SnortSnarf alert page

Destination: 192.168.1.6: #6501-6600

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 12:55:30.903976 on 06/03/2003
Latest: 10:49:50.752692 on 06/05/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-12:55:30.903976 24.34.176.236:4189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:14197 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C7063A  Ack: 0xA4C738B5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-12:55:30.912666 24.34.176.236:4189 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:14198 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x25C70BEE  Ack: 0xA4C738B5  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-13:31:04.993367 66.196.65.24:21515 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:52066 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x45966A69  Ack: 0x2AD3FBAA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-15:06:24.815173 66.196.65.24:58992 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3833 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6ABB5230  Ack: 0x92806F52  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-16:14:04.499162 66.196.65.24:39701 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:65002 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6E9FD8AE  Ack: 0x9293B3B6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-17:16:25.165854 66.196.65.24:5434 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:4215 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6D1505B7  Ack: 0x7D5B7492  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-18:23:50.178370 66.196.65.24:43505 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50891 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x26E6E264  Ack: 0x7D039C77  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-19:26:40.884592 66.196.65.24:65242 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19900 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6CBD70A7  Ack: 0x6A5A5C7F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-20:17:53.993985 216.39.48.30:44621 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:40556 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x58F99FE  Ack: 0x2C255000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 637274021 2518618829 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-20:17:54.411111 216.39.48.30:44621 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:40557 IpLen:20 DgmLen:221 DF
***AP*** Seq: 0x58F99FE  Ack: 0x2C255000  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 637274063 2518618829 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-20:53:44.708981 66.196.65.24:10706 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:50 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBCE8923E  Ack: 0xB36E63ED  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-21:03:42.015496 24.242.253.122:1946 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:41720 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x18A80C72  Ack: 0xD84444C0  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-21:22:10.117336 24.239.167.179:1224 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:34039 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x48008B3B  Ack: 0x1D9C5B42  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-21:22:13.834845 24.239.167.179:1422 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:35081 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x489F5EE8  Ack: 0x1D892424  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-22:00:02.952295 66.196.65.24:37094 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:45489 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8B98DB23  Ack: 0xAEA09C93  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-22:38:58.338179 24.209.34.185:3254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14450 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5715023  Ack: 0x40D1DA93  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-22:38:58.361060 24.209.34.185:3254 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:14451 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x57155D7  Ack: 0x40D1DA93  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/03-23:02:50.773588 66.196.65.24:57647 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:11646 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF05674EB  Ack: 0x9B1B55BC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:16:13.141858 24.209.34.185:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1486 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFD7CD26  Ack: 0xCC50A505  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:16:13.181521 24.209.34.185:3789 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:1487 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCFD7D2DA  Ack: 0xCC50A505  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:49:51.680217 24.209.98.148:3700 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:17208 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB692D3FC  Ack: 0x4BBF0C80  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/03-23:49:51.706911 24.209.98.148:3700 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:17209 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB692D9B0  Ack: 0x4BBF0C80  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-00:20:06.662572 66.196.65.24:42492 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:59314 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4D65DFCF  Ack: 0xBE923EEF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-01:10:59.142757 24.209.34.185:1941 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49092 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E0FE74F  Ack: 0x7F4D505A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-01:10:59.165121 24.209.34.185:1941 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:49093 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2E0FED03  Ack: 0x7F4D505A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-01:27:18.953224 66.196.65.24:2197 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27752 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB20E0F17  Ack: 0xBC34D86C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-02:37:09.162440 66.196.65.24:36135 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:22953 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA9B72177  Ack: 0xC4F013AA  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-03:37:20.502358 66.196.65.24:39526 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:29259 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF0792FF6  Ack: 0xA727FC7F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-04:50:25.147705 24.209.34.185:2119 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7715 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x53B12313  Ack: 0xBB0D94DD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-04:50:25.170224 24.209.34.185:2119 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:7716 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x53B128C7  Ack: 0xBB0D94DD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-05:23:01.899233 66.196.65.24:16351 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:12722 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA1439A73  Ack: 0x36899B94  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:41.135041 24.98.140.134:2350 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:31518 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x766D19B5  Ack: 0x237DC83B  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:41.722824 24.98.140.134:2386 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:31595 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x768C1545  Ack: 0x22AF96A9  Win: 0xF990  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:51.278363 24.98.140.134:2728 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:32856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77A74A59  Ack: 0x234C9911  Win: 0xF990  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:25:51.753576 24.98.140.134:2758 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:32953 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x77C08CCC  Ack: 0x23A54196  Win: 0xF990  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:01.245198 24.98.140.134:3136 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34324 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x78FCD28C  Ack: 0x2443E3B2  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-06:26:01.743329 24.98.140.134:3155 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34407 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x790C1EC3  Ack: 0x2411E10E  Win: 0xF990  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-06:26:02.294797 24.98.140.134:3175 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34471 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x791D3790  Ack: 0x24B650B7  Win: 0xF990  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:02.739746 24.98.140.134:3187 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:34548 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x7928C4E4  Ack: 0x242DD4CC  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:12.447023 24.98.140.134:3592 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36017 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A75A492  Ack: 0x2537132D  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:15.696532 24.98.140.134:3611 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36577 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A858A63  Ack: 0x24F35337  Win: 0xF990  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:16.145478 24.98.140.134:3758 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:36650 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7B0161A4  Ack: 0x259DE9CF  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:25.746211 24.98.140.134:4146 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:37952 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7C42BF17  Ack: 0x25712B10  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:26.045707 24.98.140.134:4159 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:38020 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7C4E128B  Ack: 0x2609D67F  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:35.442020 24.98.140.134:4168 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:39596 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7C55CEE9  Ack: 0x255446A6  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:38.638781 24.98.140.134:4595 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:40130 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7DAC8A57  Ack: 0x26F81223  Win: 0xF990  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-06:26:39.122268 24.98.140.134:4836 -> 192.168.1.6:80
TCP TTL:47 TOS:0x0 ID:40179 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7E1ECBD7  Ack: 0x26CBBB1F  Win: 0xF990  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-06:48:23.417907 66.196.65.24:13404 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:21676 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x913C2691  Ack: 0x79945043  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-07:50:31.231954 66.196.65.24:27265 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:13373 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x1CCAB0D6  Ack: 0x636CE734  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-09:37:14.861336 66.196.65.24:15845 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:59036 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5DC77D77  Ack: 0xF7A03BFF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-10:41:21.282865 66.196.65.24:35846 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38240 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x53CE6A5D  Ack: 0xE99DC59D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-12:08:12.860362 66.196.65.24:50623 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:6123 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEFD4BEC5  Ack: 0x318075D9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-12:09:47.747590 64.68.82.36:33465 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:40141 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xF70B7AD  Ack: 0x365DED38  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 851914295 2547867727 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-12:19:56.940244 24.118.120.204:3282 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18557 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B50C24B  Ack: 0x5DB6F330  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-12:19:57.074913 24.118.120.204:3282 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:18558 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2B50C7FF  Ack: 0x5DB6F330  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-13:15:48.909104 66.196.65.24:18064 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:63856 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC543AA33  Ack: 0x318E960C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-14:19:33.726719 66.196.65.24:41461 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:20909 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCD12C9A5  Ack: 0x219B7621  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-15:20:08.474264 66.196.65.24:58870 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:51168 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEF7B6A7F  Ack: 0x70067A0  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-16:28:14.201619 66.196.65.24:29661 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:7502 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x69E646BB  Ack: 0x7B5D0B5  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:20.296093 24.57.13.78:4783 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24222 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xEB66E46B  Ack: 0x62D170FA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:24.381900 24.57.13.78:4875 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:24619 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xEBB9939D  Ack: 0x62E05EC2  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:27.658111 24.57.13.78:4971 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25006 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC0B1595  Ack: 0x63D1FED6  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:27.992283 24.57.13.78:4980 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25051 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xEC128FB4  Ack: 0x63BAAE2E  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:31.220761 24.57.13.78:1108 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25416 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEC5F6426  Ack: 0x637DECFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-16:52:31.469349 24.57.13.78:1122 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25460 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xEC6ACD25  Ack: 0x635010B1  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-16:52:34.721595 24.57.13.78:1192 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25780 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xECA9389E  Ack: 0x63C10E56  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:34.962170 24.57.13.78:1197 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25806 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xECADFCE2  Ack: 0x638C5D7C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:35.260032 24.57.13.78:1205 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25830 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECB4ACDF  Ack: 0x644EE4FD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:35.596768 24.57.13.78:1212 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25871 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xECBA18A9  Ack: 0x6440603A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:39.050793 24.57.13.78:1294 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26251 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED027B4A  Ack: 0x645C713B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.209677 24.57.13.78:1359 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26753 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xED3CA8CC  Ack: 0x64272BFB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.395079 24.57.13.78:1411 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26778 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xED70E1E7  Ack: 0x6479C5F3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.553928 24.57.13.78:1416 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26798 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED74B412  Ack: 0x6500A0F2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.731633 24.57.13.78:1423 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26818 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xED7B1422  Ack: 0x64253832  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/04-16:52:45.917442 24.57.13.78:1429 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:26838 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xED7FC83B  Ack: 0x645F27F9  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-17:41:43.472202 66.196.65.24:12518 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24957 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAB1C9BD2  Ack: 0x1C4F377A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-18:46:55.797471 66.196.65.24:35892 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:4713 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x42894660  Ack: 0x14293681  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-20:11:22.209535 66.196.65.24:35809 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24090 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDE899D78  Ack: 0x524CB48D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-21:32:21.772371 66.196.65.24:27398 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:33317 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCAB6BEDB  Ack: 0x853612A9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:2091:2] WEB-IIS WEBDAV nessus safe scan attempt [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 1] 
06/04-21:34:06.925978 210.93.94.171:2669 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:2931 IpLen:20 DgmLen:71 DF
***AP*** Seq: 0xB42CFB76  Ack: 0x8AF10D90  Win: 0x4470  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=11412][Xref => http://www.securityfocus.com/bid/7116][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-22:40:30.078116 66.196.65.24:59457 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:57737 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x65E4AB4F  Ack: 0x8651AD79  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/04-23:42:20.679354 66.196.65.24:8806 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32232 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x98199BA9  Ack: 0x6FBF3494  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-00:42:32.362952 66.196.65.24:22274 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38882 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xF12D2A55  Ack: 0x52BBF62C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-02:01:26.105623 66.196.65.24:18340 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:53318 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA0A33B89  Ack: 0x7D2F8EB6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-02:52:10.747235 66.196.65.35:50225 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:40443 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x711B136C  Ack: 0x3D0FE63E  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11117823 2574987755 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-03:34:35.373317 66.196.65.24:35495 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:5658 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xEF78080D  Ack: 0xDE1CB6B7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-04:06:50.984198 66.196.65.35:36579 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:39815 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDC210B9E  Ack: 0x57219460  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 11565813 2577282455 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-04:20:38.967232 24.102.203.62:1454 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:21132 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6696C533  Ack: 0x89BF60EB  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-04:40:26.900225 66.196.65.24:57585 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24438 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBFEBF989  Ack: 0xD4D97901  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-05:53:44.767407 66.196.65.24:33476 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:30678 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x412857C6  Ack: 0xEA66F447  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-06:05:50.407186 66.196.65.35:38891 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:14663 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF2248FD  Ack: 0x17CADF33  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 12279692 2580939079 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-06:58:35.164506 66.196.65.24:48910 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:53877 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7FA50E4A  Ack: 0xDFCA1FB6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-07:06:35.178310 66.196.65.35:40253 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:21843 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x48D11484  Ack: 0xFE7DC033  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 12644145 2582805885 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-08:03:46.216965 66.196.65.24:64112 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:32195 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7562F325  Ack: 0xD57ABF33  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-08:44:15.009648 66.196.65.35:58181 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:35528 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA48FE203  Ack: 0x6E92EC21  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 13230081 2585807160 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-09:15:47.322280 66.196.65.24:29082 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27291 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3046EC7D  Ack: 0xE619EC19  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-09:48:26.054834 66.196.65.35:59281 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:218 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6081BDCF  Ack: 0x60B041A3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 13615158 2587779606 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:47.030150 66.196.65.35:59120 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:55804 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xAF7FA7  Ack: 0x49EFA1E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 13983228 2589664935 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:50.172773 129.137.203.234:1042 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:101 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0xDACC2939  Ack: 0x497DA397  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:50.752692 129.137.203.234:1042 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:102 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xDACC29D9  Ack: 0x497DA505  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]