45CF0A8D  Ack: 0xFC9CBB22  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.111920 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13219 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB92FFE00  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:25:40.161675 24.209.39.246:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB93003B4  Ack: 0x197515C8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:31:33.814760 24.209.98.148:2706 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:18190 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E0C0A49  Ack: 0x2F7B0135  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-19:31:33.843866 24.209.98.148:2706 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:18191 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E0C0FFD  Ack: 0x2F7B0135  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/11-19:59:13.158127 66.196.73.77:23285 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:37213 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1AEC08A7  Ack: 0x97CBE703  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-20:36:10.360555 24.209.98.148:4863 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C99C54E  Ack: 0x23E10573  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-20:36:10.390167 24.209.98.148:4863 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:7842 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C99CB02  Ack: 0x23E10573  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:06:34.223303 24.209.196.254:4056 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15A34F53  Ack: 0x7916D169  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:06:34.243833 24.209.196.254:4056 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:31541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15A35507  Ack: 0x7916D169  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:20:20.131698 24.98.31.200:2821 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:10289 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x952EDFFA  Ack: 0xADF2206B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:20:24.290149 24.98.31.200:3052 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:11844 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x95DE6616  Ack: 0xAE31B9D0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:54:59.570702 24.209.42.242:1054 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:52602 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F6BD3E7  Ack: 0x3106C3AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-22:54:59.600516 24.209.42.242:1054 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:52603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F6BD99B  Ack: 0x3106C3AD  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-23:03:31.317851 24.209.42.242:4436 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38956 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB09011D9  Ack: 0x50B5FAED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/11-23:03:31.382330 24.209.42.242:4436 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB090178D  Ack: 0x50B5FAED  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-01:55:46.124411 61.152.247.17:1135 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:8866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB9EA4C7A  Ack: 0xDBB5AEB4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-01:55:46.220470 61.152.247.17:1135 -> 192.168.1.6:80
TCP TTL:99 TOS:0x0 ID:8867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB9EA522E  Ack: 0xDBB5AEB4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:09.815884 24.209.42.242:1166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x61691DF5  Ack: 0xBF11A4C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:09.845261 24.209.42.242:1166 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:22720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x616923A9  Ack: 0xBF11A4C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:20.690767 24.209.42.242:1482 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62820930  Ack: 0xBF8E69C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-06:19:20.722116 24.209.42.242:1482 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62820EE4  Ack: 0xBF8E69C7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-07:00:13.144380 66.196.65.13:13011 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:44200 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8F1A5395  Ack: 0x5978524C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-08:32:59.472127 24.209.42.242:4179 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31357 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC8448367  Ack: 0xB82FAAA4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-08:32:59.522395 24.209.42.242:4179 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC844891B  Ack: 0xB82FAAA4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:34:37.652641 24.125.85.187:2621 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5445 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9DCCC8C4  Ack: 0xA0ECF42D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:34:42.775238 24.125.85.187:2767 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5950 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9E4A473E  Ack: 0xA13C6D95  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:34:43.395275 24.125.85.187:2787 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9E5B2B94  Ack: 0xA1A45546  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:05.058868 24.125.85.187:3400 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8125 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA05E971B  Ack: 0xA2D4DF65  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:05.390737 24.125.85.187:3421 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8173 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA06E47D2  Ack: 0xA26E957B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-09:35:15.028713 24.125.85.187:3677 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9029 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA144DCD6  Ack: 0xA2F0BFA2  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/12-09:35:18.722122 24.125.85.187:3693 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9320 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA151C3DC  Ack: 0xA3DEEB45  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:19.340376 24.125.85.187:3790 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9385 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA1A38505  Ack: 0xA3CD9586  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:19.851771 24.125.85.187:3804 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9425 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1B0566D  Ack: 0xA3A16E40  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-09:35:23.555119 24.125.85.187:3817 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9772 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA1BBB405  Ack: 0xA36A3114  Win: 0xFAF0  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]