SnortSnarf alert page

Destination: 192.168.1.6: #2901-3000

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:42:19.829650 on 05/12/2003
Latest: 15:14:12.107204 on 05/13/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:19.829650 24.218.253.67:1967 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10983 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC07D7FE9  Ack: 0x2354E5F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:23.714604 24.218.253.67:2209 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:11622 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC13F3F65  Ack: 0x23ECE7C7  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:24.158132 24.218.253.67:2229 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:11693 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC14E42DC  Ack: 0x245E7C83  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:24.686258 24.218.253.67:2261 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:11778 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC163A803  Ack: 0x243EE3AE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:28.380495 24.218.253.67:2488 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12339 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xC218A5D8  Ack: 0x24108B5E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:28.598252 24.218.253.67:2501 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12361 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC22276EB  Ack: 0x23F2F93C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:31.711945 24.218.253.67:2501 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12853 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC22276EB  Ack: 0x23F2F93C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:32.020953 24.218.253.67:2702 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12904 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xC2C63512  Ack: 0x240B33DA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:42:32.483173 24.218.253.67:2729 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:12985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC2DBA7FC  Ack: 0x24794FB0  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.624826 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55633 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC27A0  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/12-23:46:09.645204 24.209.39.246:3705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:55634 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8FFC2D54  Ack: 0x31F5343C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-00:12:05.406818 24.244.137.89:4138 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDE1C71D0  Ack: 0x92D44A3A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-00:12:05.500360 24.244.137.89:4138 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:2276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDE1C7784  Ack: 0x92D44A3A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-04:09:16.504727 66.196.65.24:10080 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:4467 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1C11182  Ack: 0x1350236F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:01:05.649624 24.198.148.199:2659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52094 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CF02247  Ack: 0xD7415AA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:01:05.668231 24.198.148.199:2659 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:52095 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CF027FB  Ack: 0xD7415AA6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:59:20.645152 24.209.42.242:4521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39918 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6802C81E  Ack: 0xB3EE8880  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-05:59:20.685394 24.209.42.242:4521 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39919 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6802CDD2  Ack: 0xB3EE8880  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-08:50:58.953765 66.196.73.77:27400 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:25603 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8CE361BE  Ack: 0x3B21663A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:55.482067 24.60.182.124:3436 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22542 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x79BBAADA  Ack: 0xEDA097C9  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:57.612678 24.60.182.124:3560 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:22921 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A20F214  Ack: 0xEE1531FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:58.648563 24.60.182.124:3608 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23119 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A4862B2  Ack: 0xEE327CA9  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:45:59.723411 24.60.182.124:3652 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23319 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A6A7BB9  Ack: 0xED93FD35  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:00.808456 24.60.182.124:3742 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23544 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7AB304DE  Ack: 0xEDEB484F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-10:46:10.753467 24.60.182.124:4280 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:25349 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7C5FAE02  Ack: 0xEE905689  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-10:46:11.931387 24.60.182.124:4324 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:25547 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7C7EEB66  Ack: 0xEEE6D01F  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:21.999576 24.60.182.124:4879 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:27511 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7E373821  Ack: 0xEF7E62D7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:23.005216 24.60.182.124:4938 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:27765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E649137  Ack: 0xEF3A4E35  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:40.274115 24.60.182.124:1899 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:31066 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x815165C1  Ack: 0xF0092377  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:44.034786 24.60.182.124:2126 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:31827 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82020AFF  Ack: 0xF06ED319  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:48.306981 24.60.182.124:2361 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32662 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x82BF1D9B  Ack: 0xF0C30079  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:49.535147 24.60.182.124:2412 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x82E93021  Ack: 0xF16DFFF0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:50.826455 24.60.182.124:2514 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33119 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x83363607  Ack: 0xF0B7FEAE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:46:52.228096 24.60.182.124:2570 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33347 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x836574A6  Ack: 0xF1258DD8  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:58:16.221751 24.244.179.28:1627 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23044 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B693FB2  Ack: 0x1BBFE94E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-10:58:16.230404 24.244.179.28:1627 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:23045 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B694566  Ack: 0x1BBFE94E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:33.482212 24.150.22.139:1770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57779 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2DC5EC74  Ack: 0x42897195  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:34.268481 24.150.22.139:1795 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57904 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2DDB7254  Ack: 0x4297DDD0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:34.471557 24.150.22.139:1803 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57931 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DE22DCC  Ack: 0x431A7DEE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:34.681111 24.150.22.139:1810 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2DE8B0C3  Ack: 0x434E4C1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:47.540668 24.150.22.139:2212 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60293 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2F334127  Ack: 0x4346A6EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-11:08:47.876679 24.150.22.139:2386 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:60363 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2FBB6E1F  Ack: 0x43D77CAB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-11:08:51.624837 24.150.22.139:2413 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61036 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2FD1C6C0  Ack: 0x43AE4FE2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:51.820379 24.150.22.139:2512 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61071 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3026B546  Ack: 0x43843FF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.073693 24.150.22.139:2521 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61120 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x302E268D  Ack: 0x442C9646  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.337220 24.150.22.139:2529 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x30341993  Ack: 0x43821DF4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.555936 24.150.22.139:2535 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61224 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3038D83B  Ack: 0x4388AB66  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:52.835959 24.150.22.139:2547 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61283 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x30428BD9  Ack: 0x43EEBD88  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:53.024302 24.150.22.139:2557 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61326 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x304AE472  Ack: 0x443FD837  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:56.033078 24.150.22.139:2557 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61960 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x304AE472  Ack: 0x443FD837  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:56.476287 24.150.22.139:2670 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62055 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30AF9E9E  Ack: 0x44101CA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:59.379871 24.150.22.139:2670 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62649 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30AF9E9E  Ack: 0x44101CA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:08:59.830054 24.150.22.139:2748 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x30F3A399  Ack: 0x43E8F91A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:09:00.078519 24.150.22.139:2762 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62783 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30FED51A  Ack: 0x44854C83  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:19:52.716775 24.112.153.163:3824 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23370 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F188A6F  Ack: 0x6EB8ABC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-11:19:52.780232 24.112.153.163:3824 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:23371 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7F189023  Ack: 0x6EB8ABC8  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.367122 24.209.18.197:2960 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19373 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x78F40E28  Ack: 0xD699DACB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.547363 24.209.18.197:2964 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19391 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x78F814BB  Ack: 0xD625F3A8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.654773 24.209.18.197:2966 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19404 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78F9B87B  Ack: 0xD69AD6B3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:11.847984 24.209.18.197:2971 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19421 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x78FD8E0C  Ack: 0xD5D0E3D4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:15.529758 24.209.18.197:3054 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7945E6EB  Ack: 0xD657828B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-12:55:15.668616 24.209.18.197:3058 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7949ABCB  Ack: 0xD6F87BDA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-12:55:15.745518 24.209.18.197:3060 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:19689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x794B6279  Ack: 0xD69F5C2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.251691 24.209.18.197:3128 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20044 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x798B7641  Ack: 0xD6E0930D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.374518 24.209.18.197:3164 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20055 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B17EAF  Ack: 0xD67C124B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:22.466183 24.209.18.197:3165 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20060 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B2D51B  Ack: 0xD7593314  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:31.469995 24.209.18.197:3166 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20567 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B3C940  Ack: 0xD72D2BD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:31.600291 24.209.18.197:3332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20582 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A540D9F  Ack: 0xD75B07A1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:34.940834 24.209.18.197:3393 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20733 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7A8E7E67  Ack: 0xD8226E03  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:35.023751 24.209.18.197:3395 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20740 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A90791A  Ack: 0xD7D7E1BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:35.144964 24.209.18.197:3396 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7A91B3D1  Ack: 0xD7620DED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:44.049283 24.209.18.197:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20898 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7ABE0000  Ack: 0xD82AD258  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-12:55:44.136709 24.209.18.197:3435 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20978 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7ABE0000  Ack: 0xD82AD258  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:07.520133 24.209.18.197:1753 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52148 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8B266062  Ack: 0xE95FCCA6  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:11.610580 24.209.18.197:1769 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52305 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8B35C0F5  Ack: 0xE92A9BBD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:15.664687 24.209.18.197:1808 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52478 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8B6108CD  Ack: 0xE93EBF56  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.272597 24.209.18.197:1863 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52587 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8B9C4512  Ack: 0xE9E253E7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.367111 24.209.18.197:1867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52602 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B9F5311  Ack: 0xEA234FB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-14:08:16.469208 24.209.18.197:1873 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BA49491  Ack: 0xE9AACB08  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-14:08:16.597251 24.209.18.197:1883 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52664 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8BAB4891  Ack: 0xE9F4A8B8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.688448 24.209.18.197:1889 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52679 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8BB11795  Ack: 0xEA149D32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:16.770248 24.209.18.197:1894 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:52695 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BB523F7  Ack: 0xE94A2AAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.144810 24.209.18.197:1959 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53021 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF1E961  Ack: 0xEA4A3659  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.291326 24.209.18.197:1965 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53052 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF798F1  Ack: 0xE9F4C4B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.412282 24.209.18.197:1967 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53066 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8BF9AB62  Ack: 0xE9E3B75F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:20.538075 24.209.18.197:1968 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53081 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BFAB96A  Ack: 0xE97D987A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.693868 24.209.18.197:1968 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53380 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BFAB96A  Ack: 0xE97D987A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.775157 24.209.18.197:2041 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53401 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C3C8291  Ack: 0xEA499409  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:23.875742 24.209.18.197:2044 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53420 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8C3F86BD  Ack: 0xE9B8952F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:08:27.161862 24.209.18.197:2093 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53629 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C6E0196  Ack: 0xE9E89381  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:37:19.515536 24.209.133.90:1711 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61373 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2CAEC2E0  Ack: 0x588D5B0E  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:37:19.521458 24.209.133.90:1711 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61374 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2CAEC7CC  Ack: 0x588D5B0E  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:51:57.740458 24.209.133.90:4640 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:339 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x7AAB3576  Ack: 0x8EFDCC87  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-14:51:57.747116 24.209.133.90:4640 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:340 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x7AAB3A62  Ack: 0x8EFDCC87  Win: 0xFC00  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:02.688676 24.99.137.153:2990 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:55725 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1A05C4FC  Ack: 0xE247189C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:05.260270 24.99.137.153:3065 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56046 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1A45F548  Ack: 0xE20098CB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:05.399639 24.99.137.153:3074 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56065 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A4C3356  Ack: 0xE246C098  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:05.538563 24.99.137.153:3080 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56087 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1A50AA72  Ack: 0xE26BAAB5  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:08.710399 24.99.137.153:3087 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56453 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A56FBA3  Ack: 0xE21E3079  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:14:12.107204 24.99.137.153:3291 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56856 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1AFECF7F  Ack: 0xE27094C4  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]