SnortSnarf alert page

Destination: 192.168.1.6: #5401-5500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 16:42:27.379325 on 05/25/2003
Latest: 17:28:34.794480 on 05/26/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:27.379325 24.35.68.68:2588 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35216 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x576C4540  Ack: 0xBF966649  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:30.556465 24.35.68.68:2628 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35343 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x57980457  Ack: 0xC008E94C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:30.753914 24.35.68.68:2629 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5799BB75  Ack: 0xC080F104  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:33.871499 24.35.68.68:2636 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35450 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x579F6C64  Ack: 0xC041303C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:34.085568 24.35.68.68:2675 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35456 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x57C81A34  Ack: 0xC0513DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:37.007524 24.35.68.68:2675 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35593 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x57C81A34  Ack: 0xC0513DF0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:37.291594 24.35.68.68:2723 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35614 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x57F7C588  Ack: 0xC02D5AE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-16:42:43.392337 24.35.68.68:2766 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:35830 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x58240DF6  Ack: 0xC1046BAF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:06:08.779228 66.196.65.24:37236 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19130 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x110FCA51  Ack: 0xFC340074  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:15:14.139121 209.237.238.173:40701 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:48090 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xA85B9D5  Ack: 0x1F73D58C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 320078361 2116577636 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-18:22:09.983517 209.237.238.172:57215 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:54769 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x2532359A  Ack: 0x38A19332  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 320135299 2116790616 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-18:38:02.069505 24.209.98.148:1353 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64940 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC4B9FFA  Ack: 0x7415DD7D  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-18:38:02.107804 24.209.98.148:1353 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:64941 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC4BA5AE  Ack: 0x7415DD7D  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-19:02:38.249352 24.209.44.83:4734 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11129 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD6BF0F90  Ack: 0xD167E15E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-19:02:38.279831 24.209.44.83:4734 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:11130 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD6BF1544  Ack: 0xD167E15E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-21:50:22.883665 24.209.26.198:4594 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47575 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15C2F484  Ack: 0x4BB56AF7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-21:50:22.905849 24.209.26.198:4594 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:47576 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x15C2FA38  Ack: 0x4BB56AF7  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:55.176705 24.112.193.145:3426 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58267 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD448505E  Ack: 0x24DE07C4  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:56.683042 24.112.193.145:3480 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58531 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD47280A8  Ack: 0x2443DCBB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:57.677622 24.112.193.145:3539 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58692 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD4A0FA0D  Ack: 0x24AF2242  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:58.689770 24.112.193.145:3575 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:58846 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD4C07248  Ack: 0x24E245E7  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:47:59.702027 24.112.193.145:3625 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:59008 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD4EAD5BE  Ack: 0x2503C5A2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-22:48:06.702038 24.112.193.145:3790 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60119 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD57181DC  Ack: 0x24DD234B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/25-22:48:10.724121 24.112.193.145:3974 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60760 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD607EF75  Ack: 0x251CBE61  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:11.744290 24.112.193.145:4135 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:60973 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD68D7CB6  Ack: 0x254DCB54  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:14.693237 24.112.193.145:4135 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:61406 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD68D7CB6  Ack: 0x254DCB54  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:15.709587 24.112.193.145:4322 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:61621 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD72582F6  Ack: 0x260A510B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:16.741407 24.112.193.145:4362 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:61816 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD747A74E  Ack: 0x25B07B53  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:20.709632 24.112.193.145:4523 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62339 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD7CD12A9  Ack: 0x2661D95F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:24.712534 24.112.193.145:4673 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:62849 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD84CAE5A  Ack: 0x25F845E9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/25-22:48:31.753972 24.112.193.145:4855 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:64018 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD8E42C94  Ack: 0x26AFA669  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-00:06:28.079786 216.39.48.30:57533 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42015 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x38936B9F  Ack: 0x4D86E092  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 560910227 2127371278 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-00:46:29.837733 24.209.44.83:4841 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1957 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4199D8A5  Ack: 0xE474DE3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-00:46:29.869077 24.209.44.83:4841 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1958 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4199DE59  Ack: 0xE474DE3B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:27:48.645470 216.39.48.30:47250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31997 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4EE2C396  Ack: 0x62C190C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 561758098 2131714744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:27:49.004931 216.39.48.30:47250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31998 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4EE2C396  Ack: 0x62C190C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 561758134 2131714744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:27:49.723767 216.39.48.30:47250 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:31999 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4EE2C396  Ack: 0x62C190C0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 561758206 2131714744 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-02:42:41.616766 66.196.65.24:30379 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:9929 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x98FABA1D  Ack: 0x9B81492B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-04:17:07.167592 216.39.48.30:47528 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:34272 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xEAAE4537  Ack: 0xFFFA7E6C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 562413812 2135074031 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:23:20.725572 218.28.4.46:3228 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:53259 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2DAB9BE  Ack: 0x1720D1DB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:23:20.726880 218.28.4.46:3228 -> 192.168.1.6:80
TCP TTL:102 TOS:0x0 ID:53260 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC2DABF72  Ack: 0x1720D1DB  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:44:32.281446 24.209.26.198:2364 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31579 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAADA4A35  Ack: 0x684B193F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:44:32.302755 24.209.26.198:2364 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:31580 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xAADA4FE9  Ack: 0x684B193F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:52:59.930091 24.209.26.198:4069 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95EA5B2  Ack: 0x874BFE25  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-04:52:59.981425 24.209.26.198:4069 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:6986 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD95EAB66  Ack: 0x874BFE25  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-05:12:32.565987 216.39.48.30:57930 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:61181 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xBC663D75  Ack: 0xD197F3E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 562746280 2136777236 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:13:52.598074 24.209.26.198:1599 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:41206 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4AD2E23A  Ack: 0xD65B8E05  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:13:52.626346 24.209.26.198:1599 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:41207 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4AD2E7EE  Ack: 0xD65B8E05  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:42:06.822168 24.209.26.198:1977 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1847996  Ack: 0x40D54762  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-05:42:06.852839 24.209.26.198:1977 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1847F4A  Ack: 0x40D54762  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-06:05:40.550275 216.39.48.30:57941 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:45654 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x850D0225  Ack: 0x9A48ABBF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 563065014 2138409788 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-06:09:24.161510 24.209.26.198:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36313 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7092E650  Ack: 0xA87F2D3E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-06:09:24.169488 24.209.26.198:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:36314 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7092EC04  Ack: 0xA87F2D3E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-07:41:58.375909 24.209.26.198:2397 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42182 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E990694  Ack: 0x542616D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-07:41:58.398512 24.209.26.198:2397 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:42183 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E990C48  Ack: 0x542616D  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-08:22:35.311197 24.33.145.212:2516 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47978 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DBCBBDC  Ack: 0x9FEA1355  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-08:22:35.317579 24.33.145.212:2516 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:47979 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3DBCC190  Ack: 0x9FEA1355  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:05.620877 24.150.116.10:4200 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56629 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2CD385F6  Ack: 0x5A96DC92  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:06.322802 24.150.116.10:4212 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56657 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x2CDCA3B8  Ack: 0x5AB69E31  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:06.548239 24.150.116.10:4214 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56666 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2CDEA63B  Ack: 0x5B14DCDE  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:06.729268 24.150.116.10:4219 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:56683 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2CE1C647  Ack: 0x5AF78F33  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:16.133226 24.150.116.10:4411 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57139 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2D7DC2FC  Ack: 0x5ACBE34E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-09:12:16.306156 24.150.116.10:4415 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57148 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2D80D87A  Ack: 0x5AEA3FE1  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-09:12:16.530387 24.150.116.10:4418 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57158 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x2D83167E  Ack: 0x5AC0C17A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:16.732378 24.150.116.10:4419 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57168 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x2D84D106  Ack: 0x5ACB8F5C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:16.923467 24.150.116.10:4420 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57176 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D865031  Ack: 0x5B3056D5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:17.095662 24.150.116.10:4425 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57190 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D8B1005  Ack: 0x5BA1A1AC  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:17.277653 24.150.116.10:4432 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57203 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D909AB8  Ack: 0x5B94410A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:17.477969 24.150.116.10:4435 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:57218 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2D932ED4  Ack: 0x5B844794  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.199664 24.150.116.10:4697 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58030 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2E4F90BE  Ack: 0x5C385F80  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.372293 24.150.116.10:4770 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58051 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E89CADD  Ack: 0x5C846CFE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.583098 24.150.116.10:4776 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58081 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2E8E7CAB  Ack: 0x5C07A900  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-09:12:30.774300 24.150.116.10:4788 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:58114 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E978F89  Ack: 0x5C61F550  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-10:21:27.757046 216.39.48.30:46692 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:58044 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x4B90F8DB  Ack: 0x603ADF34  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 564599406 2146270628 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-10:49:52.515971 209.237.238.173:58685 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:51285 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xB601D92B  Ack: 0xCBC6E64E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 326046086 2147143781 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-11:07:19.464416 209.237.238.161:1345 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:57721 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x38471FA3  Ack: 0xD688FBD  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 373397257 2147680009 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-12:52:02.425132 24.209.26.198:2129 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20488 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824812ED  Ack: 0x981AF5D6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-12:52:02.447493 24.209.26.198:2129 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:20489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x824818A1  Ack: 0x981AF5D6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-13:18:31.388565 24.209.26.198:3770 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45489 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC3CDAB8  Ack: 0xFD9E9736  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-13:18:31.404077 24.209.26.198:3770 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45490 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEC3CE06C  Ack: 0xFD9E9736  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-13:33:54.907326 216.39.48.30:46718 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:6242 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x2247A067  Ack: 0x37A1D026  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 565753877 2152184871 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:24.880739 24.209.44.83:3531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43787 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9EFE018  Ack: 0xD3A8AF9E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:24.910481 24.209.44.83:3531 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43788 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE9EFE5CC  Ack: 0xD3A8AF9E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:33.311648 24.209.26.198:4387 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62002 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC6DE90B6  Ack: 0xD40F0699  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:15:33.328526 24.209.26.198:4387 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:62003 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC6DE966A  Ack: 0xD40F0699  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:43:34.768589 24.209.44.83:4867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8937 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1FBB9D43  Ack: 0x3EE27DA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-14:43:34.799879 24.209.44.83:4867 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:8938 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1FBBA2F7  Ack: 0x3EE27DA6  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-14:59:33.436163 209.237.238.175:49254 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:17070 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0x65552CE4  Ack: 0x7A634967  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 327249503 2154816730 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-14:59:36.411010 209.237.238.161:4539 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:59696 IpLen:20 DgmLen:177 DF
***AP*** Seq: 0xC72FE5E4  Ack: 0x7B301535  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 374790776 2154818257 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:40:44.905220 24.209.229.123:1760 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:27167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8F5C3  Ack: 0x165FB22E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:40:44.929792 24.209.229.123:1760 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:27168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C8FB77  Ack: 0x165FB22E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:43:57.022632 24.209.229.123:3576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44819 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39428773  Ack: 0x22EBE23F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:43:57.055281 24.209.229.123:3576 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:44820 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x39428D27  Ack: 0x22EBE23F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:49:49.430278 24.209.196.254:2551 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39027 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3062D83A  Ack: 0x38D1452F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:49:49.431561 24.209.196.254:2551 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:39028 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3062DDEE  Ack: 0x38D1452F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:58:07.012977 24.209.229.123:4699 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55742 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DC40E7D  Ack: 0x58DB32F1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-15:58:07.038584 24.209.229.123:4699 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:55743 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x8DC41431  Ack: 0x58DB32F1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/26-17:14:28.984556 66.196.65.24:42983 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:13693 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6C2CA47A  Ack: 0x786C2135  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:28:28.701628 24.209.196.254:2814 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1408 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x618CDD4  Ack: 0xADEA703A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/26-17:28:34.794480 24.209.196.254:2814 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:1841 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x618D388  Ack: 0xADEA703A  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]