SnortSnarf alert page

Destination: 192.168.1.6: #5101-5200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 04:58:06.605152 on 05/24/2003
Latest: 13:59:22.028927 on 05/24/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:06.605152 24.114.19.203:4080 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47708 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x11579DD0  Ack: 0x1BEFD53E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:09.295326 24.114.19.203:4112 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47869 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x11790762  Ack: 0x1BE88871  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:20.611829 24.114.19.203:4260 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48511 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1213CBDC  Ack: 0x1C1F6FF0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:23.071964 24.114.19.203:4292 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48637 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1232E76E  Ack: 0x1C09AC29  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:34.963194 24.114.19.203:4432 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49280 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x12C8EAB1  Ack: 0x1D970679  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-04:58:47.011496 24.114.19.203:4587 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49968 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x136B2BD9  Ack: 0x1E351D88  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-04:58:49.140130 24.114.19.203:4615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50098 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1388F595  Ack: 0x1E5B0EC9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:58:51.633884 24.114.19.203:4641 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50233 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x13A28E85  Ack: 0x1E76AE0C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:00.608315 24.114.19.203:4721 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50743 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x13F68408  Ack: 0x1F0C3B74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:02.880153 24.114.19.203:4790 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50873 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x143D5DD9  Ack: 0x1F309CFE  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:05.446468 24.114.19.203:4814 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51018 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1457A370  Ack: 0x1E93C12D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:07.548620 24.114.19.203:4849 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51145 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x147BA846  Ack: 0x1F408823  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:10.074806 24.114.19.203:4875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51289 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1495FE05  Ack: 0x1EE11DEA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:12.124791 24.114.19.203:4925 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51418 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x14BA0CB9  Ack: 0x1F0887E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:14.587178 24.114.19.203:4975 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51548 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x14D44904  Ack: 0x1FD5D0B2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-04:59:26.473533 24.114.19.203:3136 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52153 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x156A0836  Ack: 0x20262B42  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:12:19.476623 24.209.36.194:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53281 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x545B43DC  Ack: 0x51931BCB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:12:19.522429 24.209.36.194:4338 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53282 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x545B4990  Ack: 0x51931BCB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-05:15:18.516907 216.39.48.30:50715 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23610 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4D062ADF  Ack: 0x5BC62762  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 545486578 2048357323 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:24:27.696015 24.209.36.194:2155 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40771 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A1FB2B  Ack: 0x7ED59E15  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-05:24:27.726251 24.209.36.194:2155 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:40772 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x90A200DF  Ack: 0x7ED59E15  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:41.058090 24.114.70.182:4251 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7610 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA23B6935  Ack: 0x7571F93C  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:41.547209 24.114.70.182:4256 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7624 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA240A428  Ack: 0x757C29B7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:50.864518 24.114.70.182:4365 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7968 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA2B42186  Ack: 0x762C64F0  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:51.017825 24.114.70.182:4368 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7976 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA2B7A6A1  Ack: 0x75E77837  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:29:51.212278 24.114.70.182:4370 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7986 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA2B94B23  Ack: 0x763745C0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-06:29:51.400151 24.114.70.182:4373 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7996 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA2BC1B11  Ack: 0x755DF413  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-06:30:01.231485 24.114.70.182:4616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8647 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA3975FBE  Ack: 0x76A49061  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:01.553839 24.114.70.182:4628 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8658 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA3A31B2A  Ack: 0x760D1CDE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:10.780687 24.114.70.182:4742 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9047 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4192BF4  Ack: 0x775388AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:20.087910 24.114.70.182:4962 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9565 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4E22039  Ack: 0x77786AB4  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:29.670562 24.114.70.182:1118 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10014 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5682BCA  Ack: 0x798C5D66  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.035514 24.114.70.182:1166 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10095 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5995B1F  Ack: 0x79382C22  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.197694 24.114.70.182:1170 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10106 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA59D6ADF  Ack: 0x79979A5D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.462753 24.114.70.182:1171 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10113 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA59EC838  Ack: 0x78DA229B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:33.780980 24.114.70.182:1174 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10124 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5A1FD70  Ack: 0x791E50C3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-06:30:43.227991 24.114.70.182:1378 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10554 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA65B5804  Ack: 0x79FF030A  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:20:51.911449 24.98.69.172:4808 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34873 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE70CCD4F  Ack: 0x35DBD1B4  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:20:52.287707 24.98.69.172:4814 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34898 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE7126F38  Ack: 0x36C83B39  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:01.573919 24.98.69.172:1187 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36110 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE837CE43  Ack: 0x371F187B  Win: 0x2238  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:11.093929 24.98.69.172:1485 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37121 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE9348B14  Ack: 0x37E8A4B0  Win: 0x2238  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:11.639317 24.98.69.172:1501 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37162 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE940F616  Ack: 0x370DE2BE  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-07:21:21.168014 24.98.69.172:1793 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38262 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEA3BE5B2  Ack: 0x382B99F5  Win: 0x2238  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-07:21:31.035756 24.98.69.172:2048 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39198 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEB1FE90F  Ack: 0x38E2044D  Win: 0x2238  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:31.985907 24.98.69.172:2077 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39276 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xEB357BA9  Ack: 0x38F1FE2F  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:32.762052 24.98.69.172:2091 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39329 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEB42C8CD  Ack: 0x38EC6FB6  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:42.478599 24.98.69.172:2374 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:40436 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC34CCDE  Ack: 0x39100543  Win: 0x2238  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:49.151219 24.98.69.172:2465 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41092 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xEC8536CC  Ack: 0x39CCF786  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:49.862689 24.98.69.172:2558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41163 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECD7B04E  Ack: 0x3A22D974  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:54.288540 24.98.69.172:2669 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41530 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED34AB49  Ack: 0x39970991  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:55.194750 24.98.69.172:2692 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41612 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED496C29  Ack: 0x39CB6D25  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-07:21:55.818761 24.98.69.172:2720 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:41700 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED61B1A6  Ack: 0x39F2997B  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-08:16:05.161059 24.26.146.115:2936 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53509 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF931D35F  Ack: 0x838ED59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-08:16:05.167578 24.26.146.115:2936 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:53510 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF931D913  Ack: 0x838ED59  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-09:45:34.760628 12.148.209.198:14979 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:50655 IpLen:20 DgmLen:252 DF
***AP*** Seq: 0xBD212905  Ack: 0x59853B68  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 396877962 2056662944 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1549:9] SMTP HELO overflow attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
05/24-09:52:25.297703 216.109.87.234:46796 -> 192.168.1.6:25
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:46
***AP*** Seq: 0x7359D3E0  Ack: 0x632D89AF  Win: 0x21F0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10324][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0042]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-11:17:10.171486 24.93.250.160:4346 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:50668 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3534677  Ack: 0xB3DC9FCF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-11:17:10.174273 24.93.250.160:4346 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:50669 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3534C2B  Ack: 0xB3DC9FCF  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:18:53.285052 24.209.229.123:2946 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17914 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA9576444  Ack: 0x9CAA7795  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:18:53.317432 24.209.229.123:2946 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:17915 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA95769F8  Ack: 0x9CAA7795  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:23:32.514057 24.209.98.148:4739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D7C5DBD  Ack: 0xAE01C89A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-12:23:32.548239 24.209.98.148:4739 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:58497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D7C6371  Ack: 0xAE01C89A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:38:09.842817 209.237.238.174:48619 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:10922 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD3EF6D7E  Ack: 0xE52BC8E9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 309413862 2061966615 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:39:20.499059 209.237.238.175:42109 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:17870 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD830A9AA  Ack: 0xE9A203FB  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 309128306 2062002825 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:884:8] WEB-CGI formmail access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:42:36.968162 200.61.163.73:2706 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:32397 IpLen:20 DgmLen:304 DF
***AP*** Seq: 0x208BCA2A  Ack: 0xF6B970C1  Win: 0x2058  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS226][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0172][Xref => http://www.securityfocus.com/bid/1187][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10076][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10782]

[**] [1:884:8] WEB-CGI formmail access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-12:42:36.968479 200.61.163.73:2707 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:32653 IpLen:20 DgmLen:303 DF
***AP*** Seq: 0x29F9FC3A  Ack: 0xF6A1C44A  Win: 0x2058  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS226][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0172][Xref => http://www.securityfocus.com/bid/1187][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10076][Xref => http://cgi.nessus.org/plugins/dump.php3?id=10782]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:33:48.538972 24.209.229.123:1747 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26723 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6023B592  Ack: 0xB7F12724  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:33:48.574769 24.209.229.123:1747 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:26724 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6023BB46  Ack: 0xB7F12724  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:04.727043 24.209.191.91:3963 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9457 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x656435E5  Ack: 0xE643FC7B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:05.192428 24.209.191.91:4016 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9652 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x658C3024  Ack: 0xE6014BE3  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:05.525892 24.209.191.91:4037 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:9750 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x659CDE0B  Ack: 0xE6D94D86  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:14.920890 24.209.191.91:4811 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:12616 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x67FBC6DE  Ack: 0xE74C4A7D  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:15.306175 24.209.191.91:4842 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:12745 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6813AA59  Ack: 0xE785F9F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:46:24.617872 24.209.191.91:1751 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:15997 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AAB80EA  Ack: 0xE7C0D95F  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:46:24.997840 24.209.191.91:1787 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:16088 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6AC5EE51  Ack: 0xE7707AA9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:28.344238 24.209.191.91:2083 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:17181 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6BA56A71  Ack: 0xE7979D1C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:28.636400 24.209.191.91:2101 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:17251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BB3DE32  Ack: 0xE7FD364F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:32.149712 24.209.191.91:2123 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:18289 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BC59F00  Ack: 0xE7B7240E  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:38.731428 24.209.191.91:2123 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:20531 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6BC59F00  Ack: 0xE7B7240E  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:41.370240 24.209.191.91:3221 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21337 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F0DFEF1  Ack: 0xE8B3652E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:41.652612 24.209.191.91:3237 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:21411 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6F1A1E4A  Ack: 0xE843BEE7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:45.117540 24.209.191.91:3536 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:22499 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6FF95F9E  Ack: 0xE91D73EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:48.253298 24.209.191.91:3536 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23456 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6FF95F9E  Ack: 0xE91D73EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:48.519851 24.209.191.91:3827 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23528 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x70DBB9FE  Ack: 0xE92697C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:48.966134 24.209.191.91:3853 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:23629 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x70EF9848  Ack: 0xE8E6A590  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:46:52.487430 24.209.191.91:4131 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:24667 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x71C9140A  Ack: 0xE93D14C3  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:47:08.898764 24.193.230.46:4764 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3297C93  Ack: 0xEA95090F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:47:08.951040 24.193.230.46:4764 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:52400 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB3298247  Ack: 0xEA95090F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:51.147751 24.209.191.91:3892 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:53544 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2F7495F8  Ack: 0x15A08402  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:54.467887 24.209.191.91:4242 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54719 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x307EE86A  Ack: 0x164ECBF7  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:54.819867 24.209.191.91:4270 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54791 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30942E12  Ack: 0x15F6CFCE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:55.040908 24.209.191.91:4304 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54893 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x30AD80ED  Ack: 0x161158EC  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:55.341831 24.209.191.91:4331 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:54962 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x30C2EC40  Ack: 0x162292C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:58:55.602029 24.209.191.91:4354 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:55065 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x30D53662  Ack: 0x166FB709  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/24-13:58:59.100873 24.209.191.91:4380 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x30EA1A75  Ack: 0x1641B1E9  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:59.420160 24.209.191.91:4694 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56116 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x31DD3925  Ack: 0x16ED9BDC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:58:59.821471 24.209.191.91:4722 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56214 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x31F38801  Ack: 0x16E49318  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:00.196609 24.209.191.91:4756 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56299 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x320C7AE8  Ack: 0x166F6EEC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:00.632251 24.209.191.91:4790 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:56417 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x32261436  Ack: 0x16FCB3E6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/24-13:59:22.028927 24.209.191.91:2818 -> 192.168.1.6:80
TCP TTL:117 TOS:0x0 ID:62518 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3818B35E  Ack: 0x185A2B26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]