SnortSnarf alert page

Destination: 192.168.1.6: #3101-3200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:26:15.397446 on 05/13/2003
Latest: 23:11:18.801982 on 05/13/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:15.397446 24.209.98.148:1962 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6FC9A74  Ack: 0xB839FBD1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:26:15.433578 24.209.98.148:1962 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:12674 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6FCA028  Ack: 0xB839FBD1  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:53:38.361841 24.209.196.254:1434 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:14784 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1BB6DFA7  Ack: 0x20330219  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-18:53:38.384884 24.209.196.254:1434 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:14785 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1BB6E55B  Ack: 0x20330219  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:00.225145 24.28.27.201:1150 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56736 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x3B48DEF9  Ack: 0xD3AA75C2  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:00.668351 24.28.27.201:1160 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:56799 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x3B51C253  Ack: 0xD39DFD7E  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:03.935477 24.28.27.201:1218 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57046 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3B86F752  Ack: 0xD4312968  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:04.223044 24.28.27.201:1228 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57090 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3B8F3C86  Ack: 0xD4BB06EF  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:13.456125 24.28.27.201:1406 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:57922 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C3246A8  Ack: 0xD51E967D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-19:41:16.707081 24.28.27.201:1486 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58272 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3C79E793  Ack: 0xD4A90593  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-19:41:16.935293 24.28.27.201:1489 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58289 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3C7D9D77  Ack: 0xD545BF42  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.137011 24.28.27.201:1564 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58606 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3CBE27B4  Ack: 0xD4D5CB31  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.344363 24.28.27.201:1568 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58624 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CC202A0  Ack: 0xD5931F3B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.524986 24.28.27.201:1577 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58643 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CC95014  Ack: 0xD53F2E0A  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.722041 24.28.27.201:1582 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58676 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CCD6CBF  Ack: 0xD51E08C4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:20.945401 24.28.27.201:1585 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58700 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CD0A4A7  Ack: 0xD53FBEA4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:21.160222 24.28.27.201:1587 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58724 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3CD34343  Ack: 0xD4FC9E8A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:21.349788 24.28.27.201:1592 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58753 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3CD75A5D  Ack: 0xD5AC719D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:24.339012 24.28.27.201:1592 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59054 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3CD75A5D  Ack: 0xD5AC719D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:24.752158 24.28.27.201:1664 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59100 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3D1A576E  Ack: 0xD5B2BF50  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:41:28.030483 24.28.27.201:1759 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59542 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3D6D0778  Ack: 0xD5A42A54  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:55:31.787977 24.209.196.254:2145 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:16693 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x708049D8  Ack: 0x9BF45F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-19:55:31.820199 24.209.196.254:2145 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:16694 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x70804F8C  Ack: 0x9BF45F3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:23:19.556083 24.209.98.148:3226 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14684 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7509CFA2  Ack: 0x7234A3D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:23:19.576479 24.209.98.148:3226 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:14685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7509D556  Ack: 0x7234A3D8  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:09.791414 24.209.39.246:1600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26153 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6A7FF7FE  Ack: 0xC5E43B68  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:11.257048 24.209.39.246:1646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26388 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6AA90114  Ack: 0xC5ABD7F3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:12.585807 24.209.39.246:1687 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26594 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6ACB7660  Ack: 0xC55F641E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:17.273191 24.209.39.246:1820 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:27312 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B40065B  Ack: 0xC58CDBB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:21.951494 24.209.39.246:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28028 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6BA8DDB3  Ack: 0xC641C3E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-20:45:29.809107 24.209.39.246:2063 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29196 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C11B7E4  Ack: 0xC7A32B6D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-20:45:30.969606 24.209.39.246:2185 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29383 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C7CD934  Ack: 0xC7FE827A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:32.126337 24.209.39.246:2224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:29581 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C9B970D  Ack: 0xC7F97CC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:36.588877 24.209.39.246:2331 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30222 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6CF98478  Ack: 0xC84BA9B6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:38.042193 24.209.39.246:2375 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30452 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D1F435D  Ack: 0xC7D29EA8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:39.405210 24.209.39.246:2412 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30666 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6D415C08  Ack: 0xC801A6F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:43.710405 24.209.39.246:2544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6DAD18F9  Ack: 0xC85E47BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:45.161442 24.209.39.246:2582 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31583 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6DCE7D23  Ack: 0xC8341108  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:46.751549 24.209.39.246:2621 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31806 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6DF0BF8A  Ack: 0xC90330DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:48.285280 24.209.39.246:2670 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32049 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6E1B89C6  Ack: 0xC87695B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-20:45:52.620173 24.209.39.246:2705 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:32783 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6E3B939E  Ack: 0xC969DF4E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:02:24.883413 24.209.196.254:4828 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37965 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCE74892B  Ack: 0x7270ED0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:02:24.904107 24.209.196.254:4828 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:37966 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCE748EDF  Ack: 0x7270ED0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:23:29.982133 24.209.196.254:4932 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB6BE4B  Ack: 0x56B9BF90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:23:30.025466 24.209.196.254:4932 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6959 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BB6C3FF  Ack: 0x56B9BF90  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:32:50.995461 24.209.18.197:2851 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8146 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x60E01602  Ack: 0x797C4790  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:32:51.101137 24.209.18.197:2855 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8167 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x60E4DDE6  Ack: 0x79305B8B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:00.464248 24.209.18.197:2969 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8514 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x615BD712  Ack: 0x7A5D8A4D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:09.853453 24.209.18.197:3118 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9017 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x61EBC605  Ack: 0x7B2ABB9F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:09.979757 24.209.18.197:3119 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9029 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x61ED4A1C  Ack: 0x7BA438D5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:33:10.112688 24.209.18.197:3121 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9042 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61EF12F1  Ack: 0x7BA9ED44  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:33:10.213130 24.209.18.197:3127 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9054 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x61F2F0D8  Ack: 0x7BA2D8D4  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:16.843358 24.209.18.197:3188 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9460 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x622ECA64  Ack: 0x7B45C918  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:16.995783 24.209.18.197:3224 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:9474 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x62555A5F  Ack: 0x7BB493C8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.282343 24.209.18.197:3421 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10170 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6305A5AD  Ack: 0x7C7C4808  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.398027 24.209.18.197:3423 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x630802DD  Ack: 0x7BFBB762  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:26.473774 24.209.18.197:3424 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x630910E7  Ack: 0x7BF8E82C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:35.764625 24.209.18.197:3561 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10607 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x638E8C27  Ack: 0x7CF13E67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:38.844491 24.209.18.197:3563 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10734 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63901A11  Ack: 0x7CB13419  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:38.940394 24.209.18.197:3615 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:10739 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x63C33E15  Ack: 0x7CE52832  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:48.248307 24.209.18.197:3777 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11406 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6459F219  Ack: 0x7DCBBDD1  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:57.198975 24.93.48.91:4129 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:42778 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEF7E789C  Ack: 0x7DCA38AC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:33:58.657071 24.93.48.91:4150 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:42925 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEF928113  Ack: 0x7DDF2C3B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:09.081885 24.93.48.91:4278 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43880 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF015EEF3  Ack: 0x7ED6FBC5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:13.293941 24.93.48.91:4332 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44262 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF04F2420  Ack: 0x7F128759  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:14.170805 24.93.48.91:4350 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44351 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF060ABD2  Ack: 0x7F1A4A2D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:34:15.589148 24.93.48.91:4369 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44487 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF070F735  Ack: 0x7EC19EDF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:34:25.640660 24.93.48.91:4496 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45369 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0F66F16  Ack: 0x7F4F547B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:30.000808 24.93.48.91:4557 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45819 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF1340E5E  Ack: 0x802F003B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:34.140878 24.93.48.91:4612 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF16CC2F2  Ack: 0x8050DF26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:35.472110 24.93.48.91:4633 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF17FFE3C  Ack: 0x806C72F3  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:36.600595 24.93.48.91:4644 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46444 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF18CF8FF  Ack: 0x8002E0E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:37.891797 24.93.48.91:4662 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46572 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF19E9E30  Ack: 0x80715670  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:39.129121 24.93.48.91:4686 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46698 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF1B61525  Ack: 0x80C029F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:40.535738 24.93.48.91:4707 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF1CABCB1  Ack: 0x80F375B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:41.463609 24.93.48.91:4722 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46943 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF1DABCAD  Ack: 0x80D2DF48  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:34:42.716071 24.93.48.91:4739 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:47066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF1EB5092  Ack: 0x809156C4  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.211349 24.209.39.246:4557 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11038 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6FFBCD  Ack: 0xC03F03CC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.474149 24.209.39.246:4561 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11070 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x73C1CD  Ack: 0xC0474054  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:39.620873 24.209.39.246:4568 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11096 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x793C95  Ack: 0xC06193C6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:43.328043 24.209.39.246:4668 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11577 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCEA2D8  Ack: 0xC1323FB6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:51:43.848677 24.209.39.246:4683 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:11652 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD9D48D  Ack: 0xC04179C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:51:53.301670 24.209.39.246:1059 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13227 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1FCA14F  Ack: 0xC15484AB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/13-21:51:57.400911 24.209.39.246:1082 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:13887 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20F888B  Ack: 0xC15679F5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.661529 24.209.39.246:1491 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15094 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x365F113  Ack: 0xC1CDB3A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.812035 24.209.39.246:1495 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15109 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3693E13  Ack: 0xC1BDAA6A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:06.976152 24.209.39.246:1503 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15138 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x36FBCB5  Ack: 0xC1CBA026  Win: 0x4470  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:07.525412 24.209.39.246:1513 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x378647E  Ack: 0xC1A95B92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:07.775495 24.209.39.246:1518 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15248 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x37DC65C  Ack: 0xC26B43CC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:11.260803 24.209.39.246:1601 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15613 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C5BBB2  Ack: 0xC212BC52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:11.840948 24.209.39.246:1617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15673 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3D305FE  Ack: 0xC2A1AB24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-21:52:12.598923 24.209.39.246:1635 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15754 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3E25700  Ack: 0xC2557E52  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:01:08.181668 24.225.182.78:3321 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:252 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEE33C93  Ack: 0xE46AAC64  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:01:08.199971 24.225.182.78:3321 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:253 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEEE34247  Ack: 0xE46AAC64  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:26:25.393784 24.231.8.184:3493 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56393 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D7FF06  Ack: 0x44495D6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:26:46.447269 24.231.8.184:3493 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56946 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D7FF06  Ack: 0x44495D6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-22:26:46.629931 24.231.8.184:3493 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:56953 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x76D804BA  Ack: 0x44495D6F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:13.236275 24.245.2.233:2023 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45163 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A26CBA3  Ack: 0xECFC7E2F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:18.074552 24.245.2.233:2144 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45756 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2A90F8FB  Ack: 0xED1FFA42  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/13-23:11:18.801982 24.245.2.233:2162 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45844 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2AA205F8  Ack: 0xED08B33C  Win: 0xFAF0  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]