SnortSnarf alert page

Destination: 192.168.1.6: #401-500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 21:48:56.792523 on 04/23/2003
Latest: 17:50:10.220636 on 04/24/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-21:48:56.792523 216.39.48.104:43250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51906 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7F814758  Ack: 0xBCFD9DDC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381848996 707082483 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-22:56:28.691664 216.39.48.64:38051 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10542 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7D30EABD  Ack: 0xBBB6BDFB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382256029 709157747 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-22:56:30.050459 66.196.65.24:1421 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:39029 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8C3F1C86  Ack: 0xBB8F3552  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:47.159677 24.91.103.152:3919 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:27498 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE97652B3  Ack: 0xEE71E54F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:51.521952 24.91.103.152:4208 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:28561 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEA59564C  Ack: 0xEF07830C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:52.092041 24.91.103.152:4252 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:28688 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEA7B324D  Ack: 0xEE80FDDF  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:52.803518 24.91.103.152:4283 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:28866 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEA954235  Ack: 0xEEBA8851  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:09:56.971282 24.91.103.152:4546 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29782 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB603FD9  Ack: 0xEEFEC3FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:10:00.730756 24.91.103.152:1060 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30704 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC315452  Ack: 0xEEF41532  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:10:01.149570 24.91.103.152:1082 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30792 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC421AF2  Ack: 0xEEEC3615  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:01.783822 24.91.103.152:1110 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30932 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEC5966D3  Ack: 0xEFA41EAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:02.250242 24.91.103.152:1139 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31030 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC702533  Ack: 0xEF26FDF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:06.402804 24.91.103.152:1363 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31867 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED1C96E4  Ack: 0xEFE4E58A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:07.000552 24.91.103.152:1408 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31998 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED409F6D  Ack: 0xF0182C0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:07.524208 24.91.103.152:1434 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32117 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED568040  Ack: 0xEF7A75A4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:10.998507 24.91.103.152:1697 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32953 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEE286853  Ack: 0xEFFD28B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:14.246625 24.91.103.152:1697 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34242 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEE286853  Ack: 0xEFFD28B7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:14.590339 24.91.103.152:1910 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34337 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEED26AF5  Ack: 0xEFE5F11C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:17.900872 24.91.103.152:1910 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEED26AF5  Ack: 0xEFE5F11C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:18.429440 24.91.103.152:2115 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35095 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEF729643  Ack: 0xF07F56C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/23-23:10:19.155748 24.91.103.152:2173 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF9FC7BB  Ack: 0xF0820A32  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:11:28.357060 216.39.48.114:39504 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17170 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6906B3D  Ack: 0xF41943E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382347321 709618531 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:25:12.325691 216.39.48.114:59691 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:37039 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE9EBF95C  Ack: 0x28F86164  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382429699 710040544 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1] 
04/23-23:37:18.106691 207.44.188.21:80 -> 192.168.1.6:56801
TCP TTL:44 TOS:0x0 ID:45753 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB0094343  Ack: 0x55DD6236  Win: 0x16A0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1476522485 710412278

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:40:56.024526 216.39.48.84:47165 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:8575 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2528E8CD  Ack: 0x639427D3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382519742 710523880 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/23-23:41:30.558584 216.39.48.33:44362 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18345 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x27B4DC82  Ack: 0x666B6851  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373267254 710541549 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:23:28.640398 216.39.48.54:36458 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39393 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA995AEB7  Ack: 0xE76A0CE2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383137655 713675069 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:22.239342 24.47.19.144:3380 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16124 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x94EF6B18  Ack: 0x4D2F66EB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:25.399084 24.47.19.144:3433 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16386 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x951AD7CB  Ack: 0x4CD3C5EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:27.593107 24.47.19.144:3513 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16608 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x955BA593  Ack: 0x4D28B93E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:30.200448 24.47.19.144:3574 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:16802 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x958B4C48  Ack: 0x4DCDA88A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:33.068810 24.47.19.144:3646 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17007 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x95C8971B  Ack: 0x4D81DA26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:50:38.904755 24.47.19.144:3828 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17580 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96556AAD  Ack: 0x4D9F276D  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-01:50:41.070089 24.47.19.144:3909 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:17826 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9693062F  Ack: 0x4DFF52D8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:43.212773 24.47.19.144:3981 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18008 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x96CA9CA8  Ack: 0x4E4FB0DF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:45.241789 24.47.19.144:4036 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18202 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96FA6DA5  Ack: 0x4E02F28A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:50:58.067820 24.47.19.144:4370 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19377 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x980FEE11  Ack: 0x4F2F2488  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:01.085013 24.47.19.144:4467 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:19646 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x985BC59C  Ack: 0x4FA96EDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:13.365450 24.47.19.144:4874 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20733 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9974FD14  Ack: 0x50322E49  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:15.572476 24.47.19.144:1033 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20922 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x99BAFE3B  Ack: 0x5006C169  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:17.768184 24.47.19.144:1079 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21099 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x99E1C574  Ack: 0x50145466  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:20.492354 24.47.19.144:1147 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21323 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9A126BF7  Ack: 0x4FF2D9BE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-01:51:22.292234 24.47.19.144:1209 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21492 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9A490C6F  Ack: 0x50B03DCF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:07:34.363467 209.237.238.158:1053 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:8554 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x4A40C472  Ack: 0x8E37F4FA  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 643326236 715030135 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:15:15.880624 66.196.65.24:9856 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:35521 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x60830C38  Ack: 0xAB335E93  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-02:51:14.634276 216.39.48.94:35170 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34382 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF380D46C  Ack: 0x32C7E994  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383668789 716372155 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-03:14:28.098531 216.39.48.13:60847 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:16665 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x4C1034D0  Ack: 0x8A8D847C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383809000 717085839 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-03:26:45.280260 216.39.48.84:40062 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:63559 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7A888D5B  Ack: 0xB91F3C8C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383874350 717463405 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:00:45.307601 216.39.48.64:55433 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:51605 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFACA54F1  Ack: 0x39652D87  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384081264 718508257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-04:22:07.605907 24.198.198.27:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE77A22CC  Ack: 0x8A57C593  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-04:22:07.626130 24.198.198.27:1110 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE77A2880  Ack: 0x8A57C593  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:43:30.154015 216.39.48.54:32878 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:15544 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9C4FBAD4  Ack: 0xDB533000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384337524 719821889 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-04:59:00.424097 216.39.48.114:51498 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34865 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD66C7F8D  Ack: 0x16046B88  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384432048 720298355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-05:42:31.397345 216.39.48.94:55974 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3986 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7BBCF00E  Ack: 0xBA0F8DBF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384696237 721635609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-05:43:04.558668 216.39.48.104:52545 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:47546 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7C944AE3  Ack: 0xBC4B4482  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384693095 721652605 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-06:31:06.488215 216.39.48.64:40123 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:29101 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x323811DE  Ack: 0x71142B41  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 384983171 723128645 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:08:53.010421 216.39.48.54:45691 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3631 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xC1D0DADC  Ack: 0x23282E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385209604 724289485 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:21:49.795947 216.39.48.33:51817 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19733 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF153F200  Ack: 0x309C1C9A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 376028409 724687338 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:26:17.838365 216.39.48.44:38680 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:9987 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x2FE8064  Ack: 0x4226711D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 375957367 724824582 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-07:38:39.379503 216.39.48.13:32990 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10947 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x311C8EA3  Ack: 0x716AEE06  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385393779 725204399 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:05:22.647669 216.39.48.114:52936 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4693 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x95DF14FD  Ack: 0xD5940BA9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385550013 726025557 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:24:54.242467 216.39.48.84:55188 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:28685 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDFD9CF56  Ack: 0x1F48CF30  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385662826 726625623 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1881:4] WEB-MISC bad HTTP/1.1 request, Potentially worm attack [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-08:28:49.547817 206.98.253.78:48529 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:49402 IpLen:20 DgmLen:70 DF
***AP*** Seq: 0xFA0519D4  Ack: 0x2DB9EA56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 60423675 726745400 
[Xref => http://securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:39:59.766304 216.39.48.64:44534 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:48040 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDE2E93CF  Ack: 0x1D898D1D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386476149 730777035 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:40:23.038539 216.39.48.44:51387 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19227 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xDF82202F  Ack: 0x1EF92435  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 377121604 730788953 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:41:10.690929 216.39.48.74:54397 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52463 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE27DF73B  Ack: 0x2210AB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386481126 730813355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-10:41:11.110485 216.39.48.74:54397 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52464 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE27DF73B  Ack: 0x2210AB49  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386481168 730813355 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:12:43.759570 216.39.48.13:41447 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18000 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x597C7AED  Ack: 0x99665628  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386677935 731782933 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:16:49.680024 216.39.48.114:58749 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:4197 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x69879CA7  Ack: 0xA95CDE98  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386698452 731908879 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-11:21:41.496436 216.39.48.84:48327 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:24093 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x7B66B3C2  Ack: 0xBBDA1741  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386723303 732058348 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-12:12:00.609383 216.39.48.84:51386 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60785 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x397A6586  Ack: 0x789E4C1B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387025143 733604649 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-12:21:36.499772 216.39.48.24:55213 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:40991 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x5D5F0FD9  Ack: 0x9CEDFC56  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 369078228 733899591 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-12:56:27.082274 216.39.48.104:37926 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:48054 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE152259D  Ack: 0x20CF648F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387292726 734970332 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:18:38.165198 216.39.48.84:49075 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:52120 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x3519698F  Ack: 0x7504998C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387424805 735652080 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:22:04.986577 66.196.65.24:15216 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:61476 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x59D79A65  Ack: 0x82C5B0A5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:32:06.063119 216.39.48.84:41393 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:3829 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x67C1D369  Ack: 0xA8C32B3E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387505576 736065863 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-13:54:29.268173 216.39.48.74:38288 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:53153 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xBC2022EB  Ack: 0xFCD12124  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387640707 736753812 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-14:07:02.543059 216.39.48.64:34116 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:19279 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xEBE750A5  Ack: 0x2B569C31  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 387718136 737139609 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-16:25:55.157190 216.39.48.74:48215 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:39298 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xF88A50E9  Ack: 0x38A15965  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388549079 741407079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-16:29:03.153364 216.39.48.207:46748 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45067 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0x436A250  Ack: 0x431E668D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 65671765 741503615 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:16:22.295578 216.39.48.114:39269 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:25024 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB6FC141D  Ack: 0xF7501AF8  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 388855217 742957737 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:21:52.706454 24.236.70.2:3763 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15469 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4C9DE4FF  Ack: 0xC9E76C5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:02.759568 24.236.70.2:3898 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15792 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x4D2AE332  Ack: 0xCE17ED9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:06.285451 24.236.70.2:3943 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:15915 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4D5ADE09  Ack: 0xD2AF2B9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:09.795852 24.236.70.2:4009 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16112 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4D979C7D  Ack: 0xD0B52A4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:10.080713 24.236.70.2:4010 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16122 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4D992B3B  Ack: 0xDE23AFE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:22:10.405371 24.236.70.2:4016 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16137 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4D9E3332  Ack: 0xDEF1523  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:22:13.940300 24.236.70.2:4057 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16226 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4DCA52EC  Ack: 0xD319676  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:14.202127 24.236.70.2:4066 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16242 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4DD16A95  Ack: 0xD97BE14  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:17.698779 24.236.70.2:4108 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16330 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4DFF07A7  Ack: 0xD88982D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:20.889033 24.236.70.2:4111 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16420 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4E0263D5  Ack: 0xDCCFFFD  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:24.724027 24.236.70.2:4190 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16512 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4E565124  Ack: 0xE5225BB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:27.992194 24.236.70.2:4229 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16593 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4E7FFD7C  Ack: 0xE90F5FC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:28.259059 24.236.70.2:4233 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16608 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4E83BF39  Ack: 0xE7C8E36  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:28.523313 24.236.70.2:4235 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16618 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4E863EBE  Ack: 0xE607B44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:28.782924 24.236.70.2:4238 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16631 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4E8A773F  Ack: 0xEA5DA31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:32.260388 24.236.70.2:4283 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16728 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4EB50718  Ack: 0xEF6CECA  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:22:35.221633 24.236.70.2:4283 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:16794 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4EB50718  Ack: 0xEF6CECA  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/24-17:44:02.868821 216.39.48.207:42732 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61399 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0x1F710047  Ack: 0x6015A927  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66121634 743808236 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/24-17:50:10.220636 24.29.173.81:1854 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:15217 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x89F63F48  Ack: 0x765833DA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]