SnortSnarf alert page

Destination: 192.168.1.6: #4801-4900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:57:21.950767 on 05/22/2003
Latest: 09:23:28.191300 on 05/23/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:21.950767 24.209.113.11:4444 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38445 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x45CFF4C4  Ack: 0x6BD89825  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/22-23:57:22.633663 24.209.113.11:4460 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:38532 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x45DE245C  Ack: 0x6C40AB3E  Win: 0xB5C9  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:10:23.053061 24.168.247.208:3986 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51428 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E3DFDBC  Ack: 0x9CE030E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:10:23.058113 24.168.247.208:3986 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51429 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4E3E0370  Ack: 0x9CE030E5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:14:53.730053 218.27.203.97:1840 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:28351 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF3A50D0  Ack: 0xADE4AEF2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:14:58.822982 218.27.203.97:1840 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:28793 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF3A4B1C  Ack: 0xADE4AEF2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-00:36:04.334164 66.196.65.24:43505 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:39336 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB356DBD4  Ack: 0xFDE1C7A2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:52:58.840095 24.25.215.4:1273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37540 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x62582BA7  Ack: 0x3E1825BA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-00:52:58.954586 24.25.215.4:1273 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:37541 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6258315B  Ack: 0x3E1825BA  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:05:54.824824 24.161.94.61:4659 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24227 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x45ACF053  Ack: 0x50BB1B35  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:05:57.262315 24.161.94.61:4718 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:24432 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x45DFA99F  Ack: 0x50879C73  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:09.014247 24.161.94.61:1062 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:25417 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x46F7E547  Ack: 0x52661FE3  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:20.325339 24.161.94.61:1395 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26332 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x4817F43A  Ack: 0x53BAB57D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:22.579236 24.161.94.61:1443 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26523 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4842A2B5  Ack: 0x53C7D26F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-02:06:27.440390 24.161.94.61:1591 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:26888 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48C3F08B  Ack: 0x53C7734A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-02:06:29.650551 24.161.94.61:1641 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27032 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x48F04E27  Ack: 0x53DC3C23  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:31.922461 24.161.94.61:1697 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27212 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x491FEEBD  Ack: 0x5418E4B9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:42.843878 24.161.94.61:2001 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:27999 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4A23FD92  Ack: 0x545A64E0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:48.289165 24.161.94.61:2131 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28363 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4A98F2CD  Ack: 0x5485D291  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:53.729892 24.161.94.61:2260 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28723 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B0ADA3D  Ack: 0x556B5D43  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:55.935349 24.161.94.61:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:28881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x4B3C21A0  Ack: 0x55A6A8E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:06:58.192815 24.161.94.61:2378 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29030 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x4B744394  Ack: 0x55558C2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:07:00.211439 24.161.94.61:2430 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29155 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BA0897F  Ack: 0x5603ED84  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:07:01.406583 24.161.94.61:2479 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29244 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4BCD1C8F  Ack: 0x55AE06DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-02:07:06.719947 24.161.94.61:2608 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:29644 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4C3E0430  Ack: 0x560F4D3E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:03.277714 24.209.174.0:2768 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:27316 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEE296E5C  Ack: 0x5EBE8547  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:12.939788 24.209.174.0:3057 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28228 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEF26A05F  Ack: 0x5EEA4DAE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.178494 24.209.174.0:3067 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28250 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEF2F2C02  Ack: 0x5EF716BB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.387948 24.209.174.0:3078 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28266 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEF37DF4D  Ack: 0x5EABB055  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:13.626844 24.209.174.0:3082 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:28279 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEF3CA53F  Ack: 0x5F3E5C93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:17:23.334367 24.209.174.0:3366 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29152 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF035134C  Ack: 0x600A5BCB  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:17:23.660859 24.209.174.0:3385 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29204 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF044CB70  Ack: 0x60042FE7  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:23.964726 24.209.174.0:3397 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:29252 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xF04EA7B5  Ack: 0x5FB80EC8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.480981 24.209.174.0:3692 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30127 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF14D95F9  Ack: 0x5FFC3013  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.719067 24.209.174.0:3699 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30150 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF152BEF2  Ack: 0x5FFDCC03  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:33.989373 24.209.174.0:3707 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30172 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF158D4B6  Ack: 0x5FD1B373  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:34.196714 24.209.174.0:3713 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:30188 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xF15DC0EF  Ack: 0x601FB2E8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:43.777666 24.209.174.0:4007 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31065 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xF25E71FF  Ack: 0x60C7FB9A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.083375 24.209.174.0:4019 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31114 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF264EDC1  Ack: 0x614A3A95  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.392625 24.209.174.0:4034 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31164 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xF270DD66  Ack: 0x6094F5E3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:17:44.630524 24.209.174.0:4047 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:31200 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF27C8249  Ack: 0x613D44DF  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:32.666273 24.209.174.0:3971 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14217 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xAF04CDBC  Ack: 0xD88B534B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.023573 24.209.174.0:3984 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14256 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xAF0F74AB  Ack: 0xD861DC10  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.241765 24.209.174.0:3997 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14281 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF1A9AB6  Ack: 0xD8A62BA5  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.507460 24.209.174.0:4008 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14319 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xAF242AAD  Ack: 0xD8AC45CD  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:33.726315 24.209.174.0:4018 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14343 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAF2C8606  Ack: 0xD8EC4CF9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:49:33.976004 24.209.174.0:4026 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14365 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF33B63A  Ack: 0xD8B8A401  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-03:49:34.208985 24.209.174.0:4038 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:14396 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xAF3D2FFB  Ack: 0xD88D24EF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:43.805905 24.209.174.0:4296 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15107 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xB02093BF  Ack: 0xD92E3C0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.014504 24.209.174.0:4300 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15119 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB02516D8  Ack: 0xD96AF770  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.248072 24.209.174.0:4311 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15140 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB02DD3AF  Ack: 0xD90ABFA8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.470780 24.209.174.0:4316 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15155 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB031F5FF  Ack: 0xD9BA432E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.742018 24.209.174.0:4326 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15177 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xB03B229F  Ack: 0xD9AD009E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:44.971696 24.209.174.0:4332 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15193 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB040CC52  Ack: 0xD8E7C569  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:45.183203 24.209.174.0:4337 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15206 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB0451F1F  Ack: 0xD95FE380  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:48.359287 24.209.174.0:4341 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15382 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xB0488C47  Ack: 0xD9B0CF1A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:48.583566 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15406 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:51.585463 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15571 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-03:49:57.680298 24.209.174.0:4411 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:15985 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB088104A  Ack: 0xD95695D7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:50.942667 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39762 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F2C7D  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:50.962503 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39763 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F3231  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:53.882543 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40347 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F2C7D  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-04:44:59.887913 24.225.182.78:1471 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:41485 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x788F2C7D  Ack: 0xA9989997  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:27.949163 24.209.174.0:4819 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37023 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE818BFB8  Ack: 0x7CB7ADA9  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:28.403424 24.209.174.0:4830 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37080 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE8231F22  Ack: 0x7C94FA32  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:37.936409 24.209.174.0:1158 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37980 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE92D7C2B  Ack: 0x7CECA892  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:38.151241 24.209.174.0:1164 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:37998 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9328ADF  Ack: 0x7D95DE7F  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:38.382597 24.209.174.0:1168 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38021 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE936816E  Ack: 0x7DBEFCC7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-06:48:47.824741 24.209.174.0:1434 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38730 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA1B32B3  Ack: 0x7E3AA690  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-06:48:48.030184 24.209.174.0:1440 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38743 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA1FF4CB  Ack: 0x7DF1CA04  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:48.233094 24.209.174.0:1444 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38760 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEA24449E  Ack: 0x7E23ECAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:48.452050 24.209.174.0:1449 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:38781 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEA28C537  Ack: 0x7E5D990F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.010750 24.209.174.0:1679 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39333 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAF86BBB  Ack: 0x7EB1378F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.222531 24.209.174.0:1686 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39352 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEAFE273B  Ack: 0x7EB2C1E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.484343 24.209.174.0:1691 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB032C0B  Ack: 0x7EBE8FBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.695125 24.209.174.0:1699 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39412 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xEB09F403  Ack: 0x7E32B784  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:48:58.918363 24.209.174.0:1703 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39436 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB0D6DDB  Ack: 0x7E3F0695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:01.866243 24.209.174.0:1703 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39791 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEB0D6DDB  Ack: 0x7E3F0695  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:02.139662 24.209.174.0:1826 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:39823 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xEB7461AC  Ack: 0x7EAD15D1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-06:49:11.722375 24.209.174.0:2152 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:40888 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC911A0A  Ack: 0x7F5D28E0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:31.250589 24.209.174.0:3348 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C1954A5  Ack: 0x8ADDA06  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:31.584929 24.209.174.0:3357 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20576 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C21AFD1  Ack: 0x86719EA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:35.213992 24.209.174.0:3469 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20872 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C804367  Ack: 0x93DC50E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:44.843411 24.209.174.0:3739 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:21755 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5D778B94  Ack: 0x9A218EE  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:33:54.450475 24.209.174.0:4007 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22460 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E5AA871  Ack: 0xA6D06F9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-08:33:54.688358 24.209.174.0:4013 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:22472 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5E600417  Ack: 0x9797147  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/23-08:34:07.438477 24.209.174.0:4237 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23275 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5F2888D2  Ack: 0xAC76C53  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:17.003550 24.209.174.0:4558 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:23937 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6043A889  Ack: 0xBA04E51  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:26.521934 24.209.174.0:4874 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:24917 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x61515A7E  Ack: 0xC58C898  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:30.201704 24.209.174.0:4985 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:25218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x61B2F3F4  Ack: 0xC845B0C  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.069075 24.209.174.0:1281 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26317 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x629D0A51  Ack: 0xE4816B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.344304 24.209.174.0:1396 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x62FA3915  Ack: 0xF512149  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.555536 24.209.174.0:1405 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26381 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x630048FC  Ack: 0xF5478CB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.776773 24.209.174.0:1410 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26399 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63051696  Ack: 0xE77713F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:43.983702 24.209.174.0:1417 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26416 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x630AFB4B  Ack: 0xEF423BC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-08:34:44.225609 24.209.174.0:1424 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:26436 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x63111ADE  Ack: 0xE966C5C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:04.818257 24.157.153.204:2320 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:48455 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9B42D347  Ack: 0xC4493A01  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:20.807227 24.157.153.204:2686 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:49849 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x9C8FDD72  Ack: 0xC607F8C3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:24.003581 24.157.153.204:2787 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:50146 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9CE720E9  Ack: 0xC56FDF80  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/23-09:23:28.191300 24.157.153.204:2870 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:50490 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9D35CEE3  Ack: 0xC5E16D72  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]