SnortSnarf alert page

Destination: 192.168.1.6: #3601-3700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 13:49:25.144988 on 05/16/2003
Latest: 13:32:18.002461 on 05/17/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:25.144988 24.243.238.248:2984 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:8756 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE085EAD4  Ack: 0xF3AF4C7A  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:28.452263 24.243.238.248:3216 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:9399 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE11645B2  Ack: 0xF3C7A72B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:31.704862 24.243.238.248:3517 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10195 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE1DF103A  Ack: 0xF4EE6CBD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:34.920789 24.243.238.248:3715 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10621 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE26E2483  Ack: 0xF507EA2C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:35.130414 24.243.238.248:3724 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10640 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE2741CB6  Ack: 0xF51750FB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:35.375654 24.243.238.248:3732 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10666 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE27B664E  Ack: 0xF459474C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-13:49:38.620685 24.243.238.248:3916 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11270 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE30CC56B  Ack: 0xF54029E6  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-13:56:55.337943 66.196.65.24:53991 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:32592 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x19E46D77  Ack: 0xFFDB3D5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:51:20.890744 24.127.15.16:3287 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:43184 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA21033AA  Ack: 0xC142B44A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:51:20.897298 24.127.15.16:3287 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:43185 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA210395E  Ack: 0xC142B44A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:54:22.689747 24.209.98.148:3032 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:49035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBF11E1  Ack: 0xCD3F36E4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:54:22.697674 24.209.98.148:3032 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:49036 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DBF1795  Ack: 0xCD3F36E4  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:58:29.746686 24.209.98.148:2324 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:8548 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA624A42B  Ack: 0xDC6757AF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-15:58:29.779947 24.209.98.148:2324 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:8549 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA624A9DF  Ack: 0xDC6757AF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:09:11.470224 24.209.36.194:3140 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:676 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C4C2A18  Ack: 0x4A3A462  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:09:11.496025 24.209.36.194:3140 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:677 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7C4C2FCC  Ack: 0x4A3A462  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:15:36.115402 24.106.135.110:4948 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50568 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x650765CF  Ack: 0x1D002684  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:15:36.191916 24.106.135.110:4948 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65076B83  Ack: 0x1D002684  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:49:21.091268 24.209.36.194:2197 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43A8458C  Ack: 0x9BCC3AA3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-16:49:21.110981 24.209.36.194:2197 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:47891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x43A84B40  Ack: 0x9BCC3AA3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:17:53.126316 24.209.36.194:3334 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39816 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEB0CD3F  Ack: 0x7A9CF63  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:17:53.150555 24.209.36.194:3334 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:39817 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCEB0D2F3  Ack: 0x7A9CF63  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:47:16.861197 24.209.36.194:4224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31004 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59B7F958  Ack: 0x76A1BDDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-17:47:16.888352 24.209.36.194:4224 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:31005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59B7FF0C  Ack: 0x76A1BDDB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:28:16.624189 24.209.196.254:4332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27526 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5ECC45B  Ack: 0x11BD8B78  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:28:16.632299 24.209.196.254:4332 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:27527 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5ECCA0F  Ack: 0x11BD8B78  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:03.457893 24.98.81.16:2242 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47058 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x988E8BF0  Ack: 0x49E1600B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.025343 24.98.81.16:2249 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47072 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x98958EB2  Ack: 0x499BD73F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.177615 24.98.81.16:2251 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47084 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x98977C74  Ack: 0x493FC195  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.328381 24.98.81.16:2257 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47096 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x989C038C  Ack: 0x4A16302A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:04.488741 24.98.81.16:2262 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47108 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x98A03489  Ack: 0x49CABF28  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-18:43:13.657483 24.98.81.16:2438 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47675 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x993E7601  Ack: 0x4A71E35E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-18:43:13.824712 24.98.81.16:2442 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47689 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9941C373  Ack: 0x4A7123AE  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:16.995146 24.98.81.16:2504 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:47876 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x997CBF09  Ack: 0x4A0EAB42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:20.158292 24.98.81.16:2568 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48104 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99B68D20  Ack: 0x4AA6B331  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:23.323271 24.98.81.16:2610 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48225 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99DE14AE  Ack: 0x4AD91666  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:23.466589 24.98.81.16:2613 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E0AEBF  Ack: 0x4AA1BDB0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:26.601461 24.98.81.16:2668 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48398 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9A13F7DE  Ack: 0x4AE35632  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:26.746601 24.98.81.16:2671 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48409 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9A170C04  Ack: 0x4B2A8EDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:26.868268 24.98.81.16:2675 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48414 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9A1B3C93  Ack: 0x4B0371AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:27.053066 24.98.81.16:2676 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48422 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9A1C89F3  Ack: 0x4A927E50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:43:30.241246 24.98.81.16:2724 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9A4CA0BB  Ack: 0x4B7658A8  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:52:05.505742 24.209.196.254:4089 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20305 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8C69435B  Ack: 0x6BFF79EC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-18:52:05.513742 24.209.196.254:4089 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:20306 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8C69490F  Ack: 0x6BFF79EC  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:11:56.871514 24.209.36.194:3434 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48316 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE22A1307  Ack: 0xB7690413  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:11:56.896209 24.209.36.194:3434 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:48317 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE22A18BB  Ack: 0xB7690413  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:15:09.382373 24.209.36.194:3716 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61091 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CCD4C1  Ack: 0xC398341A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:15:09.415066 24.209.36.194:3716 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:61092 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF0CCDA75  Ack: 0xC398341A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:52:46.840695 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FB8BB41  Ack: 0x50D20E8F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-19:52:46.861558 24.209.36.194:2746 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:19893 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9FB8C0F5  Ack: 0x50D20E8F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:01:35.301224 24.209.191.210:3482 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:63540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4815669A  Ack: 0x7175C5DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:01:35.311764 24.209.191.210:3482 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:63541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x48156C4E  Ack: 0x7175C5DD  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:36.388976 24.118.102.148:3004 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:5622 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1CA90B9E  Ack: 0xEB2B9BE2  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:45.568976 24.118.102.148:3561 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:7249 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1E60E767  Ack: 0xEB82EA87  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:55.038139 24.118.102.148:3577 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9081 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E6ED800  Ack: 0xEBEA45AA  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-20:33:55.617967 24.118.102.148:4215 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:9146 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x205C046D  Ack: 0xED72D053  Win: 0xFC00  TcpLen: 20

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/16-20:34:03.630788 24.118.102.148:4919 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:10456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21CC37DA  Ack: 0xEE222963  Win: 0xFC00  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:09:26.286616 24.209.191.210:1518 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:484 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBC1765F  Ack: 0x7219AA8A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:09:26.298946 24.209.191.210:1518 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:485 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBC17C13  Ack: 0x7219AA8A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:30:08.769551 24.209.191.210:1680 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x28E1C2E2  Ack: 0xC061D977  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-21:30:08.776386 24.209.191.210:1680 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31342 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x28E1C896  Ack: 0xC061D977  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-22:07:22.689129 24.209.98.148:4578 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:28303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6C74913  Ack: 0x4D5C9DDF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-22:07:22.718714 24.209.98.148:4578 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:28304 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE6C74EC7  Ack: 0x4D5C9DDF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:25:43.532056 24.244.187.6:4075 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B5191A3  Ack: 0x75B378B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:25:44.110142 24.244.187.6:4075 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4B519757  Ack: 0x75B378B4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:31:26.093867 24.209.36.194:1403 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26981 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39D7FD7B  Ack: 0x8ADAA40D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/16-23:31:26.120649 24.209.36.194:1403 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:26982 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39D8032F  Ack: 0x8ADAA40D  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-00:07:03.244457 66.196.65.24:35979 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:675 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x956A8D4B  Ack: 0x115D583F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-00:24:41.775261 24.209.36.194:2617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10864 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF858CDA  Ack: 0x5400C380  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-00:24:41.800648 24.209.36.194:2617 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:10865 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF85928E  Ack: 0x5400C380  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:19:42.669718 24.218.33.167:4258 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8942866A  Ack: 0x2331DD2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:19:42.677271 24.218.33.167:4258 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:42673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89428C1E  Ack: 0x2331DD2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:28:34.670311 24.209.36.194:1771 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23659 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x907D4FD  Ack: 0x45D5A6D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:28:34.696708 24.209.36.194:1771 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:23660 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x907DAB1  Ack: 0x45D5A6D0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:41:02.550410 24.209.36.194:3514 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64121 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397ABA51  Ack: 0x738203A7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-01:41:05.010099 24.209.36.194:3514 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:64241 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x397AC005  Ack: 0x738203A7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:02:27.328519 24.167.80.155:4174 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:40379 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3FBD0C6  Ack: 0xA88A3442  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:02:27.334372 24.167.80.155:4174 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:40380 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3FBD67A  Ack: 0xA88A3442  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-03:44:47.338364 66.196.73.77:17109 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:17335 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE5451FC0  Ack: 0x48D7C1BF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:53:50.572135 24.209.191.210:2765 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29818 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4809CEFA  Ack: 0x6A3E6F50  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-03:53:50.580649 24.209.191.210:2765 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4809D4AE  Ack: 0x6A3E6F50  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-04:49:26.352275 24.209.191.210:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26566 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A11544  Ack: 0x3D062F82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-04:49:26.360351 24.209.191.210:4897 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26567 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31A11AF8  Ack: 0x3D062F82  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-05:53:38.177891 61.136.148.43:2880 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:53521 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0xCE81E224  Ack: 0x2E86ED19  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-05:53:38.197688 61.136.148.43:2880 -> 192.168.1.6:80
TCP TTL:100 TOS:0x0 ID:53522 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0xCE81E7AA  Ack: 0x2E86ED19  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-06:32:37.652112 66.196.65.24:24793 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:63107 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x66B3F23D  Ack: 0xC1C6FD1F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-06:50:39.590883 24.90.170.180:4318 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51625 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x56E224FE  Ack: 0x59AA552  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-06:50:39.615232 24.90.170.180:4318 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51626 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x56E22AB2  Ack: 0x59AA552  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/17-09:16:32.042422 66.196.65.24:39392 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:132 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x488EEC8F  Ack: 0x2DCDF699  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:32:56.596550 24.209.191.210:3048 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28845 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59D3B5B4  Ack: 0x6AF46D2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:32:56.604125 24.209.191.210:3048 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28846 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x59D3BB68  Ack: 0x6AF46D2E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:36:24.984194 24.209.191.210:2230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38128 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65BB9477  Ack: 0x774CEA6D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-09:36:24.993691 24.209.191.210:2230 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65BB9A2B  Ack: 0x774CEA6D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-10:15:59.644141 24.136.140.127:2589 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51236 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31040EA9  Ack: 0xE73CB1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-10:15:59.653955 24.136.140.127:2589 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51237 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3104145D  Ack: 0xE73CB1A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-12:48:43.158026 24.209.98.148:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B54D4F5  Ack: 0x4F338880  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-12:48:43.167642 24.209.98.148:4366 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:42821 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B54DAA9  Ack: 0x4F338880  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:00:33.828606 24.209.98.148:1257 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:56866 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA160C927  Ack: 0x7BE24ADB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:00:33.848753 24.209.98.148:1257 -> 192.168.1.6:80
TCP TTL:54 TOS:0x0 ID:56867 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA160CEDB  Ack: 0x7BE24ADB  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/17-13:32:18.002461 24.209.36.194:2300 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:30189 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA69E2E4E  Ack: 0xF323A9CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]