SnortSnarf alert page

Destination: 192.168.1.6: #701-800

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 20:53:21.354308 on 04/25/2003
Latest: 12:08:59.218054 on 04/26/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:21.354308 24.98.28.21:2653 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19415 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x813025BC  Ack: 0x6B02550C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-20:53:21.364972 24.98.28.21:2653 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:19416 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x81302B70  Ack: 0x6B02550C  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:26:11.100693 216.239.46.140:19853 -> 192.168.1.6:80
TCP TTL:41 TOS:0x0 ID:46419 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xA39BAE84  Ack: 0xE65344C6  Win: 0x7D78  TcpLen: 32
TCP Options (3) => NOP NOP TS: 102090432 794882759 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:30:09.755827 216.39.50.94:50144 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:49499 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xB2B14AD9  Ack: 0xF5BFDF47  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 399018894 795008357 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:29.259416 24.166.45.37:4192 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34390 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x547E6532  Ack: 0xFE08D073  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:29.968374 24.166.45.37:4207 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34479 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x548B341E  Ack: 0xFE24D68D  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:30.100885 24.166.45.37:4213 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34499 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5490FF39  Ack: 0xFEB5BC6F  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:33.410431 24.166.45.37:4322 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:34955 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x54EDD015  Ack: 0xFF2FAB2E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:32:36.790483 24.166.45.37:4437 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35475 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x554D0207  Ack: 0xFF567A7A  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-21:32:37.056029 24.166.45.37:4450 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35518 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x55587183  Ack: 0xFE97690A  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:37.269161 24.166.45.37:4457 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35553 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x555E3CBF  Ack: 0xFF56B5FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:37.534041 24.166.45.37:4466 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:35597 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x556651DA  Ack: 0xFEEAD929  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:46.920067 24.166.45.37:4823 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:36940 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x567A2B15  Ack: 0xFFE2F1EF  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:32:56.285611 24.166.45.37:1272 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38354 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x579D0938  Ack: 0xC763F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:05.456680 24.166.45.37:1557 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39473 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5890FBDB  Ack: 0x102472F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:08.750029 24.166.45.37:1678 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:39978 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x58F2E471  Ack: 0xCE2F68  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:11.640309 24.166.45.37:1678 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40382 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x58F2E471  Ack: 0xCE2F68  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:11.972219 24.166.45.37:1795 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40431 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5957E373  Ack: 0x125BF65  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:12.082739 24.166.45.37:1800 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40449 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x595C3FF7  Ack: 0x10962D8  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-21:33:12.197662 24.166.45.37:1804 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:40465 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x595FBDF1  Ack: 0x194AF77  Win: 0xFAF0  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:18.349796 24.84.101.194:4490 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21202 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x928830CE  Ack: 0xB7A4339A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:19.259305 24.84.101.194:1041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21325 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x92924A7C  Ack: 0xB6F1821E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:22.948775 24.84.101.194:3095 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:21908 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x92D50ED6  Ack: 0xB74E9565  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:32.494935 24.84.101.194:4937 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:23525 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x93896B32  Ack: 0xB79499F6  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:21:42.664366 24.84.101.194:4967 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25166 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9440869E  Ack: 0xB82A7839  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:21:46.506406 24.84.101.194:4946 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25644 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x947150A6  Ack: 0xB9288138  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:21:47.230335 24.84.101.194:4951 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:25753 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9480AC38  Ack: 0xB954A34B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:09.269229 24.84.101.194:4946 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:28868 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x95C22576  Ack: 0xBA803B6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:18.747967 24.84.101.194:4919 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30227 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x965E690C  Ack: 0xBA6D7CAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:19.590599 24.84.101.194:4994 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30343 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96654F71  Ack: 0xBAF7168B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:20.820584 24.84.101.194:1114 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30537 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96753C63  Ack: 0xBA9C5A44  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:21.663166 24.84.101.194:3977 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30668 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x968305F9  Ack: 0xBAA00238  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:22:21.732764 66.196.65.24:60375 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:43037 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAC426E1A  Ack: 0xBB166EDD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:22.424987 24.84.101.194:1041 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:30794 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9695AA3D  Ack: 0xBAB69BFB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:32.036512 24.84.101.194:4965 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32248 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x972FB5C5  Ack: 0xBB7BF316  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:32.388519 24.84.101.194:1334 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:32316 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97376CAD  Ack: 0xBBBFC8A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:22:42.363165 24.84.101.194:4988 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:33889 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x97E261A9  Ack: 0xBBF20E5E  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:27:56.608003 24.62.112.148:2975 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31248 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA35F51BC  Ack: 0xD062CD45  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:27:57.575600 24.62.112.148:3016 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31421 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA382542F  Ack: 0xCF9947C8  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:00.879587 24.62.112.148:3146 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:31993 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3EF2A67  Ack: 0xD093AF98  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:01.168059 24.62.112.148:3166 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32053 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA3FEFF30  Ack: 0xD0947D71  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:01.512628 24.62.112.148:3183 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32127 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA40D06F9  Ack: 0xCFCD3D0C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:28:01.738925 24.62.112.148:3196 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32182 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA418183C  Ack: 0xD0534B0C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:28:02.018236 24.62.112.148:3211 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32235 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA42422C3  Ack: 0xD04D6FA4  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:02.219097 24.62.112.148:3228 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32285 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA4305686  Ack: 0xD06910B2  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:02.444947 24.62.112.148:3236 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32324 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4366ABC  Ack: 0xCFCB451E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:02.763249 24.62.112.148:3249 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32366 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4409500  Ack: 0xD0A29A86  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:06.029890 24.62.112.148:3263 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:32974 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA44BFD67  Ack: 0xD0BA0D45  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:09.420187 24.62.112.148:3405 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:33588 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA4BEE8D2  Ack: 0xD02C866A  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:13.033920 24.62.112.148:3662 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34208 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA594F054  Ack: 0xD089DD77  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:13.653560 24.62.112.148:3685 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34324 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA5A845B2  Ack: 0xD0ED5578  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:17.231336 24.62.112.148:3715 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:34872 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA5C0B286  Ack: 0xD12ED771  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/25-22:28:20.916133 24.62.112.148:3957 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:35534 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA6913482  Ack: 0xD189316C  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/25-22:51:46.860984 216.39.50.24:32774 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:484 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xE6852A61  Ack: 0x2A90A4E4  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 381496207 797516508 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-00:17:47.644745 24.209.37.151:2701 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62606 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA4E8A7F  Ack: 0x6D6917EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-00:17:47.664464 24.209.37.151:2701 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:62607 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDA4E9033  Ack: 0x6D6917EE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-00:46:23.414399 216.39.50.13:42080 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60582 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x9754698C  Ack: 0xDB457C74  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 400196928 801038453 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:02:17.095121 216.39.50.24:51657 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:60983 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xD3FBF35C  Ack: 0x17670354  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 382279038 801526905 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:37.398771 24.74.33.155:1548 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:65147 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x94F3F73E  Ack: 0x2033FC6D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:38.809652 24.74.33.155:1602 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:65345 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x95229DA2  Ack: 0x206ED5E0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:40.317066 24.74.33.155:1635 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x954043B1  Ack: 0x2084D6E7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:42.001972 24.74.33.155:1674 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:224 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x9562A9B1  Ack: 0x20F65D54  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:43.687969 24.74.33.155:1734 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:455 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x9594ECAA  Ack: 0x21283A2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:04:45.208354 24.74.33.155:1771 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:684 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95B6726E  Ack: 0x20F57A6B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:04:46.994168 24.74.33.155:1817 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:922 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x95DB0B18  Ack: 0x211FBFF2  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:50.313520 24.74.33.155:1912 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:1364 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96300839  Ack: 0x2195AB89  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:52.011542 24.74.33.155:1964 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:1604 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x965DB6D3  Ack: 0x21038235  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:57.193715 24.74.33.155:2101 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2278 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96D5A696  Ack: 0x21DF7704  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:04:58.530384 24.74.33.155:2159 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2462 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x97083283  Ack: 0x21797A7D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:00.162014 24.74.33.155:2187 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:2689 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x9721E31E  Ack: 0x21DDE5E4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:04.691392 24.74.33.155:2329 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3363 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x979CCB3C  Ack: 0x2201DCE9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:06.249794 24.74.33.155:2367 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:3592 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x97BF4999  Ack: 0x2248BC7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:05:10.892904 24.74.33.155:2509 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:4254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x98386E33  Ack: 0x22B73E7F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:24:26.663933 24.53.7.79:3031 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35824 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF9BCB93  Ack: 0x6A14F313  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-01:24:26.674323 24.53.7.79:3031 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:35825 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF9BD147  Ack: 0x6A14F313  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-01:57:10.758838 216.39.50.13:60356 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:23248 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xA297A53D  Ack: 0xE6241496  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 400621569 803213825 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:36.659054 24.130.75.33:1905 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:40787 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xCD1C03FF  Ack: 0x596FCC0B  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:37.852122 24.130.75.33:1943 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:40905 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xCD3E2E9F  Ack: 0x597E7BBF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:41.669948 24.130.75.33:1951 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:41321 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD45FEE9  Ack: 0x5947BB47  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:42.564309 24.130.75.33:2057 -> 192.168.1.6:80
TCP TTL:104 TOS:0x0 ID:41377 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xCD9F35F4  Ack: 0x59C55691  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-02:27:56.020712 24.130.75.33:2076 -> 192.168.1.6:80
TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:136
***AP*** Seq: 0x59FEF31F  Ack: 0xCDAF2760  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-03:29:11.145666 216.39.50.24:36309 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:18314 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0xFD69C81E  Ack: 0x41E331CC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 383160226 806041213 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-04:39:06.313854 216.39.50.94:40237 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:56124 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x58D15A5  Ack: 0x49AB7C28  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 401591979 808189855 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-04:56:21.007778 66.196.65.24:49023 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:20248 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x382A9F64  Ack: 0x8ABFD25C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-08:06:32.378823 66.196.65.24:8614 -> 192.168.1.6:80
TCP TTL:232 TOS:0x0 ID:26806 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x41E2FCF3  Ack: 0x5A4DDA1B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-08:37:08.944010 216.39.50.114:43965 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:43814 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x88C92088  Ack: 0xCCE03CE5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 403016624 815504994 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-08:37:15.319747 24.34.204.45:2039 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:38583 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B70DA1  Ack: 0xCDC41FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-08:37:15.328394 24.34.204.45:2039 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:38584 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B71355  Ack: 0xCDC41FD1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-08:37:18.599058 24.34.204.45:2039 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:38797 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5B70DA1  Ack: 0xCDC41FD1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-08:40:49.078262 216.39.50.24:44851 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:42017 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x96C5B1B6  Ack: 0xDA074959  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 385029559 815617741 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-09:39:19.188677 216.39.50.104:50185 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:10330 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x73A106BB  Ack: 0xB7FFE849  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 403386095 817415515 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-10:55:40.736964 24.209.37.151:1611 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:60277 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4548EA91  Ack: 0xD878E08A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-10:55:40.758229 24.209.37.151:1611 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:60278 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x4548F045  Ack: 0xD878E08A  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:18:32.944991 24.209.37.151:3491 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:31496 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3466B096  Ack: 0x2EDF4619  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:18:32.965237 24.209.37.151:3491 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:31497 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3466B64A  Ack: 0x2EDF4619  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
04/26-11:30:26.591966 216.39.50.24:45976 -> 192.168.1.6:80
TCP TTL:37 TOS:0x0 ID:21444 IpLen:20 DgmLen:211 DF
***AP*** Seq: 0x17D7CF85  Ack: 0x5C1B9957  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 386047059 820830360 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:54:59.019033 24.209.37.151:2655 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:6662 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xACEE588F  Ack: 0xB88B5F67  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-11:54:59.040413 24.209.37.151:2655 -> 192.168.1.6:80
TCP TTL:118 TOS:0x0 ID:6663 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xACEE5E43  Ack: 0xB88B5F67  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:08:58.337972 24.203.10.194:4385 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38207 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF2A7150E  Ack: 0xECF2E46F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
04/26-12:08:59.218054 24.203.10.194:4400 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:38280 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF2B5CFD9  Ack: 0xECCBBD6F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:55 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]