SnortSnarf alert page

Destination: 192.168.1.6: #5301-5400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 00:48:39.633949 on 05/25/2003
Latest: 16:42:27.186401 on 05/25/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:39.633949 24.92.8.8:1574 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36402 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA37EA0B6  Ack: 0xAC979E0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-00:48:39.818979 24.92.8.8:1581 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36424 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA3847534  Ack: 0xAD26E225  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-00:48:40.025035 24.92.8.8:1585 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36453 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA3882B2C  Ack: 0xAC9C1C29  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:40.221433 24.92.8.8:1589 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36481 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA38BD2A4  Ack: 0xAD08DD3A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:43.706417 24.92.8.8:1679 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:36892 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA3DD0CB5  Ack: 0xAD649F6C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:47.082495 24.92.8.8:1823 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37382 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA453E34F  Ack: 0xACCA5F37  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:47.279252 24.92.8.8:1830 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37413 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA459B796  Ack: 0xAD55CC07  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:56.997440 24.92.8.8:2238 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38690 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA5A984A4  Ack: 0xAD6E95D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.302630 24.92.8.8:2256 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38751 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA5B7F8E2  Ack: 0xAE0BAF0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.626010 24.92.8.8:2268 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38803 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5C17DA4  Ack: 0xAE09A463  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.785121 24.92.8.8:2282 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38828 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5CD9F96  Ack: 0xAD7A4548  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-00:48:57.992085 24.92.8.8:2289 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38855 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5D2FD84  Ack: 0xAE4A18A9  Win: 0xFAF0  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-01:03:19.579716 216.221.81.96:54359 -> 192.168.1.6:80
TCP TTL:49 TOS:0x0 ID:17454 IpLen:20 DgmLen:294 DF
***AP*** Seq: 0x85D9A7DE  Ack: 0xE40218BC  Win: 0x4470  TcpLen: 32
TCP Options (3) => NOP NOP TS: 394173943 2084866177 
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-01:37:25.774607 66.196.65.24:36533 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:12475 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBDF8E593  Ack: 0x642A33FF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:16:28.361296 24.209.98.148:2304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:28371 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB803B6ED  Ack: 0xF8AB2DA4  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:16:28.388654 24.209.98.148:2304 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:28372 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB803BCA1  Ack: 0xF8AB2DA4  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:33:56.260028 24.209.44.83:3265 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5245 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BFD97F2  Ack: 0x3A8686F7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-02:33:56.290472 24.209.44.83:3265 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:5246 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8BFD9DA6  Ack: 0x3A8686F7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:33:59.610800 24.209.44.83:4076 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4239 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8C3DB53  Ack: 0x1D3B8E92  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:33:59.641815 24.209.44.83:4076 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:4240 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB8C3E107  Ack: 0x1D3B8E92  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:48:55.386053 24.171.29.23:2541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:65109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD8C0AD  Ack: 0x5556CCBF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-03:48:55.392479 24.171.29.23:2541 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:65110 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAD8C661  Ack: 0x5556CCBF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:45:26.661002 24.62.42.136:3469 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54699 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE5A06B4  Ack: 0x2B8F8CAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:45:26.669544 24.62.42.136:3469 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:54700 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE5A0C68  Ack: 0x2B8F8CAA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:58:07.416800 24.209.26.198:2529 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45424 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B276E  Ack: 0x5BBC34AC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-04:58:07.465845 24.209.26.198:2529 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45425 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x83B2D22  Ack: 0x5BBC34AC  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:06.662050 24.98.69.172:2584 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43411 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA6064C5B  Ack: 0x607F152C  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:07.234562 24.98.69.172:2602 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43484 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA6168779  Ack: 0x6003F826  Win: 0x2238  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:07.716236 24.98.69.172:2621 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43552 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA626C295  Ack: 0x609DBE8F  Win: 0x2238  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:17.283192 24.98.69.172:2844 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44651 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA6EE86A5  Ack: 0x6037B62D  Win: 0x2238  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:17.737319 24.98.69.172:2860 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44706 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6FCCF50  Ack: 0x60D97B8D  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-06:07:18.096348 24.98.69.172:2865 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44750 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA701E52F  Ack: 0x60566484  Win: 0x2238  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-06:07:18.511012 24.98.69.172:2875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:44801 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA70AD5C3  Ack: 0x60E5B0C9  Win: 0x2238  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:25.187453 24.98.69.172:2969 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45663 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA75F6F97  Ack: 0x608F3D19  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:34.711836 24.98.69.172:3338 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47036 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA89EF221  Ack: 0x62111390  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:35.259623 24.98.69.172:3355 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47137 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA8ABFCC1  Ack: 0x6197997D  Win: 0x2238  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:45.016844 24.98.69.172:3614 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48409 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA98FC046  Ack: 0x626F40A6  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:54.588643 24.98.69.172:3633 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA99F68A3  Ack: 0x62624C2A  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:55.022153 24.98.69.172:3878 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49674 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xAA78D089  Ack: 0x63649FD2  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:55.545079 24.98.69.172:3890 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49751 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA82F72D  Ack: 0x629D4A21  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:55.883119 24.98.69.172:3905 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49795 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xAA8FE468  Ack: 0x635632A8  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:07:56.417125 24.98.69.172:3917 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49869 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xAA9907BB  Ack: 0x62BFBC41  Win: 0x2238  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:42:46.030146 24.209.44.83:3092 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34685 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2526FE3F  Ack: 0xE69DE894  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-06:42:46.058216 24.209.44.83:3092 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:34686 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x252703F3  Ack: 0xE69DE894  Win: 0x4470  TcpLen: 20

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
05/25-07:53:44.479371 65.219.238.66:1307 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:13175 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0x7782BD94  Ack: 0xF2A4B56C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-08:50:58.289190 24.98.4.90:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34773 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32687CC3  Ack: 0xCA788680  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-08:50:58.299239 24.98.4.90:1615 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:34774 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x32688277  Ack: 0xCA788680  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-10:07:10.821921 24.209.33.158:3478 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38034 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7607C5C  Ack: 0xE98C55CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-10:07:10.850914 24.209.33.158:3478 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:38035 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7608210  Ack: 0xE98C55CF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-10:32:33.444375 209.237.238.173:51568 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:63030 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x3824500F  Ack: 0x4A91CEA2  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 317302342 2102359120 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-10:51:28.447834 209.237.238.174:34004 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:25187 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x7E123A1B  Ack: 0x929AC343  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 317413511 2102940449 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:14.909199 24.209.33.158:1779 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14970 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF54E5BD2  Ack: 0xCE424501  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:14.933230 24.209.33.158:1779 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14971 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF54E6186  Ack: 0xCE424501  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:27.448732 24.209.33.158:2118 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16048 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF671AEC0  Ack: 0xCEB2F2E5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:07:27.470404 24.209.33.158:2118 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:16049 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF671B474  Ack: 0xCEB2F2E5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:24:47.790116 24.209.26.198:2552 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13569 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A2A0F82  Ack: 0xF33392F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:24:47.850011 24.209.26.198:2552 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13570 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A2A1536  Ack: 0xF33392F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:54:54.420221 24.209.33.158:4544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43520 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE1D46C9  Ack: 0x8224D075  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-11:54:54.456973 24.209.33.158:4544 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:43521 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE1D4C7D  Ack: 0x8224D075  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-11:59:56.102541 64.68.82.34:51869 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:7788 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x81730BD6  Ack: 0x94AD9860  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 765466524 2105041940 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:03:52.800148 24.209.33.158:2352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17767 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A8B94F3  Ack: 0xA39793A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:03:52.822429 24.209.33.158:2352 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:17768 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1A8B9AA7  Ack: 0xA39793A9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:03.063934 24.46.127.157:4315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16280 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C6B3AAD  Ack: 0x6463711A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.061677 24.46.127.157:4339 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16346 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C820785  Ack: 0x6479549B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.193437 24.46.127.157:4344 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16361 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C85A9A1  Ack: 0x64EBBBB7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.364930 24.46.127.157:4350 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16373 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C8AC6E2  Ack: 0x6456D90C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.503206 24.46.127.157:4352 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C8CC4A4  Ack: 0x650BA52E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-12:55:04.652472 24.46.127.157:4354 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16388 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C8F57F5  Ack: 0x649B31DA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-12:55:04.802348 24.46.127.157:4356 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16399 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C914310  Ack: 0x648A0853  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:04.931807 24.46.127.157:4363 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16415 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5C9795B1  Ack: 0x6500686E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:05.074556 24.46.127.157:4369 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16432 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C9CF4D8  Ack: 0x64F7A358  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:05.221867 24.46.127.157:4372 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16441 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C9FD56C  Ack: 0x646D920F  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:14.511547 24.46.127.157:4602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:16954 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5D667CEA  Ack: 0x64D65B9B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:23.947696 24.46.127.157:4868 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17427 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5E28E389  Ack: 0x663D6BEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.480240 24.46.127.157:3033 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17590 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5E76C027  Ack: 0x661E9C7F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.632576 24.46.127.157:3036 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17600 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E79C642  Ack: 0x65ACDAC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.790368 24.46.127.157:3039 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17612 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5E7C2E76  Ack: 0x660A8FD8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-12:55:27.948241 24.46.127.157:3044 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:17629 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5E80A754  Ack: 0x65F2F8CF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-13:41:23.035060 24.209.44.83:3946 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32709 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x318077B5  Ack: 0x1445ECE6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-13:41:23.065267 24.209.44.83:3946 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:32710 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31807D69  Ack: 0x1445ECE6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:13:04.316911 24.209.229.123:2014 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25140 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA77527D4  Ack: 0x8BF36BB5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:13:04.356690 24.209.229.123:2014 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:25141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA7752D88  Ack: 0x8BF36BB5  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:25:34.064980 24.209.33.158:2164 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28994 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAFCF8EA0  Ack: 0xBA82DAA2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-14:25:34.088623 24.209.33.158:2164 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:28995 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAFCF9454  Ack: 0xBA82DAA2  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-15:17:01.338674 66.196.65.24:20933 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30930 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x87F2001D  Ack: 0x7D577893  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-15:24:19.122832 24.209.26.198:4314 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38EAF101  Ack: 0x98590298  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-15:24:19.168193 24.209.26.198:4314 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:48303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38EAF6B5  Ack: 0x98590298  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:23:28.487123 24.209.44.83:4072 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26730 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23F3596E  Ack: 0x78AA194C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:23:28.521597 24.209.44.83:4072 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:26731 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x23F35F22  Ack: 0x78AA194C  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:34:54.751629 24.25.30.57:2183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43254 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15BE56D8  Ack: 0xA3586A29  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:34:54.774414 24.25.30.57:2183 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:43255 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15BE5C8C  Ack: 0xA3586A29  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:15.729050 24.35.68.68:2401 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34606 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x56B6F2E5  Ack: 0xBF7F523F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:16.383818 24.35.68.68:2415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34677 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x56C41DE9  Ack: 0xBFB7AC66  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:19.708188 24.35.68.68:2463 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34842 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56F340E3  Ack: 0xBFF27825  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:19.918067 24.35.68.68:2468 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34863 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x56F7F160  Ack: 0xC00CFB1B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:20.124459 24.35.68.68:2471 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:34884 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x56FB1A8F  Ack: 0xC013E4EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-16:42:23.427050 24.35.68.68:2521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35034 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x572B1755  Ack: 0xBFEF0A67  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-16:42:23.837726 24.35.68.68:2530 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35064 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5733989D  Ack: 0xBFC812AF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:24.015078 24.35.68.68:2537 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35082 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x57394F38  Ack: 0xBFEDF461  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:27.186401 24.35.68.68:2580 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35198 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5765BD1B  Ack: 0xC03775C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]