SnortSnarf alert page

Destination: 192.168.1.6: #4201-4300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 18:14:29.576838 on 05/20/2003
Latest: 13:40:25.835940 on 05/21/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:29.576838 24.209.40.219:1449 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45241 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEE07F8E9  Ack: 0xDCF98C6D  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:29.797481 24.209.40.219:1453 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45276 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEE0B728F  Ack: 0xDD1FBF6D  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:32.907476 24.209.40.219:1597 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:45964 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEE808A6E  Ack: 0xDD07C779  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:42.087677 24.209.40.219:1931 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47567 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF92577E  Ack: 0xDDCE74AD  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:14:42.254910 24.209.40.219:1934 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:47592 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEF9572C0  Ack: 0xDD8343BF  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-18:14:51.454130 24.209.40.219:2274 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49164 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF0B065D4  Ack: 0xDEB3D1C8  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:14:51.589205 24.209.40.219:2277 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49181 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF0B3206D  Ack: 0xDDEB9A3D  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:00.805385 24.209.40.219:2513 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50328 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1843F95  Ack: 0xDF2C54E1  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:00.942874 24.209.40.219:2519 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50357 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF18956DF  Ack: 0xDEE0C54B  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:04.133062 24.209.40.219:2616 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:50741 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF1D802DA  Ack: 0xDF42D1C3  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.128167 24.209.40.219:2706 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51633 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF224A287  Ack: 0xDF316EF4  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.217301 24.209.40.219:2799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51644 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF2717904  Ack: 0xDF4EA88B  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.340137 24.209.40.219:2801 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF2739C0E  Ack: 0xDF600334  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.465931 24.209.40.219:2807 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51699 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF27831D5  Ack: 0xDF15E97B  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-18:15:10.646729 24.209.40.219:2813 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:51739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF27DB65B  Ack: 0xDFA930CD  Win: 0xFFFF  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:07.710819 24.209.40.219:2721 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36173 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8329B22  Ack: 0x9BCC83FC  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:09.405470 24.209.40.219:2799 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36477 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8724A09  Ack: 0x9C9C71F1  Win: 0xFFFF  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:11.321205 24.209.40.219:2858 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36790 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8A397E2  Ack: 0x9CBA6082  Win: 0xFFFF  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:13.098376 24.209.40.219:2935 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37087 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8E30EE2  Ack: 0x9CD09E51  Win: 0xFFFF  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:14.701615 24.209.40.219:3011 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37371 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9225EFB  Ack: 0x9CA7BC95  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-19:05:16.467036 24.209.40.219:3073 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37671 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95668B8  Ack: 0x9C6582B9  Win: 0xFFFF  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/20-19:05:18.199184 24.209.40.219:3135 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:37959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x987793E  Ack: 0x9C957F7F  Win: 0xFFFF  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:28.622848 24.209.40.219:3579 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39759 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xAF04A51  Ack: 0x9DCA95E7  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:30.370817 24.209.40.219:3628 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40012 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB19E67F  Ack: 0x9DCF8C6C  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:40.799383 24.209.40.219:4058 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:41856 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xC755432  Ack: 0x9DC7FEE4  Win: 0xFFFF  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:42.309842 24.209.40.219:4132 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42107 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCB08714  Ack: 0x9E419F84  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:43.641885 24.209.40.219:4196 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42370 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xCE475C8  Ack: 0x9E804DCB  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:45.260412 24.209.40.219:4237 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42607 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD07CD79  Ack: 0x9E0A84F5  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:47.064669 24.209.40.219:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:42925 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD46F516  Ack: 0x9E94EB54  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:49.837381 24.209.40.219:4313 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43389 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD46F516  Ack: 0x9E94EB54  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:05:52.051888 24.209.40.219:4509 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:43728 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDE15292  Ack: 0x9F286788  Win: 0xFFFF  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-19:06:02.930115 24.209.40.219:1118 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:54979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF3C9666  Ack: 0x9EF0C448  Win: 0xFFFF  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-20:16:45.647915 24.118.109.209:1263 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39986 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3FADA1A4  Ack: 0xAAB984A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-20:16:45.658642 24.118.109.209:1263 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39987 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3FADA758  Ack: 0xAAB984A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-20:16:48.639909 24.118.109.209:1263 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40292 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3FADA1A4  Ack: 0xAAB984A6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-22:02:01.138734 24.209.113.11:2566 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51344 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD19E2A  Ack: 0x38705357  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/20-22:02:01.161101 24.209.113.11:2566 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:51345 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD1A3DE  Ack: 0x38705357  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-01:06:26.117938 24.209.113.11:4265 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24671 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF138673  Ack: 0xF037F8F2  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-01:06:26.138178 24.209.113.11:4265 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFF138C27  Ack: 0xF037F8F2  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:21.508753 24.150.202.37:2349 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:29768 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1DB248EA  Ack: 0x4961BF29  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:25.265558 24.150.202.37:2413 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30825 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1DE5D0D3  Ack: 0x48E9E43B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:25.513009 24.150.202.37:2672 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:30900 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1EB28B80  Ack: 0x492DC780  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:28.757216 24.150.202.37:2687 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:31936 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1EBE92BC  Ack: 0x49B3E35B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:28.992214 24.150.202.37:2944 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:32016 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1F881039  Ack: 0x49D3F618  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:31.956795 24.150.202.37:2944 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:32846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1F881039  Ack: 0x49D3F618  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:45:32.405203 24.150.202.37:3208 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:32979 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20516B17  Ack: 0x4A174464  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:45:35.957340 24.150.202.37:3462 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:33930 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2114C8B1  Ack: 0x49C8D25A  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:42.200173 24.150.202.37:3754 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:35755 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x21F8F8B9  Ack: 0x4A6F5392  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:46.156863 24.150.202.37:4010 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:36960 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22C01B9E  Ack: 0x4A15BDD4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:52.828077 24.150.202.37:4657 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39006 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x249AF1D0  Ack: 0x4B3EFEBC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:53.127729 24.150.202.37:1037 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39100 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x256945A6  Ack: 0x4ABAD468  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:53.463468 24.150.202.37:1060 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x257BD713  Ack: 0x4BA93A2E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:45:53.880170 24.150.202.37:1097 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39329 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x25973120  Ack: 0x4B6730BD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:46:00.405883 24.150.202.37:1378 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41201 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x267475DA  Ack: 0x4BCDC312  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:46:00.723914 24.150.202.37:1637 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41285 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x273A44CE  Ack: 0x4BE514A9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:51.651209 24.174.223.212:2597 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29107 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDF464A7A  Ack: 0x782043BD  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:55.585816 24.174.223.212:2644 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29410 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDF784C67  Ack: 0x781E0DD7  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:55.949390 24.174.223.212:2655 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29457 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF8228A0  Ack: 0x780030AC  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:57:59.680794 24.174.223.212:2701 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29760 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDFB1D8FE  Ack: 0x78950737  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:00.506336 24.174.223.212:2707 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29823 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFB8EBDB  Ack: 0x78602427  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:58:04.396850 24.174.223.212:2760 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30116 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDFED08C4  Ack: 0x78ABD2C6  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-03:58:07.916720 24.174.223.212:2772 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30411 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDFF87FF9  Ack: 0x7936E973  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:08.586944 24.174.223.212:2823 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30480 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE02AA25D  Ack: 0x78DDFBB1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:09.232352 24.174.223.212:2831 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30541 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE033498C  Ack: 0x78BF2670  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:09.923146 24.174.223.212:2839 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30592 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE03B25DA  Ack: 0x79645321  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:10.674924 24.174.223.212:2846 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30648 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE0437CE8  Ack: 0x7904EF15  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:11.333665 24.174.223.212:2856 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:30705 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE04B81BB  Ack: 0x78C8E0D2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:21.351734 24.174.223.212:2974 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31422 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE0C0D8F2  Ack: 0x7990E361  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:22.353997 24.174.223.212:2992 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31499 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE0D152DB  Ack: 0x79983856  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:23.279440 24.174.223.212:3006 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31562 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE0DFD7FB  Ack: 0x79B09A57  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-03:58:23.925086 24.174.223.212:3016 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:31615 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE0EAF262  Ack: 0x79912D93  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-07:40:43.265016 24.150.72.168:1541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:1084 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED26012E  Ack: 0xC2B0B6A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-07:40:43.295456 24.150.72.168:1541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:1085 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xED2606E2  Ack: 0xC2B0B6A9  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-09:21:13.059429 24.74.111.19:3282 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43599 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB504AD8  Ack: 0x3DE2999F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-09:21:13.066171 24.74.111.19:3282 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43600 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB50508C  Ack: 0x3DE2999F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:09.205232 24.126.254.13:1657 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:29515 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x391C77EE  Ack: 0x9547483D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:17.607737 24.126.254.13:1867 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30319 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x39D704F7  Ack: 0x95764EFC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:19.792071 24.126.254.13:1928 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:30548 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3A09DE31  Ack: 0x95AF7AF0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:25.989516 24.126.254.13:2077 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31142 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x3A86BBC4  Ack: 0x9634C4DA  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:28.082909 24.126.254.13:2153 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31372 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3AC6E83D  Ack: 0x95DD2B18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-10:52:32.920443 24.126.254.13:2312 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31982 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3B4DDABB  Ack: 0x96840785  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-10:52:35.088771 24.126.254.13:2360 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32235 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3B78DA0D  Ack: 0x96B32FA0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:36.311809 24.126.254.13:2419 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32377 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x3BABABC7  Ack: 0x96A98941  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:38.438555 24.126.254.13:2457 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32583 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3BC9D019  Ack: 0x96E4DBDB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:43.663227 24.126.254.13:2587 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33090 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3C4047A9  Ack: 0x96B701E7  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:49.210164 24.126.254.13:2726 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33629 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CB90873  Ack: 0x9743EF79  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:54.340540 24.126.254.13:2797 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34189 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3CF87FFC  Ack: 0x97EDD721  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:56.393847 24.126.254.13:2932 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34396 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3D72E457  Ack: 0x981F582C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:52:57.673378 24.126.254.13:2987 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34546 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3DA057D1  Ack: 0x9847F234  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:53:00.741978 24.126.254.13:2987 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34847 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3DA057D1  Ack: 0x9847F234  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:53:02.366671 24.126.254.13:3104 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35041 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3E06C5E3  Ack: 0x980AB9DC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-10:53:13.953010 24.126.254.13:3389 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:36153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3F031571  Ack: 0x98C97F34  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:06:27.258470 24.34.44.131:1584 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:20901 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA02A5143  Ack: 0x91B495BD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:06:28.545724 24.34.44.131:1596 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:21025 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA037E23F  Ack: 0x913B5CDB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/21-13:22:40.264006 65.214.36.115:44081 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:63391 IpLen:20 DgmLen:195 DF
***AP*** Seq: 0xC35E20DE  Ack: 0xCF0CFD4E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 370202653 1930576072 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:24.610775 24.94.212.166:4728 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xB0DDB8F4  Ack: 0x10D10117  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.079837 24.94.212.166:4733 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29983 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xB0E37797  Ack: 0x11923CF2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.353159 24.94.212.166:4734 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29997 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB0E5707B  Ack: 0x10CDD8D1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.585506 24.94.212.166:4735 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30009 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xB0E6B4CD  Ack: 0x11088CCC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/21-13:40:25.835940 24.94.212.166:4736 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30027 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0E8A2BF  Ack: 0x11745876  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]