SnortSnarf alert page

Destination: 192.168.1.6: #5801-5900

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 20:38:00.878264 on 05/28/2003
Latest: 12:46:20.361588 on 05/29/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:38:00.878264 24.136.155.112:2051 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4807 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F0AA55C  Ack: 0xF877E0A6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:56:20.054828 24.209.26.198:1096 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D14450F  Ack: 0x3ECD3567  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-20:56:20.142307 24.209.26.198:1096 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63604 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x1D144AC3  Ack: 0x3ECD3567  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:00:27.632474 216.39.48.30:55473 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18682 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x161AFBDB  Ack: 0x307B5898  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 586068782 2256256306 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:13:00.230181 66.196.65.24:35164 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:37932 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF52BC887  Ack: 0x6019F830  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:15:01.918597 24.209.26.198:2885 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD43294B8  Ack: 0x66C4AA1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:15:01.962595 24.209.26.198:2885 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:10558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD4329A6C  Ack: 0x66C4AA1E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:18.082353 24.160.16.46:3283 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51508 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x17BA04BD  Ack: 0x9CEA3D65  Win: 0xFDE8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:20.303663 24.160.16.46:3459 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:52091 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x183BEC8D  Ack: 0x9D6B51FB  Win: 0xFDE8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:22.304106 24.160.16.46:3584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:52611 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x189B4991  Ack: 0x9CC06128  Win: 0xFDE8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:24.215346 24.160.16.46:3732 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53123 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x190A38C4  Ack: 0x9D1C3E7B  Win: 0xFDE8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:25.925554 24.160.16.46:3867 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53595 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x196FFB37  Ack: 0x9CE715EF  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:29:27.931944 24.160.16.46:3992 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:54078 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x19C6B3E2  Ack: 0x9D0808C3  Win: 0xFDE8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/28-22:29:30.014118 24.160.16.46:4128 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:54583 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x1A308CBF  Ack: 0x9D4E266A  Win: 0xFDE8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:32.112087 24.160.16.46:4281 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:55128 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x1AA56686  Ack: 0x9D7358FB  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:43.009178 24.160.16.46:3507 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58463 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1D5BA682  Ack: 0x9EA6CBD6  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:44.812895 24.160.16.46:3612 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58881 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1DAF92CB  Ack: 0x9ED9199E  Win: 0xFDE8  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:46.645121 24.160.16.46:3728 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59318 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1E087EA6  Ack: 0x9E2B1D14  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:47.018873 24.160.16.46:3853 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59547 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x1E68CB79  Ack: 0x9EB46F5E  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:47.317569 24.160.16.46:3910 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59724 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x1E949615  Ack: 0x9F03309D  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:47.581283 24.160.16.46:3949 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59842 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1EAD1542  Ack: 0x9F245D77  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:51.313063 24.160.16.46:3949 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:60673 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x1EAD1542  Ack: 0x9F245D77  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:29:58.210982 24.160.16.46:4775 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62304 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x208B9852  Ack: 0x9F98BFC5  Win: 0xFDE8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:30:00.059216 24.160.16.46:4948 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:62733 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x20EA69FB  Ack: 0x9FBB4775  Win: 0xFDE8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:52:46.855718 24.209.229.123:3295 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63613 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x335DF7FB  Ack: 0xF679C351  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/28-22:52:46.878384 24.209.229.123:3295 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63614 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x335DFDAF  Ack: 0xF679C351  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:20:58.542391 24.118.110.94:3980 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:35228 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A69438C  Ack: 0x42234FC3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:20:58.550615 24.118.110.94:3980 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:35229 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2A694940  Ack: 0x42234FC3  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:19.361594 24.162.219.203:3269 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23137 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8485DE51  Ack: 0x9353B233  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:20.236159 24.162.219.203:3287 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23200 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8496F109  Ack: 0x935B852E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:21.665495 24.162.219.203:3300 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23270 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x84A371E6  Ack: 0x93BB7FCE  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:23.267394 24.162.219.203:3321 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23361 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x84B8CBB1  Ack: 0x93F875C4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:25.356272 24.162.219.203:3341 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:23468 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x84CDAAEE  Ack: 0x94552875  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-00:42:36.781811 24.162.219.203:3485 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24048 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x85653AD1  Ack: 0x94BFF428  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-00:42:37.934608 24.162.219.203:3510 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24112 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x857EC3EB  Ack: 0x94B487BF  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:49.964706 24.162.219.203:3642 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24715 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x86079E24  Ack: 0x961233CF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:52.473693 24.162.219.203:3667 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24846 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86214C06  Ack: 0x9714ABCA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:42:55.051158 24.162.219.203:3702 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:24973 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86431920  Ack: 0x96DD3196  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:06.724716 24.162.219.203:3842 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:25613 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x86D85EC7  Ack: 0x97D4688A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:18.813238 24.162.219.203:4004 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26418 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x877E906B  Ack: 0x98AD0B83  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:20.955205 24.162.219.203:4035 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26588 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x879E3135  Ack: 0x988804D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:23.315846 24.162.219.203:4074 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26759 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x87C2658D  Ack: 0x98B73190  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:25.411266 24.162.219.203:4102 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:26911 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x87E09F54  Ack: 0x98848A98  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-00:43:27.949047 24.162.219.203:4135 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:27073 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88011E5B  Ack: 0x992E75A2  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:00.581667 24.99.49.210:3251 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8240 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7A137434  Ack: 0xDACF0E05  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:01.436227 24.99.49.210:3297 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8331 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x7A391AB5  Ack: 0xDAAB6824  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:01.824412 24.99.49.210:3303 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8363 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7A3F32C5  Ack: 0xDAAF6D79  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:11.834661 24.99.49.210:3563 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9120 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x7B22EA72  Ack: 0xDAE4C386  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:12.092766 24.99.49.210:3576 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9152 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7B2EB695  Ack: 0xDB56CA63  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-01:01:12.375934 24.99.49.210:3587 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9183 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B373B56  Ack: 0xDAE35950  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-01:01:12.627927 24.99.49.210:3596 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9208 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B3F08AE  Ack: 0xDB4DB6E0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.229288 24.99.49.210:3872 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10045 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7C30BF0F  Ack: 0xDBD42FC3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.401935 24.99.49.210:3881 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10068 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C38BA41  Ack: 0xDC34721F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.730637 24.99.49.210:3888 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10088 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C3EBC43  Ack: 0xDC153484  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:22.995005 24.99.49.210:3897 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10116 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C47B977  Ack: 0xDBDE7430  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:23.333086 24.99.49.210:3906 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10148 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C4FEB62  Ack: 0xDBABD5AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:23.564302 24.99.49.210:3924 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10174 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7C5DFBDF  Ack: 0xDBDA01C1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:26.953300 24.99.49.210:3931 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10482 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C646A52  Ack: 0xDC0C7901  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:27.160433 24.99.49.210:4034 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10510 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7CC04AA5  Ack: 0xDC2B9E7E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:01:27.458063 24.99.49.210:4042 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:10539 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7CC63EF6  Ack: 0xDC007D32  Win: 0xFAF0  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:07:11.829346 24.209.229.123:2320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50668 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C89CFBF  Ack: 0xF2018387  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:07:11.851106 24.209.229.123:2320 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:50669 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3C89D573  Ack: 0xF2018387  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:16:00.098951 24.209.26.198:3739 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45285 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C593B42  Ack: 0x139D7E2F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:16:00.139735 24.209.26.198:3739 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:45286 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x6C5940F6  Ack: 0x139D7E2F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:44:30.606719 24.126.90.163:2925 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:52443 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81C599A8  Ack: 0x7DC888C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-01:44:30.612942 24.126.90.163:2925 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:52444 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81C59F5C  Ack: 0x7DC888C2  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:38:09.724807 24.209.26.198:4399 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51296 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF225E87E  Ack: 0x48C9B994  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:38:09.756089 24.209.26.198:4399 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51297 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF225EE32  Ack: 0x48C9B994  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:58:55.426295 24.209.26.198:3642 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1040 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50EA7365  Ack: 0x97DE7379  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-02:58:55.448808 24.209.26.198:3642 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1041 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x50EA7919  Ack: 0x97DE7379  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:15:25.687384 66.196.65.24:62335 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:27978 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9AC2765D  Ack: 0xD6518F00  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:32:36.314988 216.39.48.30:49454 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:20409 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xFCDB55AD  Ack: 0x168B4303  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 588061223 2266463397 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:22.277176 24.126.82.22:4347 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:2959 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x41BE12E2  Ack: 0x5A520401  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:22.719243 24.126.82.22:4369 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3040 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x41D24DD5  Ack: 0x5A60850E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:23.231650 24.126.82.22:4386 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:3143 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x41E25534  Ack: 0x5A63E39A  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:32.988972 24.126.82.22:4774 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:4822 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x434FF6C8  Ack: 0x5B4F7EB3  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:42.800119 24.126.82.22:1203 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6505 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x44BA3ED2  Ack: 0x5C0820F6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:50:43.604007 24.126.82.22:1231 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:6627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x44D1B925  Ack: 0x5BD6F0BA  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-03:50:56.519028 24.126.82.22:1567 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8661 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x4603794C  Ack: 0x5C9395F3  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.055348 24.126.82.22:1696 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8789 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x467E862F  Ack: 0x5C9E3337  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.380428 24.126.82.22:1716 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8876 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46907F8C  Ack: 0x5C5CDE10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:50:57.699298 24.126.82.22:1735 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:8961 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x46A2BB8C  Ack: 0x5D037C2D  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:07.093439 24.126.82.22:2160 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:10765 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x48118295  Ack: 0x5CCCBE7B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:16.780935 24.126.82.22:2580 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:12595 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x49879194  Ack: 0x5E2C72B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:20.792011 24.126.82.22:2757 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13383 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4A281F87  Ack: 0x5E66F1C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:21.482082 24.126.82.22:2781 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:13494 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x4A3D5226  Ack: 0x5DB664B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-03:51:31.145474 24.126.82.22:3248 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:15520 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x4BD6E5CB  Ack: 0x5E89C42C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-10:08:30.282478 209.237.238.172:52644 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:23631 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0xD3D85B5F  Ack: 0xEFBA81BA  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 351733536 2278629671 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-10:35:58.035580 24.125.88.136:2163 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18394 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x759A15AA  Ack: 0x5684F374  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-10:35:58.075861 24.125.88.136:2163 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:18395 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x759A1B5E  Ack: 0x5684F374  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:05:43.465257 66.196.65.24:47542 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:56014 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x203598AD  Ack: 0xA9837700  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:43:31.135094 129.137.204.172:1051 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:118 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x4666A8CD  Ack: 0x3874D5A5  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:43:31.509608 129.137.204.172:1051 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:119 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x4666A96D  Ack: 0x3874D713  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:43:31.733406 129.137.204.172:1052 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:127 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x1F17FAE0  Ack: 0x38F68246  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:01.439356 24.201.23.63:3123 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39882 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xDEFA97FB  Ack: 0x41C49D6D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:03.686116 24.201.23.63:3148 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:39986 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xDF15BB79  Ack: 0x41B55FFE  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:05.207685 24.201.23.63:3174 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40061 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDF304218  Ack: 0x41C373E4  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:16.620890 24.201.23.63:3315 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40628 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xDFBC52B2  Ack: 0x4259AF7E  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/29-12:46:19.181164 24.201.23.63:3343 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40755 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xDFD88460  Ack: 0x43475AEF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/29-12:46:20.361588 24.201.23.63:3379 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:40859 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xDFFBB5AC  Ack: 0x4322D1A9  Win: 0xFAF0  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]