SnortSnarf alert page

Destination: 192.168.1.6: #4701-4800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 20:41:24.051015 on 05/22/2003
Latest: 23:57:21.323430 on 05/22/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.051015 24.209.174.0:1054 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31422 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x579D524B  Ack: 0x86EF4F09  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.346696 24.209.174.0:1068 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31470 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57A992EF  Ack: 0x8720F952  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:24.628153 24.209.174.0:1082 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31513 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57B46924  Ack: 0x869B6FE3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.193929 24.209.174.0:1204 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31962 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x581CB0EF  Ack: 0x86D18DD2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.449154 24.209.174.0:1211 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:31994 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58220725  Ack: 0x87A56117  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:28.674451 24.209.174.0:1218 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32025 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x58279B01  Ack: 0x8782968A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-20:41:38.167375 24.209.174.0:1505 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:32903 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x591DE8F2  Ack: 0x8756E683  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:52.425561 24.209.191.91:4146 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37734 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2139606  Ack: 0xE4924DE9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:53.048159 24.209.191.91:4167 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37821 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x226C452  Ack: 0xE43040DB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:53.548397 24.209.191.91:4179 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37881 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2313120  Ack: 0xE47286DE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:54.082108 24.209.191.91:4195 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37961 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x23E425B  Ack: 0xE4C05727  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:05:54.669769 24.209.191.91:4215 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38032 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x24E44CC  Ack: 0xE4F2FD34  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-21:05:55.162912 24.209.191.91:4234 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38115 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x25E388C  Ack: 0xE4451896  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-21:06:04.589679 24.209.191.91:4544 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39509 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x363DC25  Ack: 0xE521FB99  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:14.093175 24.209.191.91:4818 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40795 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4512ABD  Ack: 0xE55C3004  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:14.629291 24.209.191.91:4834 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40878 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x45ED66F  Ack: 0xE54AE616  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:23.981386 24.209.191.91:1217 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42510 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57B6126  Ack: 0xE632D75A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:24.198869 24.209.191.91:1226 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:42564 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x583750A  Ack: 0xE6B8AC24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:27.803275 24.209.191.91:1345 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43128 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5E79CE9  Ack: 0xE619BC6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.125639 24.209.191.91:1359 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43207 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5F25110  Ack: 0xE6D0B68E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.397008 24.209.191.91:1368 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43243 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5F9E7DD  Ack: 0xE6347C55  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.688320 24.209.191.91:1380 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43289 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x603B7C0  Ack: 0xE70A6FB8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:06:28.920097 24.209.191.91:1389 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:43323 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x60BE3F7  Ack: 0xE6980AA6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-21:45:47.244712 24.162.194.218:4164 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:838 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC746CF76  Ack: 0x7AA9AD3C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:18.700107 24.114.84.143:4623 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:46847 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A55A7A1  Ack: 0xC40EF734  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:19.440359 24.114.84.143:4648 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:47343 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2A6C17DC  Ack: 0xC44196EC  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:19.668130 24.114.84.143:4660 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:47473 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2A75A191  Ack: 0xC3F0297B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:29.158409 24.114.84.143:4915 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:53323 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2B57B933  Ack: 0xC4F9B096  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:32.117820 24.114.84.143:4915 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:55195 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2B57B933  Ack: 0xC4F9B096  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:32.670525 24.114.84.143:3031 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:55512 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2BB77759  Ack: 0xC51FEB23  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:05:39.342392 24.114.84.143:3151 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56836 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2C1CA7F0  Ack: 0xC514D1F7  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:05:39.579138 24.114.84.143:3248 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:56866 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2C6DA7C1  Ack: 0xC4DEE2B1  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:46.270314 24.114.84.143:3374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:57657 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2CD2BE3D  Ack: 0xC5F4261E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:46.480114 24.114.84.143:3502 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:57697 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D3A0F5C  Ack: 0xC5BC5BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.052992 24.114.84.143:3613 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58294 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D96D290  Ack: 0xC5A35E71  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.311521 24.114.84.143:3620 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58307 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D9D0E1B  Ack: 0xC5863ABF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.575100 24.114.84.143:3626 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58335 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2DA270F5  Ack: 0xC58BF31F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:50.841940 24.114.84.143:3638 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58364 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2DACEFB4  Ack: 0xC68365AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:51.058521 24.114.84.143:3647 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58383 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DB40247  Ack: 0xC671A86C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:51.239187 24.114.84.143:3654 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58401 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2DB8CF7C  Ack: 0xC616C64E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:05:51.469946 24.114.84.143:3665 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:58425 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2DC0B600  Ack: 0xC6002A3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:17:19.238602 24.209.196.254:3007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15995 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14A4BDEF  Ack: 0xF232CA7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:17:19.246747 24.209.196.254:3007 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:15996 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x14A4C3A3  Ack: 0xF232CA7C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:41.084196 24.209.191.91:2323 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:371 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x586A8262  Ack: 0x52476095  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:44.705966 24.209.191.91:2408 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:856 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x58B5BFD8  Ack: 0x51B49F0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:42:54.103416 24.209.191.91:2673 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:2224 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x599B4927  Ack: 0x52C19855  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:03.329390 24.209.191.91:2946 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3583 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5A890C83  Ack: 0x538FB5A6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:03.631152 24.209.191.91:2953 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3619 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5A8F56E0  Ack: 0x53A0BC93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:43:03.885347 24.209.191.91:2958 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3660 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5A93F9A2  Ack: 0x52EEC2DA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-22:43:04.144198 24.209.191.91:2963 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3702 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5A980D84  Ack: 0x53878BF8  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.427891 24.209.191.91:2970 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3753 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5A9E2222  Ack: 0x52C28BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.712544 24.209.191.91:2980 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AA66947  Ack: 0x535A9085  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:04.976670 24.209.191.91:2984 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3826 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AAA8D1C  Ack: 0x53B203BA  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:05.226058 24.209.191.91:2991 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:3866 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AB06071  Ack: 0x53641690  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:08.531046 24.209.191.91:3070 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:4331 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5AF3DAC7  Ack: 0x53C873E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:17.931469 24.209.191.91:3327 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5585 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5BCF0325  Ack: 0x544D92B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.222616 24.209.191.91:3338 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5638 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5BD7FA26  Ack: 0x54439209  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.489036 24.209.191.91:3350 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5681 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5BE27B6B  Ack: 0x53AD287F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-22:43:18.778512 24.209.191.91:3358 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:5734 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5BE9C736  Ack: 0x5420E079  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:09:50.834461 66.196.65.24:64265 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:43932 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5759F0E2  Ack: 0xB85DF2B2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:56.959830 24.209.174.0:4975 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15315 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xBB0123AF  Ack: 0x2DA02A7D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:57.399492 24.209.174.0:1027 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15382 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xBB17509A  Ack: 0x2D6DB565  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:40:57.687966 24.209.174.0:1042 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15427 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB2185FC  Ack: 0x2D679B27  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:01.307976 24.209.174.0:1150 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15768 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xBB7F2C02  Ack: 0x2D98BD6F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:01.548727 24.209.174.0:1163 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:15799 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBB8A0A98  Ack: 0x2D7EB488  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:41:05.309189 24.209.174.0:1287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16239 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBBF5BE81  Ack: 0x2E2E3AE4  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:41:05.722488 24.209.174.0:1307 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16303 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xBC06C983  Ack: 0x2E119AA3  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:09.222757 24.209.174.0:1447 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:16759 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xBC7C814D  Ack: 0x2DDEC713  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:18.678375 24.209.174.0:1748 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:17749 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBD8245E5  Ack: 0x2EA181D3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:28.329383 24.209.174.0:2069 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:18778 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBE94B919  Ack: 0x2EE8601D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:37.860305 24.209.174.0:2351 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19652 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF893E84  Ack: 0x2F80299C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.102779 24.209.174.0:2358 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19666 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xBF8E4E9F  Ack: 0x300669E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.339335 24.209.174.0:2364 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19683 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xBF93B172  Ack: 0x2F85E7FB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.596978 24.209.174.0:2368 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19694 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBF96EE77  Ack: 0x2FEC348E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:38.865389 24.209.174.0:2373 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19720 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBF9BC1BE  Ack: 0x2FF6C402  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:41:39.118563 24.209.174.0:2382 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:19742 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xBFA3F4BB  Ack: 0x2F8AF27D  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:16.247674 24.209.113.11:1353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36467 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x138A4729  Ack: 0x4C7049E5  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:26.007411 24.209.113.11:1631 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37793 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x147D9ED7  Ack: 0x4C299B1B  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:26.383418 24.209.113.11:1639 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37855 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x14843664  Ack: 0x4D15DB48  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:26.828712 24.209.113.11:1654 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37909 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x14903BD9  Ack: 0x4C6384E8  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:27.316970 24.209.113.11:1670 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37988 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x149D38E8  Ack: 0x4C9E6307  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:49:30.826594 24.209.113.11:1760 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38420 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x14EBE834  Ack: 0x4CA0FA50  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:49:41.071237 24.209.113.11:2038 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:39781 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x15DDDD75  Ack: 0x4E114753  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:49:51.025343 24.209.113.11:2322 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:41106 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x16D02F87  Ack: 0x4F109034  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:50:16.272326 24.209.113.11:3037 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:44500 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x193FEB5F  Ack: 0x5084878E  Win: 0xB5C9  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:56:59.753251 24.209.113.11:3786 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36025 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x4390B11C  Ack: 0x6B13CAD9  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:00.243774 24.209.113.11:3874 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36103 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x43DE5097  Ack: 0x6A7E94C7  Win: 0xB5C9  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:00.844554 24.209.113.11:3888 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36167 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43EA8271  Ack: 0x6AA83206  Win: 0xB5C9  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:01.609100 24.209.113.11:3909 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36244 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x43FBC012  Ack: 0x6B3C7299  Win: 0xB5C9  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:02.077505 24.209.113.11:3930 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36302 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x440E21F7  Ack: 0x6B356ADC  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:57:02.885954 24.209.113.11:3944 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36380 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44194B37  Ack: 0x6B1636C5  Win: 0xB5C9  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/22-23:57:03.465151 24.209.113.11:3965 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36456 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x442B52BA  Ack: 0x6AB9215D  Win: 0xB5C9  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:04.055755 24.209.113.11:3981 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36544 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x4439EFBA  Ack: 0x6AEAA028  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:04.648396 24.209.113.11:3998 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:36609 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4447F6EA  Ack: 0x6B5E7137  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:08.780225 24.209.113.11:4100 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37042 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x449F98A5  Ack: 0x6B2CDC13  Win: 0xB5C9  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:13.088716 24.209.113.11:4131 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37467 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x44BC1152  Ack: 0x6B1EA7C9  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:13.860999 24.209.113.11:4228 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37546 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4510299B  Ack: 0x6BEBC387  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:17.794525 24.209.113.11:4248 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:37951 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4520F0A2  Ack: 0x6B74F0A9  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:18.230163 24.209.113.11:4353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38030 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457D9D5C  Ack: 0x6B72F1F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:21.323430 24.209.113.11:4353 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38377 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x457D9D5C  Ack: 0x6B72F1F4  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]