SnortSnarf alert page

Destination: 192.168.1.6: #4501-4600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 07:05:06.952694 on 05/22/2003
Latest: 09:59:21.505118 on 05/22/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:06.952694 24.209.219.162:2844 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28715 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3C79255F  Ack: 0x7B785B6C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:05:07.018960 24.209.219.162:2860 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28743 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C81DA0E  Ack: 0x7BED4FD7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.146428 24.209.219.162:2744 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27452 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7D30FCF9  Ack: 0x8DCE3690  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.209627 24.209.219.162:2767 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27466 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7D39FBAF  Ack: 0x8E7DA20C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.270780 24.209.219.162:2775 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27491 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D3F728E  Ack: 0x8DD34C7B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.354163 24.209.219.162:2778 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27506 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7D41BA43  Ack: 0x8E67916E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:00.420587 24.209.219.162:2786 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:27518 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7D4712A0  Ack: 0x8DE598F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:03.882307 24.209.219.162:3277 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:28579 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7E51F36B  Ack: 0x8EA2A191  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:10:07.040075 24.209.219.162:3961 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29416 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7F7D265C  Ack: 0x8EED7B61  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.107947 24.209.219.162:4009 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29449 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7F8FB144  Ack: 0x8ED563AD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:07.163916 24.209.219.162:4010 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:29482 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7F910DCC  Ack: 0x8E8FF64F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.789733 24.209.219.162:4814 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:31992 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x813085C4  Ack: 0x8EE7A25F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.860112 24.209.219.162:4993 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32009 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818C1A6F  Ack: 0x8F81FEF3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:19.914543 24.209.219.162:4995 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x818D41C5  Ack: 0x8F6BFF82  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.019679 24.209.219.162:1027 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32058 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8192C55C  Ack: 0x8EEB4184  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.096121 24.209.219.162:1029 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32068 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8193F437  Ack: 0x8F583E07  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.159567 24.209.219.162:1039 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32088 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x819C0F89  Ack: 0x8EE67A11  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:10:20.236735 24.209.219.162:1044 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:32109 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x81A00418  Ack: 0x8F1F19E3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:02.361031 24.209.219.162:2344 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:64696 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x784CAA93  Ack: 0x1A8C8071  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.099850 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1658 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A1A4AC2  Ack: 0x1BA6BED4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.246191 24.209.219.162:3490 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1670 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC5597B  Ack: 0x1BA29551  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.304937 24.209.219.162:3492 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1705 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7AC6A66A  Ack: 0x1B21E0D8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:15.357263 24.209.219.162:3533 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1719 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7AD4EBBC  Ack: 0x1B39334A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:24.613854 24.209.219.162:4594 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3767 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7CEEFEB9  Ack: 0x1BE7457A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-07:47:33.930101 24.209.219.162:1545 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:5678 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7EF4851D  Ack: 0x1C0445CF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:43.467376 24.209.219.162:2346 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7692 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x81594DD8  Ack: 0x1D0256CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.694719 24.209.219.162:2960 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9438 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82E888CE  Ack: 0x1D8BF10D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:47:52.785612 24.209.219.162:2967 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9446 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x82EA3224  Ack: 0x1D4C4063  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:02.157662 24.209.219.162:4068 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x84E62FA7  Ack: 0x1E0C1930  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:11.484723 24.209.219.162:1104 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13039 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86C9E2A3  Ack: 0x1F38420D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:17.970499 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14229 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:23.977665 24.209.219.162:1418 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:15690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8794D047  Ack: 0x1F24634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.028436 24.209.219.162:2448 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16536 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AA8E157  Ack: 0x1F668E42  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.079199 24.209.219.162:2454 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16550 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8AAD5F93  Ack: 0x2015226F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-07:48:27.134918 24.209.219.162:2458 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8AB071C5  Ack: 0x1FAA30F5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:30.821986 24.209.219.162:2478 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9668 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD8364BF4  Ack: 0x7DD83F69  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.153190 24.209.219.162:3194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11511 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD9D06D55  Ack: 0x7F0DED6E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:40.206663 24.209.219.162:3196 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:11527 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD9D1FAE5  Ack: 0x7EE8BF83  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.578144 24.209.219.162:4660 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13684 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDC650FE7  Ack: 0x7F883334  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:49.664255 24.209.219.162:4667 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13709 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDC679B25  Ack: 0x7F719EE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.735029 24.209.219.162:4677 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13742 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6A0C8F  Ack: 0x7F7C98E9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:13:49.825110 24.209.219.162:4678 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13779 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDC6AA0DF  Ack: 0x7F07723B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:13:53.332907 24.209.219.162:4736 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:14715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xDC81A748  Ack: 0x7F09722B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.714278 24.209.219.162:1849 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16628 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF4BCC99  Ack: 0x8019316C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.793111 24.209.219.162:1861 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16646 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5922C2  Ack: 0x7FE5796A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.899542 24.209.219.162:1868 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16686 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF5EBE4C  Ack: 0x7FCD570C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:02.968167 24.209.219.162:1870 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16701 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xDF605B1F  Ack: 0x8089E8D9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:03.023912 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:16712 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:05.935768 24.209.219.162:1876 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17324 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xDF6525D8  Ack: 0x80B02148  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.182877 24.209.219.162:2031 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE26668  Ack: 0x80E0192E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.241934 24.209.219.162:2033 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17358 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xDFE3E7F8  Ack: 0x8052B2FF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:14:06.304378 24.209.219.162:2036 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:17364 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFE619B2  Ack: 0x80806196  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.216983 24.209.219.162:2241 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:918 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA2A0F  Ack: 0xC52FE17B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.281550 24.209.219.162:2244 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:937 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE4AC6DE0  Ack: 0xC4E36A32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.339594 24.209.219.162:2247 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:944 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4AF1F27  Ack: 0xC5D435CE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.420031 24.209.219.162:2250 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:966 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE4B12738  Ack: 0xC51CCAF6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:31.492685 24.209.219.162:2257 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:981 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE4B72FAC  Ack: 0xC4DF82F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:31.570539 24.209.219.162:2258 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1023 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE4B7FC1B  Ack: 0xC55CD704  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:32:34.629681 24.209.219.162:2605 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:1649 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE53589A4  Ack: 0xC58F7C3F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:43.826697 24.209.219.162:3953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:3984 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE8031720  Ack: 0xC5D65745  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.128105 24.209.219.162:4913 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F51A60  Ack: 0xC632B626  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:53.182270 24.209.219.162:4918 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:6460 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE9F8E029  Ack: 0xC6F27FAC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:32:56.235473 24.209.219.162:1194 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:7151 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA7BDDC1  Ack: 0xC6B874EA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.460341 24.209.219.162:2151 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9619 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED418666  Ack: 0xC75782E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.544357 24.209.219.162:2152 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9638 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xED427E68  Ack: 0xC76B4ED9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:05.584645 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:9644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.524343 24.209.219.162:2156 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10353 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED45208A  Ack: 0xC736EF8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:08.784342 24.209.219.162:2396 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:10386 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEDFC4F29  Ack: 0xC7FA57AE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:33:18.107931 24.209.219.162:3220 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:13091 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEFFFE3BD  Ack: 0xC7DF643A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:37.786286 24.157.153.204:1394 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:29770 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1AC2F855  Ack: 0x19346A60  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:41.857219 24.157.153.204:1628 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:30332 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1B74A424  Ack: 0x1A21A94D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:48.765916 24.157.153.204:1906 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:31321 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1C465982  Ack: 0x19726DD3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:58.182816 24.157.153.204:2666 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32947 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E851163  Ack: 0x1AB1823F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:54:58.362691 24.157.153.204:2673 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:32979 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1E8B1554  Ack: 0x1AF8C891  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:54:58.552832 24.157.153.204:2683 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33007 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1E938CD6  Ack: 0x1B152546  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-08:54:58.745249 24.157.153.204:2688 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:33029 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1E97FB74  Ack: 0x1AD2C83F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.331219 24.157.153.204:3182 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34466 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2017FF69  Ack: 0x1ADD15DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.510685 24.157.153.204:3210 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34506 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x20222057  Ack: 0x1B7D98CD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.703414 24.157.153.204:3216 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34533 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x202726BF  Ack: 0x1B2A899E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:08.898789 24.157.153.204:3222 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34565 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x202C245F  Ack: 0x1B473464  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:09.242755 24.157.153.204:3231 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34634 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2032F250  Ack: 0x1B706B94  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:09.463832 24.157.153.204:3293 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:34685 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x206524F6  Ack: 0x1BA504A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:12.669074 24.157.153.204:3301 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:35153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x206BC2ED  Ack: 0x1BCAA562  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:18.583688 24.157.153.204:3301 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:35986 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x206BC2ED  Ack: 0x1BCAA562  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:21.809408 24.157.153.204:3927 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:36310 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2252BEB7  Ack: 0x1C4A5CBB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:55:31.250159 24.157.153.204:4313 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:37556 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x238E619C  Ack: 0x1C33D39A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:57:16.843695 210.107.253.211:3481 -> 192.168.1.6:80
TCP TTL:98 TOS:0x4 ID:27292 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB51964E  Ack: 0x23D63F73  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-08:57:16.855652 210.107.253.211:3481 -> 192.168.1.6:80
TCP TTL:98 TOS:0x4 ID:27291 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFB51909A  Ack: 0x23D63F73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:00:21.492471 66.196.65.24:39271 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3278 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x923DC074  Ack: 0x2EBBE9BF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:17:39.690041 24.209.36.194:2355 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53133 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDBEA57C6  Ack: 0x710AF253  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:17:39.710008 24.209.36.194:2355 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53134 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDBEA5D7A  Ack: 0x710AF253  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.131068 24.209.219.162:4145 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52509 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x346BAF75  Ack: 0xB513E31  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:58:53.456389 24.209.219.162:4268 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:52570 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x348C8FB7  Ack: 0xB632F62  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.260874 24.209.219.162:4804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54629 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35A2A3BA  Ack: 0xBCD8950  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.349647 24.209.219.162:4976 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54646 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x361A1FBD  Ack: 0xC01B7F9  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:06.414816 24.209.219.162:4986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54659 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x361F03F6  Ack: 0xC5564B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:59:06.518673 24.209.219.162:4996 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:54672 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3621FAE4  Ack: 0xBD0E88E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-09:59:11.998642 24.209.219.162:1406 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:55628 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x371444E6  Ack: 0xBEE3DBB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.430856 24.209.219.162:1804 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57200 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x385C11D7  Ack: 0xD03974F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.505118 24.209.219.162:1809 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57217 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x385FB745  Ack: 0xD65E898  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]