SnortSnarf alert page

Destination: 192.168.1.6: #4601-4700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 09:59:21.599450 on 05/22/2003
Latest: 20:41:23.703756 on 05/22/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.599450 24.209.219.162:1815 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57242 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x386442D4  Ack: 0xD488FF5  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.666051 24.209.219.162:1823 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57256 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3869A3D8  Ack: 0xD1B4352  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.794558 24.209.219.162:1827 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57276 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x386D4ADC  Ack: 0xD172D5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:21.871018 24.209.219.162:1831 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57296 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3871C55E  Ack: 0xC96C18A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:25.857130 24.209.219.162:1835 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57608 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38748E94  Ack: 0xD0C5F6D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:27.077825 24.209.219.162:1953 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57784 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x38D1ED52  Ack: 0xCD07951  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-09:59:27.213821 24.209.219.162:1986 -> 192.168.1.6:80
TCP TTL:123 TOS:0x0 ID:57837 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x38EE8F58  Ack: 0xD186D3C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-10:30:39.751010 209.237.238.174:53407 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:161
***AP*** Seq: 0x8414FACF  Ack: 0x76C88077  Win: 0x16A0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:13:16.473881 24.82.171.110:3894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32896 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x663E4557  Ack: 0x7C0BFF5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:13:16.570214 24.82.171.110:3894 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32897 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x663E4B0B  Ack: 0x7C0BFF5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:15:42.966610 66.196.65.24:46250 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:57680 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5507744C  Ack: 0x10F07504  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:18:16.086608 129.137.185.125:1839 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25129 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0xBD0FDCAE  Ack: 0x1B37EEF1  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:18:16.580485 129.137.185.125:1839 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25131 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0xBD0FDD3B  Ack: 0x1B37F05F  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:19:54.774003 24.209.36.194:2930 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6749 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFC83B83  Ack: 0x208D0327  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-12:19:54.798325 24.209.36.194:2930 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:6750 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEFC84137  Ack: 0x208D0327  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:01.434993 129.137.185.125:1903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25835 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x108CFFE4  Ack: 0x67E42A34  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:01.907490 129.137.185.125:1903 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25836 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x108D0071  Ack: 0x67E42BA2  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:02.120281 129.137.185.125:1904 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25841 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x1041D4B3  Ack: 0x67C33295  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:39:04.139165 129.137.185.125:1905 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:25846 IpLen:20 DgmLen:216 DF
***AP*** Seq: 0x32370826  Ack: 0x68984F58  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:41:56.151497 209.237.238.158:2399 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:28390 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x4FB101CF  Ack: 0x73E3DE32  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 889019649 1973577747 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:43:29.107707 129.137.185.125:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31704 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x1EEEDE8F  Ack: 0x791EB03A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-12:43:29.200655 129.137.185.125:1919 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:31705 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x1EEEDF1C  Ack: 0x791EB1A8  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-13:56:45.939276 24.209.36.194:1214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20423 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7E84F76F  Ack: 0x8E3A7129  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-13:56:45.978172 24.209.36.194:1214 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:20424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7E84FD23  Ack: 0x8E3A7129  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-13:58:25.009176 129.137.185.125:2149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32670 IpLen:20 DgmLen:181 DF
***AP*** Seq: 0x153C2BAC  Ack: 0x9417CD4B  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-13:58:25.376133 129.137.185.125:2149 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:32671 IpLen:20 DgmLen:196 DF
***AP*** Seq: 0x153C2C39  Ack: 0x9417CEB9  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-16:37:53.921821 209.237.238.174:42892 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58107 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE19372A5  Ack: 0xEE4F5616  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 293572716 1980829057 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-16:39:26.825682 209.237.238.175:53250 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:58541 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xE831D8E7  Ack: 0xF4BC05CA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 293289051 1980876646 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:07.034474 24.34.222.52:4888 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:307 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9631937D  Ack: 0x5DD062A7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:08.426208 24.34.222.52:4929 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:482 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9654E426  Ack: 0x5ED9A0A4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:09.338884 24.34.222.52:4957 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:618 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x966C4FF1  Ack: 0x5E48C2DD  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:10.409484 24.34.222.52:4986 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:753 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9684D16D  Ack: 0x5EF52FC8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:14.246170 24.34.222.52:3106 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:1266 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x96E7B13D  Ack: 0x5EBF842B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:07:15.046994 24.34.222.52:3127 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:1366 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x96FB0A07  Ack: 0x5ED8B7E3  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:07:19.149697 24.34.222.52:3261 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:1904 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9770E463  Ack: 0x5F06042D  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:23.402856 24.34.222.52:3376 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:2456 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x97D5696E  Ack: 0x5F14E327  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:33.312905 24.34.222.52:3396 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:3696 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97E6BEFF  Ack: 0x5FAE8A10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:34.626473 24.34.222.52:3676 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:3878 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x98D897E3  Ack: 0x604836C9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:41.533151 24.34.222.52:3795 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:4726 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x994331EE  Ack: 0x6096554E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:45.549558 24.34.222.52:3979 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:5199 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E4F9C2  Ack: 0x606397B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:48.544211 24.34.222.52:3979 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:5621 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x99E4F9C2  Ack: 0x606397B0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:49.879329 24.34.222.52:4111 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:5800 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9A56800A  Ack: 0x607FA05F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:07:56.435356 24.34.222.52:4230 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:6642 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9ABFCC09  Ack: 0x616FAEE8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:08:00.140683 24.34.222.52:4320 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:7133 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x9B0A9C93  Ack: 0x6186FF5B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:08:01.015722 24.34.222.52:4429 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:7246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9B691521  Ack: 0x61FDC4B1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:36:48.745517 64.68.82.16:22955 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:7423 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xC0D19956  Ack: 0xCD8ADFBC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 741574335 1982638185 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:42:52.686745 24.209.174.0:4162 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32224 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xFD3109C2  Ack: 0xE4AD6F58  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:42:53.650186 24.209.174.0:4183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32361 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xFD451B3D  Ack: 0xE46CBFFF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:03.711487 24.209.174.0:4456 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:33852 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFE34C3A2  Ack: 0xE535113D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:04.321462 24.209.174.0:4470 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:33940 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xFE410A36  Ack: 0xE4B3764A  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:04.938237 24.209.174.0:4490 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34037 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFE530958  Ack: 0xE560F96B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:08.471526 24.209.174.0:4509 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:34601 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFE64C842  Ack: 0xE53DB9AC  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:12.337558 24.209.174.0:4708 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35181 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFF0EFE82  Ack: 0xE5718EE9  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-17:43:15.243418 24.209.174.0:4708 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35609 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFF0EFE82  Ack: 0xE5718EE9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:15.941252 24.209.174.0:4807 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:35715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFF68F474  Ack: 0xE6D75FA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:19.638163 24.209.174.0:4915 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36277 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFC705FF  Ack: 0xE706B9E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:20.182494 24.209.174.0:4926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36360 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFD1064B  Ack: 0xE69B7F00  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:23.057405 24.209.174.0:4926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36806 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFD1064B  Ack: 0xE69B7F00  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:24.068049 24.209.174.0:1079 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36977 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3E89B2  Ack: 0xE77307E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:24.496080 24.209.174.0:1091 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x497DF9  Ack: 0xE72F97D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:28.269383 24.209.174.0:1210 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37610 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAD3B40  Ack: 0xE7A1CCE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:28.698188 24.209.174.0:1221 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37676 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB7A755  Ack: 0xE7A87877  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:31.991447 24.209.174.0:1327 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38178 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x112CE1E  Ack: 0xE71CFED5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-17:43:35.880025 24.209.174.0:1443 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38794 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1793B84  Ack: 0xE7712DAA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:45.877055 24.209.36.194:1811 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15716 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CA7C605  Ack: 0x43B70C0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:45.933094 24.209.36.194:1811 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:15717 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1CA7CBB9  Ack: 0x43B70C0F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:56.285984 24.209.113.11:4193 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31926 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50A7C36  Ack: 0x441C3112  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:15:56.292562 24.209.113.11:4193 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31927 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50A81EA  Ack: 0x441C3112  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:49:03.721427 24.209.36.194:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:231 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90BBB11B  Ack: 0xC1D80C98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:49:03.746096 24.209.36.194:1941 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:232 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90BBB6CF  Ack: 0xC1D80C98  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:09.222705 24.209.174.0:3901 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29715 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x20B60FA0  Ack: 0xCDB075C4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:09.717756 24.209.174.0:3911 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29783 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x20BF26D5  Ack: 0xCE3BD9FC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.003524 24.209.174.0:3926 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29826 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20CA8A59  Ack: 0xCD82D765  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.288617 24.209.174.0:3941 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29870 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x20D7642C  Ack: 0xCE35E8EC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:10.622359 24.209.174.0:3954 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29920 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20E1D57C  Ack: 0xCD9A1AA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-19:52:10.880264 24.209.174.0:3966 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29959 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x20EB53E7  Ack: 0xCE4ECB24  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-19:52:14.664836 24.209.174.0:3991 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30378 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x21019788  Ack: 0xCE3538D0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.203566 24.209.174.0:4386 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31325 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x224FED49  Ack: 0xCEA585EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.463015 24.209.174.0:4397 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31350 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x22584878  Ack: 0xCE46C8D8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.696405 24.209.174.0:4400 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x225B8741  Ack: 0xCE350EEB  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:24.981841 24.209.174.0:4407 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31387 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x226192D7  Ack: 0xCE7ADEAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:25.267831 24.209.174.0:4418 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31414 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x226A7A66  Ack: 0xCE7783C5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:25.532648 24.209.174.0:4425 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31440 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2270B9EF  Ack: 0xCE76631E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:28.507972 24.209.174.0:4425 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31690 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2270B9EF  Ack: 0xCE76631E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:28.899337 24.209.174.0:4523 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31730 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22C7DD04  Ack: 0xCF4483F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:29.108515 24.209.174.0:4528 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31743 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x22CCE646  Ack: 0xCED77B91  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-19:52:29.374187 24.209.174.0:4535 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31766 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x22D331A6  Ack: 0xCEEDEAD3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:16:19.991922 24.209.196.254:4201 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6546 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B4C4246  Ack: 0x27F1AFA0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:16:19.993177 24.209.196.254:4201 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:6547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8B4C47FA  Ack: 0x27F1AFA0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:28:05.494301 24.209.36.194:3201 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45899 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17BD4A0E  Ack: 0x54899156  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:28:05.516671 24.209.36.194:3201 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:45900 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x17BD4FC2  Ack: 0x54899156  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:40:56.240352 24.209.174.0:4127 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:28546 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x54A14477  Ack: 0x853A126A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:05.802882 24.209.174.0:4398 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29350 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x558CFA49  Ack: 0x85FCA940  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:06.064546 24.209.174.0:4405 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29365 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5593073A  Ack: 0x85C3A60E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:09.575181 24.209.174.0:4530 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29764 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x55F84913  Ack: 0x859D4A51  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:09.860959 24.209.174.0:4541 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29797 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56020401  Ack: 0x85A19911  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-20:41:10.124624 24.209.174.0:4549 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:29830 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x56089E76  Ack: 0x85B28B84  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-20:41:13.740741 24.209.174.0:4659 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:30167 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5668729B  Ack: 0x8695B7F0  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:23.381890 24.209.174.0:1027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31325 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x578745E6  Ack: 0x86D42E74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:23.703756 24.209.174.0:1040 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31369 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57912F17  Ack: 0x86B91879  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]