SnortSnarf alert page

Destination: 192.168.1.6: #3001-3100

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:14:12.253070 on 05/13/2003
Latest: 18:26:06.505121 on 05/13/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:14:12.253070 24.99.137.153:3294 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56892 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1B01BF5E  Ack: 0xE2AD4BF8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:12.550098 24.99.137.153:3298 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56941 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1B03EAA9  Ack: 0xE27AF4C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:15.688765 24.99.137.153:3387 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57280 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1B5390C0  Ack: 0xE344A766  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:15.827220 24.99.137.153:3392 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57290 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1B58B3E5  Ack: 0xE24EE3FB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:19.162752 24.99.137.153:3504 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57679 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1BB62407  Ack: 0xE2BB7E71  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:19.294326 24.99.137.153:3508 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1BB935B9  Ack: 0xE2DF426D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:31.916935 24.99.137.153:3817 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59094 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1CB7EAB0  Ack: 0xE379A8C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:32.075873 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59111 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D0A8A45  Ack: 0xE45430AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:35.072196 24.99.137.153:3910 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59268 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D0A8A45  Ack: 0xE45430AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:35.200712 24.99.137.153:3982 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59278 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1D4ABA9A  Ack: 0xE520C8AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:14:35.369976 24.99.137.153:3990 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59295 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1D510A1E  Ack: 0xE47AD78E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:28.501102 24.70.71.236:2669 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36714 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3239F058  Ack: 0x12D6421D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:29.307297 24.70.71.236:2688 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:36862 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x324AC3EB  Ack: 0x126FDE9C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:33.048709 24.70.71.236:2824 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:37581 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x32BFBD67  Ack: 0x125EA64D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:36.809533 24.70.71.236:2933 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:38137 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x332215F3  Ack: 0x13013A2C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:26:58.450081 24.70.71.236:3544 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41528 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x35368E4D  Ack: 0x147C9A17  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:26:58.796843 24.70.71.236:3553 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41587 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x353EDEF9  Ack: 0x148C8F6C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:26:59.252610 24.70.71.236:3556 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41639 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x35422E95  Ack: 0x14A28818  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:04.498657 24.209.133.90:4857 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27506 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2D3E128E  Ack: 0x14CFB962  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:04.504401 24.209.133.90:4857 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27507 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2D3E177A  Ack: 0x14CFB962  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:09.063455 24.70.71.236:3837 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43196 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x363B7246  Ack: 0x150E6769  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:09.380239 24.70.71.236:3847 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43245 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x364394CA  Ack: 0x14DDA541  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:09.727357 24.70.71.236:3852 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43299 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36487BFD  Ack: 0x150B9826  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:13.360435 24.70.71.236:3949 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43813 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x369F75D2  Ack: 0x159B841C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:14.246556 24.209.133.90:1113 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28209 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2E08D071  Ack: 0x156A50B5  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:14.252739 24.209.133.90:1113 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28210 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0x2E08D55D  Ack: 0x156A50B5  Win: 0xFC00  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:16.984249 24.70.71.236:4036 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36EB6D6C  Ack: 0x151D7626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:17.307302 24.70.71.236:4048 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44380 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x36F4C138  Ack: 0x14E4352A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:17.664658 24.70.71.236:4054 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44426 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x36FA240C  Ack: 0x15153A97  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:18.004026 24.70.71.236:4061 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44481 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x37010423  Ack: 0x1502A831  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:27:18.341188 24.70.71.236:4078 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44543 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x370FAEBC  Ack: 0x1535FDCC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:08.621256 24.209.39.246:4558 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x684969E0  Ack: 0x2413A04B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.632617 24.209.39.246:4721 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25970 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x68D8B367  Ack: 0x24E08979  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:14.864839 24.209.39.246:4736 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26036 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x68E60208  Ack: 0x244559CF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:24.589683 24.209.39.246:1083 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27648 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69F3D1D0  Ack: 0x24BA73A1  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:25.140682 24.209.39.246:1096 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27735 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x69FD44D4  Ack: 0x24CCC598  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:34.926320 24.209.39.246:1380 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29187 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AF17EC7  Ack: 0x256E0A62  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-15:31:35.326775 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29242 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AFC22CA  Ack: 0x2551BBFC  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:39.433562 24.209.39.246:1505 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29777 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B598E95  Ack: 0x25AAE2FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:43.134004 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B63E0F0  Ack: 0x25E707C9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:46.909486 24.209.39.246:1722 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30896 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C140E28  Ack: 0x2685D7DB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.250603 24.209.39.246:1741 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30965 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C24213E  Ack: 0x26BB6675  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.637571 24.209.39.246:1749 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31030 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C2B6A64  Ack: 0x268A1D2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:47.924133 24.209.39.246:1764 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31092 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C382306  Ack: 0x26AC85E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:51.272408 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31584 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:31:54.451641 24.209.39.246:1856 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8578DE  Ack: 0x272E9420  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:00.387702 24.209.39.246:2136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32926 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6D6F8301  Ack: 0x27458F50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-15:32:09.860716 24.209.39.246:2418 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:34255 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E5FB106  Ack: 0x27FB1EE3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-16:55:12.396566 24.209.196.254:2690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43688 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70ED38BE  Ack: 0x60CBC298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-16:55:12.415964 24.209.196.254:2690 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43689 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70ED3E72  Ack: 0x60CBC298  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:31:02.381535 24.209.98.148:1938 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:63181 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA3FD61FE  Ack: 0xE8F193B0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:31:02.410216 24.209.98.148:1938 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:63182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA3FD67B2  Ack: 0xE8F193B0  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:59:55.336283 24.166.45.37:1782 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:52672 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11D84304  Ack: 0x5582CDA5  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:59:58.907389 24.166.45.37:1835 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53039 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x120BB1E3  Ack: 0x555E2BD2  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-17:59:59.030276 24.166.45.37:1839 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53056 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x12100B18  Ack: 0x562625DD  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:02.325938 24.166.45.37:1881 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53382 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1239E414  Ack: 0x557597BD  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:02.530306 24.166.45.37:1891 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53412 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1242E768  Ack: 0x5628C150  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:00:02.712228 24.166.45.37:1897 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:53436 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1247F510  Ack: 0x55FFA3A0  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:00:11.927410 24.166.45.37:2021 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54286 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x12CA15DF  Ack: 0x56374C37  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:12.022314 24.166.45.37:2024 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54296 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x12CD2286  Ack: 0x567A4D7C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:21.168664 24.166.45.37:2159 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1352A04B  Ack: 0x56AF7B6D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:21.294441 24.166.45.37:2162 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x135593A5  Ack: 0x569B8757  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:21.442213 24.166.45.37:2163 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:55207 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13573B56  Ack: 0x57727554  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:30.638534 24.166.45.37:2290 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56053 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13DAE846  Ack: 0x573145F8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:33.973168 24.166.45.37:2340 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56400 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x140C9C88  Ack: 0x57C47881  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:37.051269 24.166.45.37:2340 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56686 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x140C9C88  Ack: 0x57C47881  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:37.387864 24.166.45.37:2389 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x143F38EF  Ack: 0x5787FFF3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:00:37.655606 24.166.45.37:2398 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:56768 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1446DC76  Ack: 0x57C6744E  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.115121 24.209.39.246:1377 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25024 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1576F5D  Ack: 0xA7114D05  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.326889 24.209.39.246:1387 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25066 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x15F7CDA  Ack: 0xA71B1140  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:40.405184 24.209.39.246:1393 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25082 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16484D5  Ack: 0xA70FBCAE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:47.071120 24.209.39.246:1516 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:25786 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1CDC810  Ack: 0xA75C9104  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:50.363061 24.209.39.246:1605 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26149 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x21B0310  Ack: 0xA7FD7C32  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:53.722210 24.209.39.246:1715 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26618 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x276896F  Ack: 0xA79A4841  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:21:57.084961 24.209.39.246:1838 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2DC86B2  Ack: 0xA7D0619C  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.234171 24.209.39.246:1958 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27070 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x34159A5  Ack: 0xA83566EB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.344308 24.209.39.246:1963 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27094 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x346003E  Ack: 0xA8B71B21  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.429961 24.209.39.246:1969 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34B21C9  Ack: 0xA7CEF783  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.572694 24.209.39.246:1974 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34EA96C  Ack: 0xA8896AC0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:21:57.690117 24.209.39.246:1982 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27154 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x355F75E  Ack: 0xA8AB932E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:01.020199 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:07.552513 24.209.39.246:1986 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28388 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3595CC5  Ack: 0xA8800E79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.221240 24.209.39.246:2388 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4B160A8  Ack: 0xA8A4A544  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:10.303621 24.209.39.246:2394 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28748 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4B74F1B  Ack: 0xA8FC909A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:22:13.558173 24.209.39.246:2501 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29160 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x50E48B1  Ack: 0xA8EDCFB6  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.075308 24.209.18.197:1340 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49905 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x694DF976  Ack: 0xB7070C9D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.219370 24.209.18.197:1344 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49921 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x69513AF3  Ack: 0xB7598C9A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.330559 24.209.18.197:1346 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49934 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6953CC03  Ack: 0xB72E6FDA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.432282 24.209.18.197:1348 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x69553E2A  Ack: 0xB7703BCC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:53.516146 24.209.18.197:1352 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49952 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6958C8AB  Ack: 0xB75CB46B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:25:53.614482 24.209.18.197:1355 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:49959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x695A42D9  Ack: 0xB7C5B60C  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-18:25:58.278915 24.209.18.197:1390 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50138 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x697E49B1  Ack: 0xB7E375B4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:25:58.421533 24.209.18.197:1404 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50159 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x698E4AE7  Ack: 0xB72EF0E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:01.924642 24.209.18.197:1444 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69B965DC  Ack: 0xB7AB2B06  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:02.167945 24.209.18.197:1448 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50361 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69BE0327  Ack: 0xB7F8EA12  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:02.582096 24.209.18.197:1464 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69C9F4A5  Ack: 0xB7B3FB36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.070159 24.209.18.197:1521 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x69FEE71D  Ack: 0xB874F9CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.315114 24.209.18.197:1528 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50692 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A065123  Ack: 0xB881EB26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.398152 24.209.18.197:1533 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50703 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6A0A00A5  Ack: 0xB837DA34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:06.505121 24.209.18.197:1535 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:50712 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6A0BCAF4  Ack: 0xB87F0CA5  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]