SnortSnarf alert page

Destination: 192.168.1.6: #7101-7200

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 22:03:56.871571 on 06/09/2003
Latest: 09:29:28.322466 on 06/11/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:56.871571 24.140.13.155:2612 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28263 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x799F692D  Ack: 0x39AE634E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:03:57.068579 24.140.13.155:2619 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28291 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x79A596B7  Ack: 0x3A3C056B  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:03:57.257169 24.140.13.155:2628 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28313 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x79ABCD91  Ack: 0x39BF6BFB  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.440998 24.140.13.155:2635 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28333 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x79B1410D  Ack: 0x3A1FE29A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.612973 24.140.13.155:2638 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28351 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79B41385  Ack: 0x3A0C2BB1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.768314 24.140.13.155:2644 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28362 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79BA2A28  Ack: 0x3A1A7A30  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:03:57.934003 24.140.13.155:2649 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:28384 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x79BE3EA0  Ack: 0x3A989428  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:04.662596 24.140.13.155:2812 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29064 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x7A42BC62  Ack: 0x3A837928  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:04.857800 24.140.13.155:2927 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29086 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7AA3107F  Ack: 0x3AE03E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:07.833952 24.140.13.155:2927 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29350 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x7AA3107F  Ack: 0x3AE03E2B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:08.185547 24.140.13.155:3057 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29403 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7B04B829  Ack: 0x3A7D9C1E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:08.364701 24.140.13.155:3062 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29432 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x7B0819F2  Ack: 0x3A5812C1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:04:08.561907 24.140.13.155:3072 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:29466 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x7B110EC7  Ack: 0x3AC96CC0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:09:06.619181 24.194.136.216:4485 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5760 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65D97FDB  Ack: 0x4D621F59  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:09:06.627408 24.194.136.216:4485 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:5761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x65D9858F  Ack: 0x4D621F59  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:15:45.124865 66.196.65.35:42891 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:12700 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA4569031  Ack: 0x66F3CEF9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 52656091 2787755048 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/09-22:29:26.405780 216.136.165.202 -> 192.168.1.6
ICMP TTL:237 TOS:0x0 ID:25669 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:58502 -> 216.33.244.103:113
TCP TTL:49 TOS:0x0 ID:7787 IpLen:20 DgmLen:60 DF
Seq: 0x9AEC3139  Ack: 0x8642E53E
** END OF DUMP

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:45:32.396653 66.196.65.24:60293 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:36964 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC0680C79  Ack: 0xD7D9E5F1  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.009465 24.44.2.165:4201 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58442 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x6C083590  Ack: 0xEB4707B0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.327018 24.44.2.165:4207 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58458 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x6C0DA10D  Ack: 0xEAD498BE  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.466033 24.44.2.165:4209 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58470 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C0F91E1  Ack: 0xEB1808CB  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.632211 24.44.2.165:4214 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58484 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x6C13EDA9  Ack: 0xEBA658E2  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:41.763113 24.44.2.165:4219 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58498 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6C17DBF6  Ack: 0xEADA465E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:50:41.903850 24.44.2.165:4221 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58508 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C19A789  Ack: 0xEAF038F0  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-22:50:42.046965 24.44.2.165:4223 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58520 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6C1BF415  Ack: 0xEBC6057F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.165925 24.44.2.165:4274 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58638 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x6C4ADD7A  Ack: 0xEB3E4BAB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.292227 24.44.2.165:4276 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58647 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4C802A  Ack: 0xEBD15D3E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:45.471448 24.44.2.165:4278 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58657 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C4EDBA9  Ack: 0xEBB43228  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.607543 24.44.2.165:4317 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58736 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C76EBE5  Ack: 0xEC3FAB70  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.741660 24.44.2.165:4320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58747 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6C792193  Ack: 0xEBB71DCE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:48.891352 24.44.2.165:4322 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58757 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C7ABA04  Ack: 0xEBD408AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:51.806936 24.44.2.165:4322 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58839 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x6C7ABA04  Ack: 0xEBD408AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:52.138390 24.44.2.165:4363 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58846 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6CA34419  Ack: 0xEC1D1E8C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:50:52.269073 24.44.2.165:4365 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:58853 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x6CA55D78  Ack: 0xEC74C1D0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-22:51:01.472165 24.44.2.165:4475 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:59092 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x6D177F90  Ack: 0xECEA3047  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/09-23:17:03.823509 66.196.65.35:40866 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:56008 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x304FEB26  Ack: 0x4F06BACE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53023934 2789639212 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-23:33:40.382162 24.209.98.148:3209 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:63215 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A385FF  Ack: 0x8E20A5A3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/09-23:33:40.411615 24.209.98.148:3209 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:63216 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x71A38BB3  Ack: 0x8E20A5A3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-01:34:14.739237 66.196.65.24:40369 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:65504 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x79E62804  Ack: 0x55D669EB  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-01:58:58.514882 66.196.65.35:36429 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:40490 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5751FA6  Ack: 0xB2B02903  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53995330 2794614907 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-02:35:00.192372 66.196.65.24:60766 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:40611 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB30800C9  Ack: 0x3AD5A9AD  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-04:30:50.551169 66.196.65.24:26312 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:43166 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBCED9D52  Ack: 0xF00D17EC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-04:57:52.113121 66.196.65.35:37746 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:9658 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xC0E9CD46  Ack: 0x562B04DD  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 55068610 2800112464 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-07:44:30.427228 66.196.65.35:36765 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:50466 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x1867E4D8  Ack: 0xCC333DC1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 56068362 2805233374 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-08:58:28.788741 66.196.65.35:56964 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:18726 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEA2E72CD  Ack: 0xE37FF120  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 56512166 2807506643 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-09:15:51.489125 62.220.28.154:3994 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65115 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA240DCC2  Ack: 0x24F01C01  Win: 0x2238  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-09:15:51.658400 62.220.28.154:3994 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:65116 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xA240E276  Ack: 0x24F01C01  Win: 0x2238  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-09:33:57.902165 66.196.65.24:55239 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:9221 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x21DB9605  Ack: 0x6945F555  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-10:54:23.237749 66.196.65.24:31235 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:49841 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x8ED6176D  Ack: 0x98D9B79C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-11:49:54.030426 217.35.41.34:3952 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:2012 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xD3468D5F  Ack: 0x6AC626F5  Win: 0x4470  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-12:06:41.393176 66.196.65.24:4385 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:62065 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2086E4F7  Ack: 0xAA5C8BCF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-12:22:40.503649 66.196.65.35:55859 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:39475 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x51463992  Ack: 0xE699BC28  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 57737242 2813781720 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-12:40:17.257162 24.209.98.148:2357 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57852 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFD147C1  Ack: 0x29B62FD5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-12:40:17.275108 24.209.98.148:2357 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:57853 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFD14D75  Ack: 0x29B62FD5  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-13:45:30.744681 66.196.65.24:16618 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:26913 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6DC22EC3  Ack: 0x1F96FF64  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-13:54:23.202508 66.196.65.35:39113 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:15608 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xF91232F  Ack: 0x4056A76F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 58287471 2816600108 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-14:45:38.139264 66.196.65.24:37020 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:29362 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xAF3523BA  Ack: 0x280C1ED  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:11:58.004418 24.98.20.14:2785 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:10748 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x9F89C4DF  Ack: 0x65AA1DFA  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:12:02.774411 24.98.20.14:3087 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:11949 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA0825947  Ack: 0x662749D9  Win: 0x44E8  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:12:03.927575 24.98.20.14:3155 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12260 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0B7E4BF  Ack: 0x6692513F  Win: 0x44E8  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-15:12:05.108231 24.98.20.14:3226 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:12523 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA0F21B9E  Ack: 0x6677B835  Win: 0x44E8  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-16:36:37.331506 66.196.65.35:35657 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:50920 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5D76E78A  Ack: 0xA61DD9AF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 59260805 2821585726 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-16:59:22.671292 66.196.65.24:36172 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:57459 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB487A6AE  Ack: 0xFAAC5D45  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-18:05:17.749823 66.196.65.24:64656 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:14350 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x77474FB7  Ack: 0xF506181A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-18:16:19.618200 24.209.49.251:2384 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:5220 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB49C1F16  Ack: 0x1E9AF7C1  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-18:18:53.065664 24.136.138.173:3048 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:20378 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFB2795  Ack: 0x2882F107  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-18:18:53.071734 24.136.138.173:3048 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:20379 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xDFB2D49  Ack: 0x2882F107  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-18:58:20.267806 66.196.65.35:33461 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:58441 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x255EFCE7  Ack: 0xBE1F1503  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 60111032 2825940753 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-19:20:15.121351 24.209.98.148:2526 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:11551 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x96BA5E39  Ack: 0x107710EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-19:20:15.146040 24.209.98.148:2526 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:11552 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x96BA63ED  Ack: 0x107710EB  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-20:16:37.010471 66.196.65.24:52842 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:28349 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDD7E7329  Ack: 0xE5A83893  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-21:37:19.071631 66.196.65.35:42045 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:19799 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x1A4EDDB3  Ack: 0x16672B71  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 61064840 2830826325 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-21:55:35.356825 66.196.65.24:60016 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:2177 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB3D029C0  Ack: 0x5B53658E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:12:20.618630 24.209.98.148:4354 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:16086 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3933E9D  Ack: 0x7DA1A8FF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:12:20.649678 24.209.98.148:4354 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:16087 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD3934451  Ack: 0x7DA1A8FF  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-23:22:38.990944 66.196.65.24:53942 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:47816 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x377DB151  Ack: 0xA326B810  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:38:05.744962 206.49.58.30:15118 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:13012 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7814C3DE  Ack: 0xDDF8B351  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/10-23:38:05.750433 206.49.58.30:15118 -> 192.168.1.6:80
TCP TTL:97 TOS:0x0 ID:13013 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x7814C992  Ack: 0xDDF8B351  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/10-23:41:21.350127 66.196.65.35:51697 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:5986 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5CD846A8  Ack: 0xE9DE829A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 61809010 2834638139 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-00:34:27.415829 66.196.65.24:22955 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:30285 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE1C560DF  Ack: 0xB3402478  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-01:38:14.898896 66.196.65.24:54465 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:56234 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD9B93A70  Ack: 0xA43FB011  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-01:49:22.079048 66.196.65.35:43360 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:46241 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE865E8B6  Ack: 0xCDD85B92  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 62577023 2838572039 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1042:6] WEB-IIS view source via translate header [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-02:15:30.229948 24.201.63.54:4757 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:55 IpLen:20 DgmLen:187 DF
***AP*** Seq: 0xAFDBE9C9  Ack: 0x30615A86  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.securityfocus.com/bid/1578][Xref => http://www.whitehats.com/info/IDS305]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:20:58.104432 24.209.100.245:4838 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10071 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFAF311  Ack: 0x451D1D3F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:20:58.132826 24.209.100.245:4838 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:10072 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFAF8C5  Ack: 0x451D1D3F  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:28:08.247846 24.209.100.245:4559 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38592 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D1C99DA  Ack: 0x604A59CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-02:28:08.276375 24.209.100.245:4559 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:38593 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5D1C9F8E  Ack: 0x604A59CE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-03:14:30.835140 66.196.65.24:59787 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:64291 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x6E60E974  Ack: 0x1027CDED  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-03:48:33.837681 24.209.100.245:4133 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18620 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC496C097  Ack: 0x8FC2C2DE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-03:48:33.865875 24.209.100.245:4133 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:18621 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC496C64B  Ack: 0x8FC2C2DE  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-04:25:26.288318 66.196.65.35:36189 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:62667 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x21AEDECC  Ack: 0x1B98ED6C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 63513372 2843368213 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-04:28:44.237947 64.68.82.56:29167 -> 192.168.1.6:80
TCP TTL:41 TOS:0x10 ID:48328 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0xF1EA10B7  Ack: 0x28971B8C  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 512077143 2843468483 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-04:43:21.659153 66.196.65.24:53961 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:20515 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xE968BDCA  Ack: 0x5FF5FAE3  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-04:56:47.017059 24.209.100.245:3052 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2984 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7E90BC7  Ack: 0x91E7A105  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-04:56:47.046276 24.209.100.245:3052 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:2985 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE7E9117B  Ack: 0x91E7A105  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-06:49:23.110513 66.196.65.35:38195 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:55643 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA70E17AF  Ack: 0x3ABBA441  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 64376984 2847791812 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-07:06:26.244775 66.196.65.24:60857 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:18806 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA181242F  Ack: 0x7C55498C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-07:57:32.429277 66.196.65.35:43750 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:50210 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE60A36B2  Ack: 0x3CA157EF  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 64785885 2849886276 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-08:58:59.035795 66.196.65.35:35461 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:4088 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD1055204  Ack: 0x259D59E6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 65154516 2851774487 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-09:29:28.322466 24.117.37.60:1224 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43226 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB898F7BD  Ack: 0x97D4E8B1  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]