SnortSnarf alert page

Destination: 192.168.1.6: #3401-3500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 15:30:20.153723 on 05/15/2003
Latest: 23:15:34.844446 on 05/15/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:20.153723 24.99.136.16:1778 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:54692 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAA58C9CC  Ack: 0x9FD003FF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:33.260149 24.99.136.16:2810 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57215 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAD88CDB2  Ack: 0xA0657F8D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:37.369635 24.99.136.16:3181 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57931 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAEAF7776  Ack: 0xA07B786D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-15:30:37.927826 24.99.136.16:3198 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58012 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAEBDFFAA  Ack: 0xA0D4C898  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-15:30:38.591502 24.99.136.16:3226 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58106 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAED54692  Ack: 0xA1043A58  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:48.492284 24.99.136.16:3770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:59662 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB08B423B  Ack: 0xA1387BC5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:30:58.715315 24.99.136.16:4301 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61447 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB22A2C6C  Ack: 0xA1E545D8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:02.384414 24.99.136.16:4614 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:62272 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB31C71E7  Ack: 0xA23DC69B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:12.422018 24.99.136.16:1542 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB5E0100B  Ack: 0xA2E12363  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:13.065901 24.99.136.16:1561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64280 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB5F13769  Ack: 0xA290D48A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:16.560733 24.99.136.16:1594 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:64895 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB60D6B99  Ack: 0xA3584A1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:20.031115 24.99.136.16:1947 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:65480 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB72C1A0D  Ack: 0xA36AF950  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-15:31:20.690957 24.99.136.16:1969 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB73CDACC  Ack: 0xA31FAA51  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:18.110375 24.30.227.136:4126 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:30849 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x15FA99B3  Ack: 0xB893BBFF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:24.680213 24.30.227.136:4318 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31721 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x16A203F2  Ack: 0xB920E51E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:25.370646 24.30.227.136:4330 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31804 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16AD9E23  Ack: 0xB8B3483A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:26.121091 24.30.227.136:4355 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:31910 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x16C45E6F  Ack: 0xB8E0D66C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:26.831234 24.30.227.136:4377 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32008 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x16D8030B  Ack: 0xB8A6862B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-17:52:27.488360 24.30.227.136:4392 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32093 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x16E4F0F9  Ack: 0xB9489C8E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-17:52:31.674558 24.30.227.136:4517 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32663 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x175216A3  Ack: 0xB9946608  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:32.150053 24.30.227.136:4533 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:32750 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x17601078  Ack: 0xB9ABAD0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:42.494568 24.30.227.136:4848 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34145 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x186AB585  Ack: 0xB9B62F2F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:55.642345 24.30.227.136:3153 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:35952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x196DAE82  Ack: 0xBA196E88  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:52:56.388419 24.30.227.136:3261 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36070 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x19CC115F  Ack: 0xBAC9FC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:00.435643 24.30.227.136:3380 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36643 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1A30D569  Ack: 0xBAC3CC40  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:01.182685 24.30.227.136:3407 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36759 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1A4674B8  Ack: 0xBB7667F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:01.926359 24.30.227.136:3434 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36857 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A5C1A5C  Ack: 0xBB7AFFEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:04.847634 24.30.227.136:3434 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37322 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1A5C1A5C  Ack: 0xBB7AFFEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:05.634262 24.30.227.136:3566 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37413 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x1ACDEF59  Ack: 0xBB376497  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:06.291726 24.30.227.136:3586 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37494 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1ADDB51B  Ack: 0xBBC1BB2B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:15.706798 24.168.247.208:3137 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42466 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AA28AF2  Ack: 0xBBE35CAE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-17:53:15.713164 24.168.247.208:3137 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42467 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3AA290A6  Ack: 0xBBE35CAE  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:37.461402 24.125.85.187:2698 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36501 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x74EF04F7  Ack: 0xCCF4C7BB  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:38.172969 24.125.85.187:2773 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36667 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x75286EA1  Ack: 0xCD4AB703  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:38.765632 24.125.85.187:2792 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36752 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x75373936  Ack: 0xCD8B132E  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:39.078135 24.125.85.187:2819 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36830 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x754EC2AE  Ack: 0xCD141342  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:39.438122 24.125.85.187:2837 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36885 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x755DC6F3  Ack: 0xCCE1ED6B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:13:39.855507 24.125.85.187:2857 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:36938 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x756D5E12  Ack: 0xCD6B9F41  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:13:40.306316 24.125.85.187:2868 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37058 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x75764CA9  Ack: 0xCD2638E4  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:49.742967 24.125.85.187:3344 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38405 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x76EEC2E8  Ack: 0xCD8B06A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:50.046873 24.125.85.187:3364 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:38440 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x76FE9EAC  Ack: 0xCD6F34F5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:53.389878 24.125.85.187:3546 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39013 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77920E61  Ack: 0xCDA59044  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:53.700628 24.125.85.187:3562 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39051 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x779F1C15  Ack: 0xCDBED300  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:54.288278 24.125.85.187:3576 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39121 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x77AB16F2  Ack: 0xCE24C6B0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:13:55.004543 24.125.85.187:3607 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:39210 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x77C30B84  Ack: 0xCE4A36B1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:14:05.557065 24.125.85.187:4205 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41120 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x79988F92  Ack: 0xCE70A905  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:14:05.774675 24.125.85.187:4209 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41163 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x799BCBEC  Ack: 0xCF13F53E  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:22.441753 24.209.36.194:4107 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48169 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89C9D409  Ack: 0x20731CF1  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:23.292533 24.209.36.194:4132 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48285 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x89E09D17  Ack: 0x20F4DBEC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:23.566114 24.209.36.194:4153 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48345 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x89F2ACDE  Ack: 0x2107E6AC  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:24.022614 24.209.36.194:4163 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48412 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x89FAC05C  Ack: 0x20CBF0F0  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:24.972540 24.209.36.194:4186 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48559 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A0F1BD5  Ack: 0x209B08C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:35:29.083461 24.209.36.194:4308 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49106 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A7AA66C  Ack: 0x21036F14  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-20:35:30.486949 24.209.36.194:4333 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:49268 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x8A924666  Ack: 0x21CCC914  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.188580 24.209.36.194:4502 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50056 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x8B227A8E  Ack: 0x2116AB27  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.432627 24.209.36.194:4510 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50103 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B29A572  Ack: 0x2139DC12  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:34.596893 24.209.36.194:4520 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50143 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B31DE67  Ack: 0x21E73928  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.364442 24.209.36.194:4638 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50704 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B9858CE  Ack: 0x22096F5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.670534 24.209.36.194:4646 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50752 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8B9F16AA  Ack: 0x215BAB56  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.819186 24.209.36.194:4653 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50777 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8BA5270A  Ack: 0x222E6858  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:38.921393 24.209.36.194:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:50792 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BA87271  Ack: 0x22401E1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:41.961835 24.209.36.194:4656 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51216 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8BA87271  Ack: 0x22401E1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:42.244048 24.209.36.194:4752 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51256 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BFDB097  Ack: 0x21D9DCD0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-20:35:42.573752 24.209.36.194:4765 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:51301 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C083C84  Ack: 0x228690FF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-21:05:00.180370 24.126.134.104:4545 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:4698 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB19A6FBB  Ack: 0x8F96F615  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-21:05:00.220030 24.126.134.104:4545 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:4699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB19A756F  Ack: 0x8F96F615  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:06:54.986507 24.199.188.226:3700 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58218 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDF2070A1  Ack: 0x7963A408  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:06:57.940688 24.199.188.226:3700 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:58633 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDF2070A1  Ack: 0x7963A408  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:03.217989 24.199.188.226:4013 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59401 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE02B40EB  Ack: 0x79915D96  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:03.680486 24.199.188.226:4032 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:59474 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE03ABCA0  Ack: 0x79B07E2E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:13.242540 24.199.188.226:4379 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:60672 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE15E0E29  Ack: 0x7A1F9B3B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:16.758616 24.199.188.226:4505 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE1C7C58B  Ack: 0x7A9DEF57  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-22:07:23.378864 24.199.188.226:4610 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:61744 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE221E86D  Ack: 0x7B1112EE  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-22:07:27.088411 24.199.188.226:4842 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:62248 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE2E828D4  Ack: 0x7AE55790  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:27.447402 24.199.188.226:4853 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:62291 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE2F0E8E9  Ack: 0x7B65BEA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:36.912447 24.199.188.226:3216 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63612 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4293903  Ack: 0x7C021E25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:37.166872 24.199.188.226:3221 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE42E4EEB  Ack: 0x7C0F1DE1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:37.400551 24.199.188.226:3224 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63656 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4318F7F  Ack: 0x7C55BF20  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:40.905042 24.199.188.226:3363 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64169 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE4A882D6  Ack: 0x7B9BFB82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.084581 24.199.188.226:3371 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64195 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE4AEF74F  Ack: 0x7C0D74F5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.293849 24.199.188.226:3378 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64216 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4B432B4  Ack: 0x7C78E531  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.515359 24.199.188.226:3385 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64251 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE4BAB44D  Ack: 0x7C1B21F0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:41.748614 24.199.188.226:3396 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64282 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4C37CBC  Ack: 0x7C2B51F6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:07:44.857317 24.199.188.226:3396 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:64544 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4C37CBC  Ack: 0x7C2B51F6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:52:02.072438 24.158.157.34:3072 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25329 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FC59E99  Ack: 0x24E3AAAC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-22:52:02.168913 24.158.157.34:3072 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:25330 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FC5A44D  Ack: 0x24E3AAAC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:05.846421 24.209.42.242:3176 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18089 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6353890D  Ack: 0x7B8A64DF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:06.144917 24.209.42.242:3183 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18109 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x63590028  Ack: 0x7B0E2564  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:09.311796 24.209.42.242:3292 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:18383 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x63B522DA  Ack: 0x7BB11D70  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:18.391081 24.209.42.242:3597 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19310 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x64B76898  Ack: 0x7C856697  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:18.574294 24.209.42.242:3600 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19344 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x64BA32BD  Ack: 0x7BD81A1D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-23:15:21.649842 24.209.42.242:3681 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19614 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65038933  Ack: 0x7C29B4B6  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/15-23:15:21.785283 24.209.42.242:3682 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19624 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6504BF07  Ack: 0x7C3034D6  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:25.001692 24.209.42.242:3785 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19859 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x65587511  Ack: 0x7C118628  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:25.113253 24.209.42.242:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19874 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x655BFB2F  Ack: 0x7C9EEB61  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:25.264494 24.209.42.242:3792 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19908 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x655F3B0E  Ack: 0x7C9AFAA0  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:28.414076 24.209.42.242:3901 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20204 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65BAE6BC  Ack: 0x7C479D90  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:31.536464 24.209.42.242:3983 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20486 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x66028730  Ack: 0x7CDF4251  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:34.661645 24.209.42.242:4100 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20789 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6660A626  Ack: 0x7CF67FED  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/15-23:15:34.844446 24.209.42.242:4104 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20814 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6663F7F9  Ack: 0x7D495F67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]