SnortSnarf alert page

Destination: 192.168.1.6: #6601-6700

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 10:49:50.992547 on 06/05/2003
Latest: 11:18:10.688427 on 06/06/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-10:49:50.992547 129.137.203.234:1043 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:107 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xDBB5CB0E  Ack: 0x498FCE42  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-11:06:11.463644 66.196.65.24:16071 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:31321 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7DC13586  Ack: 0x87A5ADA9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-11:54:27.354265 66.196.65.35:59414 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:50669 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xCDB0C458  Ack: 0x3D602F62  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 14371230 2591652352 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-12:42:57.520816 66.196.65.24:34872 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3852 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2305CFFB  Ack: 0xF464C6CD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-12:57:13.729132 24.98.69.172:1259 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x731617B9  Ack: 0x2A57B127  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-12:57:13.761164 24.98.69.172:1259 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:46362 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x73161D6D  Ack: 0x2A57B127  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-13:44:10.730549 66.196.65.35:48219 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:39129 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x7603329D  Ack: 0xDB3820FC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 15029519 2595024241 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-13:46:55.559254 66.196.65.24:46114 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:40242 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x47B5D39E  Ack: 0xE5383DD0  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-14:20:40.720694 24.103.146.165:1141 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18299 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x82295C65  Ack: 0x6658E46D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-14:20:40.785132 24.103.146.165:1141 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:18300 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x82296219  Ack: 0x6658E46D  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-15:16:05.053501 129.137.203.234:1053 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:139 IpLen:20 DgmLen:200 DF
***AP*** Seq: 0x2A5ECA83  Ack: 0x371F4717  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-15:16:08.793671 129.137.203.234:1053 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:140 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0x2A5ECB23  Ack: 0x371F4885  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-15:16:09.108807 129.137.203.234:1054 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:144 IpLen:20 DgmLen:217 DF
***AP*** Seq: 0xE8123C95  Ack: 0x37EF575F  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:02:56.408194 129.137.203.234:1116 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:696 IpLen:20 DgmLen:182 DF
***AP*** Seq: 0x45E88B82  Ack: 0xE7F43182  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:02:56.880257 129.137.203.234:1116 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:697 IpLen:20 DgmLen:198 DF
***AP*** Seq: 0x45E88C10  Ack: 0xE7F432F0  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-16:25:10.333035 24.34.222.52:4454 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34991 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E1DE18B  Ack: 0x3B360E10  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-16:25:10.341095 24.34.222.52:4454 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:34992 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3E1DE73F  Ack: 0x3B360E10  Win: 0x4470  TcpLen: 20

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:28:30.420409 129.137.203.234:1374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18648 IpLen:20 DgmLen:182 DF
***AP*** Seq: 0x31A1CC2B  Ack: 0x47EABDF7  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:28:30.758765 129.137.203.234:1374 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18649 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x31A1CCB9  Ack: 0x47EABF65  Win: 0x437A  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:28:46.049826 129.137.203.234:1379 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:18666 IpLen:20 DgmLen:199 DF
***AP*** Seq: 0x2E147128  Ack: 0x49941D69  Win: 0x44E8  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-16:34:18.486434 66.196.65.35:39051 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:52678 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x84440CD0  Ack: 0x5E2CBBAF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 16050217 2600252463 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-17:12:02.990160 24.130.80.176:4522 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:58531 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x159D7CCF  Ack: 0xED1EB2FE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-17:12:02.998572 24.130.80.176:4522 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:58532 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x159D8283  Ack: 0xED1EB2FE  Win: 0x4470  TcpLen: 20

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/05-18:04:08.905220 64.159.2.135 -> 192.168.1.6
ICMP TTL:244 TOS:0x0 ID:0 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:59127 -> 198.6.49.5:53
UDP TTL:53 TOS:0x0 ID:0 IpLen:20 DgmLen:80 DF
Len: 52
** END OF DUMP

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-18:19:30.059462 66.196.65.35:38970 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:60304 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5B0563F7  Ack: 0xECD1894C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 16681327 2603485116 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-19:55:01.161123 66.196.65.35:39284 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:21056 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF6C145C7  Ack: 0x5563DDC9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 17254394 2606420504 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:05.581796 24.114.7.121:4475 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11620 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x8E9825D0  Ack: 0x5CF526C8  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:11.161978 24.114.7.121:4593 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12095 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x8F00A2BA  Ack: 0x5D48FE0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:19.606026 24.114.7.121:4791 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12915 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8FAA6AB7  Ack: 0x5CF0C51B  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:29.076647 24.114.7.121:3100 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:13819 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x905B7DA9  Ack: 0x5DB6DF36  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:33.035258 24.114.7.121:3100 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14160 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x905B7DA9  Ack: 0x5DB6DF36  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-19:57:38.340869 24.114.7.121:3229 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:14606 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x90D15517  Ack: 0x5E26C223  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-20:01:46.144573 24.164.115.194:2308 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:36602 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B120CDA  Ack: 0x6DE4AB00  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-20:01:46.178045 24.164.115.194:2308 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:36603 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3B12128E  Ack: 0x6DE4AB00  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-21:13:06.159820 24.174.88.220:4103 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61410 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F02657F  Ack: 0x7BDEA12B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-21:13:06.176696 24.174.88.220:4103 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:61411 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3F026B33  Ack: 0x7BDEA12B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:04:23.686022 24.209.98.148:1501 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:36302 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CA35A95  Ack: 0x3CD1B4DC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:04:23.716529 24.209.98.148:1501 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:36303 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9CA36049  Ack: 0x3CD1B4DC  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-22:11:20.351487 66.196.65.35:47056 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18265 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x48BD3CF2  Ack: 0x57D5B78C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18072249 2610609703 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:12.740821 24.74.152.249:4531 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2820 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xD52EE881  Ack: 0xCFF3895D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:13.207795 24.74.152.249:4540 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2879 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xD535E9D0  Ack: 0xD029DAC5  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:13.431856 24.74.152.249:4545 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:2908 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD53B3914  Ack: 0xD030B07F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:17.026622 24.74.152.249:4660 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:3442 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xD598AB63  Ack: 0xD07D9DF4  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:20.484548 24.74.152.249:4792 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4088 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD6030250  Ack: 0xD0C2CD5C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-22:43:20.700239 24.74.152.249:4798 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4119 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD6088E22  Ack: 0xD058C41E  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-22:43:20.882192 24.74.152.249:4805 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4142 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xD60EB916  Ack: 0xD0807AD5  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:21.103432 24.74.152.249:4808 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4175 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xD6124444  Ack: 0xD0D188CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:24.572038 24.74.152.249:4888 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:4602 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6598D21  Ack: 0xD04ED716  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:28.169774 24.74.152.249:4975 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5069 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6A82B05  Ack: 0xD0CDF59A  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:28.373347 24.74.152.249:4982 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5102 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD6AD3C14  Ack: 0xD0846627  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:32.602562 24.74.152.249:1148 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5712 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xD7212394  Ack: 0xD1194C80  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:33.005911 24.74.152.249:1162 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5760 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xD72DAAA3  Ack: 0xD0B47D7A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:33.440293 24.74.152.249:1168 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5805 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD733995E  Ack: 0xD0C3B71E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:33.943017 24.74.152.249:1184 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5865 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xD740ABF1  Ack: 0xD0C958DA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:43:37.997678 24.74.152.249:1298 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:6359 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xD7A3F87A  Ack: 0xD1DBC2A2  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/05-22:58:10.918122 200.39.200.135:3847 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:64235 IpLen:20 DgmLen:99 DF
***AP*** Seq: 0x2CDDFE5C  Ack: 0x9BF1436  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/05-23:24:04.276528 66.196.65.35:37206 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38533 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6ECC8D6  Ack: 0x6B7C5A22  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18508608 2612844840 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-00:32:39.001406 66.196.65.35:49358 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22120 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF2652DEB  Ack: 0x6DCA6CA3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 18920052 2614952340 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:11.342030 24.114.7.121:4651 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3033 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6ACD0D70  Ack: 0x86E56B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:14.322657 24.114.7.121:4651 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3187 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6ACD0D70  Ack: 0x86E56B18  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:15.963261 24.114.7.121:4707 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3279 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6B0801EE  Ack: 0x879AF63B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:16.224137 24.114.7.121:4711 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3304 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B0BCD56  Ack: 0x878D6D1F  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:16.488833 24.114.7.121:4718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3328 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B1195B7  Ack: 0x872C8F4C  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:19.433034 24.114.7.121:4718 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3471 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6B1195B7  Ack: 0x872C8F4C  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:19.937577 24.114.7.121:4766 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3485 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6B417700  Ack: 0x86FED93D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-00:39:20.200961 24.114.7.121:4770 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3496 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6B45EB01  Ack: 0x87CE3005  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-00:39:20.471762 24.114.7.121:4772 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3513 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6B483798  Ack: 0x87763205  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:20.705101 24.114.7.121:4775 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3521 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6B4B9C0C  Ack: 0x8740988C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:24.383713 24.114.7.121:4834 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3763 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B836387  Ack: 0x880817E2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:24.611918 24.114.7.121:4842 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:3789 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6B8A2CEA  Ack: 0x8727C953  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:34.191745 24.114.7.121:3022 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4377 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C0CB373  Ack: 0x885B14A5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:37.728154 24.114.7.121:3064 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4578 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C35F023  Ack: 0x88AA66DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:37.962864 24.114.7.121:3066 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4595 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C38E848  Ack: 0x88775556  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:38.149265 24.114.7.121:3071 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4606 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C3D312C  Ack: 0x889E6130  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:41.237975 24.114.7.121:3071 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4678 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C3D312C  Ack: 0x889E6130  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:41.539897 24.114.7.121:3097 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4701 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6C5BAF23  Ack: 0x8867DAC6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-00:39:45.075645 24.114.7.121:3147 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:4914 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C8EC929  Ack: 0x89268FFF  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-02:05:09.339657 66.196.65.35:47711 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:65028 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3B63122C  Ack: 0xCB86E76A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 19475041 2617795097 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-03:11:24.390477 66.196.65.35:50386 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22628 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8F4DA6C2  Ack: 0xC5654DBC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 19872515 2619831028 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-04:15:05.103737 66.196.65.35:35861 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:23327 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x44F38BF7  Ack: 0xB4E37950  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 20254556 2621787936 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-06:30:40.599467 66.196.65.35:52693 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9577 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x562592F6  Ack: 0xB603AF9D  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 21068046 2625954781 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-07:31:07.825858 66.196.65.35:47375 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:60916 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xBB394D76  Ack: 0x9A9158D6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 21430739 2627812568 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-09:10:17.496547 66.196.65.35:46746 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:8782 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x97C1FC6C  Ack: 0x11712E60  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22025656 2630859854 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-09:19:18.962073 24.42.220.118:2127 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15124 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x881EA10D  Ack: 0x3277DD8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-09:19:19.026172 24.42.220.118:2127 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15125 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x881EA6C1  Ack: 0x3277DD8B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-10:11:18.004532 66.196.65.35:41676 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9925 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5D12B825  Ack: 0xF7E5190F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22391678 2632734699 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-11:12:06.470262 66.196.65.35:33903 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:4154 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD64568FC  Ack: 0xDC2F69A7  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 22756501 2634603369 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:20.599847 24.98.20.14:2591 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:45417 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF5AD8C39  Ack: 0xEF81F08A  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:23.029932 24.98.20.14:2824 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46128 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF6686C85  Ack: 0xF0784A15  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:25.612719 24.98.20.14:3021 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:46813 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF6FC35C0  Ack: 0xF0B81E03  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:31.151600 24.98.20.14:3241 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:48280 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF7ADD69F  Ack: 0xF1DE2B7B  Win: 0x44E8  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:42.573004 24.98.20.14:4538 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:51449 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFB89F70E  Ack: 0xF1BDC068  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-11:17:51.224143 24.98.20.14:1029 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:53795 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFCFB307B  Ack: 0xF26C84FB  Win: 0x44E8  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/06-11:17:53.755042 24.98.20.14:1504 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:54472 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFE6E353B  Ack: 0xF31ECE52  Win: 0x44E8  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:56.169620 24.98.20.14:1752 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55206 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFF23D7BF  Ack: 0xF2A9CBC4  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:17:58.298274 24.98.20.14:1950 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:55780 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFFB66B65  Ack: 0xF3007C23  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:00.452980 24.98.20.14:2128 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:56356 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x431FEA  Ack: 0xF319DB91  Win: 0x44E8  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:07.274680 24.98.20.14:2316 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:137
***AP*** Seq: 0xDA6E6D  Ack: 0x7BF8F500  Win: 0x0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:08.503870 24.98.20.14:2797 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:58535 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2488E8E  Ack: 0xF3BA15B6  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/06-11:18:10.688427 24.98.20.14:2994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:59134 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x2E25F65  Ack: 0xF3A677B4  Win: 0x44E8  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]