SnortSnarf alert page

Destination: 192.168.1.6: #6201-6300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:47:25.025311 on 05/31/2003
Latest: 14:59:08.609616 on 06/01/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:47:25.025311 24.209.71.22:4136 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:33109 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9BA117DF  Ack: 0xA07FC0E0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:59:46.380125 24.112.153.44:4332 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40916 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5E33ABA  Ack: 0xCF86B125  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:59:47.382630 24.112.153.44:4366 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:40974 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x600A034  Ack: 0xD04CE838  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-22:59:57.241156 24.112.153.44:4511 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41422 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x692468C  Ack: 0xD0E160B9  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:06.985412 24.112.153.44:4649 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:41862 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x71D2239  Ack: 0xD165C550  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:16.735783 24.112.153.44:4783 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42246 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7A6C0F5  Ack: 0xD16DE100  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-23:00:17.192151 24.112.153.44:4787 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42256 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7AB9E91  Ack: 0xD1ECB375  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-23:00:17.690109 24.112.153.44:4793 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42279 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x7B1C6A1  Ack: 0xD1A022DB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:18.194012 24.112.153.44:4796 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42307 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7B5FA0B  Ack: 0xD1CC7BF1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:21.908388 24.112.153.44:4846 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42425 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7E6BA8C  Ack: 0xD24CDE60  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:22.430015 24.112.153.44:4851 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42449 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7EB6E37  Ack: 0xD2639D36  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:35.426867 24.112.153.44:3037 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42921 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8721948  Ack: 0xD2D4D01C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:35.949500 24.112.153.44:3069 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:42942 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x897649F  Ack: 0xD2EC4839  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:37.137345 24.112.153.44:3101 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43004 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x8B2C63C  Ack: 0xD3524BC9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:37.557718 24.112.153.44:3105 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43019 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8B60E7C  Ack: 0xD365257E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:37.935222 24.112.153.44:3110 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43043 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8BC3F9B  Ack: 0xD360248B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
05/31-23:00:38.409970 24.112.153.44:3113 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:43066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8C063C9  Ack: 0xD3437396  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
05/31-23:07:12.478706 66.196.65.24:53494 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:45596 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC3718879  Ack: 0xEB448348  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-00:16:26.977211 66.196.65.24:11051 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:5123 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEE9F5D99  Ack: 0xF0C7B698  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:28.900530 24.112.153.44:3198 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5064 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x7E0E975  Ack: 0x55527D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:38.507877 24.112.153.44:3299 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5572 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8439134  Ack: 0xCABC47  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:44.969986 24.112.153.44:3416 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:5890 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8BEA237  Ack: 0x1D2A2F1  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:47.322085 24.112.153.44:3462 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6014 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8EBDBA3  Ack: 0x13576A8  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:20:50.321844 24.112.153.44:3490 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6142 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9095632  Ack: 0x1768036  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-00:20:56.658650 24.112.153.44:3580 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6499 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x963D8F5  Ack: 0x294C622  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-00:20:59.244366 24.112.153.44:3616 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6632 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x98842AC  Ack: 0x2C70756  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:01.771658 24.112.153.44:3657 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6764 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x9AF886E  Ack: 0x2CE1E74  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:04.201287 24.112.153.44:3691 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:6900 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9D1292D  Ack: 0x22FF04F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:06.637641 24.112.153.44:3724 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7029 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x9F4610A  Ack: 0x29BBDB8  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:17.341678 24.112.153.44:3891 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7605 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA9BE363  Ack: 0x3634FA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:23.131947 24.112.153.44:3915 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:7899 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xAB329A7  Ack: 0x350BC18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:35.036660 24.112.153.44:4114 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8514 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xB7DCE0C  Ack: 0x45BC90A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:37.322602 24.112.153.44:4147 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8632 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EF374  Ack: 0x4AE1490  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:39.652474 24.112.153.44:4147 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8753 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xB9EF374  Ack: 0x4AE1490  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:42.486646 24.112.153.44:4219 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:8882 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xBE6D54E  Ack: 0x56C4D3B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-00:21:51.100104 24.112.153.44:4292 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:9326 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xC33561B  Ack: 0x5463692  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:52.852345 24.130.219.16:3105 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:7735 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x274EAC1D  Ack: 0xD9C221E1  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:57.570791 24.130.219.16:3190 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8072 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x27A23E37  Ack: 0xDA16D909  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:58.061382 24.130.219.16:3195 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8102 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x27A76D8D  Ack: 0xDA89A7AC  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:17:58.378266 24.130.219.16:3201 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8123 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x27ADEF2C  Ack: 0xDA6D8194  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:04.891770 24.130.219.16:3238 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8408 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x27D6078B  Ack: 0xDA1E6879  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-01:18:05.753549 24.130.219.16:3279 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8447 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x28000B89  Ack: 0xDB20E3B8  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-01:18:06.130584 24.130.219.16:3287 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8474 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x28082F6C  Ack: 0xDAADA8E0  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:10.164422 24.130.219.16:3338 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8683 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x283B565E  Ack: 0xDAEA4CA2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:10.928629 24.130.219.16:3346 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8742 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2843EA92  Ack: 0xDB733466  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:11.330183 24.130.219.16:3358 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x284E4737  Ack: 0xDB047E4B  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:11.701363 24.130.219.16:3365 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8815 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2855462A  Ack: 0xDAEEB167  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:12.320078 24.130.219.16:3370 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8837 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x28594081  Ack: 0xDAFD0419  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:13.223813 24.130.219.16:3384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:8887 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x28669B72  Ack: 0xDB430D8E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:16.013626 24.130.219.16:3384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9043 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x28669B72  Ack: 0xDB430D8E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:17.045581 24.130.219.16:3428 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9098 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2896028B  Ack: 0xDB22A25E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:17.423109 24.130.219.16:3448 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9143 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x28A874BE  Ack: 0xDBD43F0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-01:18:17.918509 24.130.219.16:3456 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:9191 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x28B0270D  Ack: 0xDAF6CA8E  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-01:23:10.506464 66.196.65.24:25016 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:10435 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4480302D  Ack: 0xED6B2F46  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-02:42:44.721252 66.196.65.24:4554 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:65314 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4C3BE40D  Ack: 0x1AEA93DF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-03:55:25.763799 66.196.65.24:33186 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:34851 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x538F1886  Ack: 0x2CD60785  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-04:57:03.214433 66.196.65.24:43670 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:61697 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x95178E18  Ack: 0x15EDDF33  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-06:03:41.718400 66.196.65.24:59537 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:61926 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8AF85515  Ack: 0x11D458CC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:13:25.476293 24.209.215.159:3279 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24935 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF88355D2  Ack: 0x366B7D8E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:13:25.482884 24.209.215.159:3279 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24936 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF8835B86  Ack: 0x366B7D8E  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:46:48.087892 24.58.202.219:3444 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46275 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF5620F5D  Ack: 0xB392CCAA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:46:48.118404 24.58.202.219:3444 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:46276 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF5621511  Ack: 0xB392CCAA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:48:31.439255 24.209.215.159:4187 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:39702 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA11454CD  Ack: 0xBAAA76CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:48:31.445585 24.209.215.159:4187 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:39703 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA1145A81  Ack: 0xBAAA76CE  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:49:22.210579 24.209.215.159:1373 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:43177 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA517F62F  Ack: 0xBDE69998  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-06:49:22.211903 24.209.215.159:1373 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:43178 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA517FBE3  Ack: 0xBDE69998  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:04:13.687212 24.175.36.19:1970 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:10265 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA8FFC95  Ack: 0xF6874970  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:04:13.693172 24.175.36.19:1970 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:10266 IpLen:20 DgmLen:1300 DF
***A**** Seq: 0xAA900181  Ack: 0xF6874970  Win: 0x44E8  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:20:25.344497 24.209.215.159:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38884 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3818BA9A  Ack: 0x33A736EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:20:25.350787 24.209.215.159:3994 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:38885 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3818C04E  Ack: 0x33A736EE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-07:51:15.575113 66.196.65.24:37041 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:26782 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x546EEDC8  Ack: 0xA79BC290  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:59:38.039024 24.209.215.159:4557 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:64309 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE0FF988  Ack: 0xC73443AA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-07:59:38.040057 24.209.215.159:4557 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:64310 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEE0FFF3C  Ack: 0xC73443AA  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-08:22:39.148557 24.209.215.159:3046 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23890 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x57D0B2A4  Ack: 0x1DF85278  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-08:22:39.153243 24.209.215.159:3046 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:23891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x57D0B858  Ack: 0x1DF85278  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-08:56:54.465214 66.196.65.24:49239 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:32876 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x18D961A5  Ack: 0xA0037611  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:20:39.441795 24.209.215.159:2336 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51803 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DD973D5  Ack: 0xF93529B4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:20:39.443060 24.209.215.159:2336 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:51804 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5DD97989  Ack: 0xF93529B4  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:34:55.120218 24.209.215.159:4527 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40609 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D557697  Ack: 0x2F992847  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:34:55.121245 24.209.215.159:4527 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40610 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9D557C4B  Ack: 0x2F992847  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-09:38:35.437883 66.196.73.77:41597 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:42467 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x34DDC5EA  Ack: 0x3D2D97FD  Win: 0xFAF0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:47:53.440827 24.207.34.110:3965 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39891 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xADE54E4F  Ack: 0x5F5BB1E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-09:47:53.492443 24.207.34.110:3965 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39892 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xADE55403  Ack: 0x5F5BB1E4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-09:58:04.965652 66.196.65.24:53064 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:32841 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9AEE27AA  Ack: 0x85D10713  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-11:49:17.626514 24.209.215.159:3750 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15976 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE70B6315  Ack: 0x2A6C54A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-11:49:17.632464 24.209.215.159:3750 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:15977 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE70B68C9  Ack: 0x2A6C54A0  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-11:59:17.280924 66.196.65.24:63648 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29518 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5BF657F5  Ack: 0x50405047  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-13:11:32.330643 66.196.65.24:29236 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:38543 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6C6AC6E6  Ack: 0x613816E2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:29:17.114614 24.209.215.159:1771 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59762 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89200173  Ack: 0xA46DBD72  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:29:17.115883 24.209.215.159:1771 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:59763 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x89200727  Ack: 0xA46DBD72  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:43:07.570427 24.209.215.159:1219 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40221 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0381E8C  Ack: 0xD89D3B26  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-13:43:07.571691 24.209.215.159:1219 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:40222 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC0382440  Ack: 0xD89D3B26  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:18.684774 24.209.5.98:4342 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1590 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF4FF348  Ack: 0x1E26EDD6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:18.699635 24.209.5.98:4342 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:1591 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCF4FF8FC  Ack: 0x1E26EDD6  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:32.367168 24.209.215.159:1742 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35785 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C08042  Ack: 0x1E92AE59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:01:32.368437 24.209.215.159:1742 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:35786 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9C085F6  Ack: 0x1E92AE59  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-14:12:28.450453 66.196.65.24:34986 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:24060 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x739A63D6  Ack: 0x485CAF83  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-14:18:03.534465 64.68.82.52:43214 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:3521 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x3A7565BE  Ack: 0x5CE36B29  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 826763631 2419054033 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/01-14:57:54.123699 24.209.215.159:1771 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:18005 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE252A5A6  Ack: 0xF37408BD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/01-14:59:08.609616 216.39.48.30:34333 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:17115 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0xD5F97E35  Ack: 0xF7FCFCD3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 618085625 2420318387 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]