SnortSnarf alert page

Destination: 192.168.1.6: #7201-7300

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 09:29:28.343401 on 06/11/2003
Latest: 23:48:21.607621 on 06/11/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-09:29:28.343401 24.117.37.60:1224 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43227 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB898FD71  Ack: 0x97D4E8B1  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-10:14:53.696948 66.196.65.24:2288 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:52030 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA485D91C  Ack: 0x43C47843  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-10:30:07.951900 24.151.128.134:1816 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64847 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3992AD03  Ack: 0x7D0355F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-10:30:08.060379 24.151.128.134:1816 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:64848 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3992B2B7  Ack: 0x7D0355F8  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-10:46:51.184709 66.196.65.35:41099 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:43699 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x15F7B5D5  Ack: 0xBB9B8731  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 65801679 2855089380 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-10:56:37.237094 216.39.50.154:52331 -> 192.168.1.6:80
TCP TTL:38 TOS:0x0 ID:65062 IpLen:20 DgmLen:202 DF
***AP*** Seq: 0xAA588FEA  Ack: 0xE11C1B3A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 705589721 2855389544 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-11:42:09.585180 66.196.65.24:59292 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:45010 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xC00EFCCD  Ack: 0x8D996CB7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-12:46:06.940947 66.196.65.24:18085 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:15249 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x69360D36  Ack: 0x7F4A28BE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-12:52:44.906007 66.196.65.35:59287 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:24243 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x7595B03C  Ack: 0x98943889  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 66556987 2858958222 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-14:08:46.488594 66.196.65.24:3912 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:58961 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xFA9B255C  Ack: 0xB73BAE9E  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-14:43:18.848654 66.196.65.35:48084 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:2053 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x89DB8FB2  Ack: 0x3A2EEE69  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 67220331 2862355989 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:06:22.858374 24.209.49.251:3949 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8212 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF15633C  Ack: 0x90389EC4  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:06:22.891851 24.209.49.251:3949 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:8213 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEF1568F0  Ack: 0x90389EC4  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-15:11:07.091688 66.196.65.24:26177 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:63529 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x9AE3D84E  Ack: 0xA2577E1A  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:33:23.017545 24.209.49.251:2962 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16837 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3B0529  Ack: 0xF628CB8B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:33:23.050320 24.209.49.251:2962 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:16838 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF3B0ADD  Ack: 0xF628CB8B  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:35:31.205265 24.98.153.56:3738 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43339 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF64097F9  Ack: 0xFFAE333A  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-15:35:31.213702 24.98.153.56:3738 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:43340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF6409DAD  Ack: 0xFFAE333A  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-16:12:47.009386 66.196.65.24:45385 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:27480 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD6F4B10  Ack: 0x8C48166B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:13:50.535517 24.155.52.88:1275 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21273 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB5033FEC  Ack: 0x90323371  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:13:50.542380 24.155.52.88:1275 -> 192.168.1.6:80
TCP TTL:109 TOS:0x0 ID:21274 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xB50345A0  Ack: 0x90323371  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:25:39.296536 24.209.210.252:4088 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24736 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBAD583D  Ack: 0xBBFC19A0  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:25:39.353076 24.209.210.252:4088 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:24737 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBBAD5DF1  Ack: 0xBBFC19A0  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:47.432647 24.164.56.165:2976 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:37637 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x28F96B78  Ack: 0x2553960A  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:49.022714 24.164.56.165:3150 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38262 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x297C2628  Ack: 0x25BAE41F  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:50.584224 24.164.56.165:3306 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:38829 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x29ED841B  Ack: 0x265B3B25  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:53:51.882480 24.164.56.165:3496 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:39353 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2A779211  Ack: 0x2640EE48  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:02.130082 24.164.56.165:1277 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:43391 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x2E1BEBA6  Ack: 0x264EF21B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-16:54:12.768114 24.164.56.165:2569 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:47493 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x31CBB21F  Ack: 0x2730B39A  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-16:54:14.212417 24.164.56.165:2760 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:48047 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x3255E776  Ack: 0x27280E2B  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:18.681943 24.164.56.165:3338 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:49957 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x34007292  Ack: 0x2814355D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:19.996026 24.164.56.165:3521 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:50552 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3482CA1E  Ack: 0x2741BD88  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:21.066781 24.164.56.165:3693 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:51001 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x34F98958  Ack: 0x27BCD916  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:25.744659 24.164.56.165:4380 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:52663 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3667F6CD  Ack: 0x27A4DD0F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:27.204573 24.164.56.165:4741 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53219 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x37008132  Ack: 0x2838D134  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:28.662978 24.164.56.165:1071 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:53762 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x378613AA  Ack: 0x28FD13EE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:30.152451 24.164.56.165:1235 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:54376 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37FBC1DF  Ack: 0x29617CCF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:33.193129 24.164.56.165:1235 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:55702 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x37FBC1DF  Ack: 0x29617CCF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:40.661777 24.164.56.165:2584 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:58827 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3BD78A02  Ack: 0x29EA92B8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-16:54:42.006347 24.164.56.165:2787 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:59382 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3C6B8E4A  Ack: 0x29E0CFC0  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-17:29:43.299465 24.167.23.63:3863 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33323 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F9645D2  Ack: 0xAE89FB7E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-17:29:43.318943 24.167.23.63:3863 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:33324 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2F964B86  Ack: 0xAE89FB7E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-17:37:25.512741 66.196.65.35:48465 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:44263 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xACBC0FD4  Ack: 0xCC304D10  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68264915 2867706564 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-18:03:52.645321 66.196.65.24:6837 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:7605 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x722AEBDD  Ack: 0x2F0F8187  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-18:30:03.210245 209.237.238.158:1426 -> 192.168.1.6:80
TCP TTL:36 TOS:0x0 ID:63904 IpLen:20 DgmLen:173 DF
***AP*** Seq: 0x2155CDEA  Ack: 0x91F9A984  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 53471198 2869323882 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-19:23:31.978767 66.196.65.35:39731 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:3703 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA8C69D2D  Ack: 0x5C4F7342  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 68901513 2870967351 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-19:50:31.409341 66.196.65.24:27775 -> 192.168.1.6:80
TCP TTL:233 TOS:0x0 ID:48580 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x7035F1CF  Ack: 0xC1D28C54  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-20:50:47.213817 66.196.65.24:45037 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:59474 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4B0C141F  Ack: 0xA5763E5F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:14.623484 24.209.196.254:2581 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43357 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x378BE7A0  Ack: 0xB2E13496  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:14.631200 24.209.196.254:2581 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:43358 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x378BED54  Ack: 0xB2E13496  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:26.015552 24.209.196.254:2725 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44361 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38042173  Ack: 0xB2F48C4E  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-20:54:26.042846 24.209.196.254:2725 -> 192.168.1.6:80
TCP TTL:121 TOS:0x0 ID:44375 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x38042727  Ack: 0xB2F48C4E  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-21:22:59.353432 66.196.65.35:34423 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:64518 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDD36C0B5  Ack: 0x203BBFE6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 69618196 2874638331 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:42:50.013100 24.189.230.118:4932 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:569 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xE4AA723A  Ack: 0x6A955018  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:42:50.393704 24.189.230.118:1169 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:661 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xE53ADFB8  Ack: 0x6ABF315E  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:42:53.792254 24.189.230.118:1406 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:1329 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE5E31809  Ack: 0x6AE7EDE7  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:03.006096 24.189.230.118:1871 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3129 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xE735FB24  Ack: 0x6B7D8C2B  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:03.122037 24.189.230.118:1874 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:3139 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE738E827  Ack: 0x6B50FBCF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-21:43:12.226277 24.189.230.118:2305 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4786 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE87BC116  Ack: 0x6C946F81  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-21:43:12.659741 24.189.230.118:2307 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4886 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xE87D73DD  Ack: 0x6C121E3F  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:12.918571 24.189.230.118:2311 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4948 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xE881FBA1  Ack: 0x6C42F1C2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:13.039084 24.189.230.118:2315 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4962 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88530FE  Ack: 0x6BF88F6F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:13.217142 24.189.230.118:2318 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:4976 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88799AE  Ack: 0x6BE076A9  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:13.642176 24.189.230.118:2320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5073 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE88A31B5  Ack: 0x6C4848F8  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:17.091495 24.189.230.118:2494 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:5699 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xE90F8C14  Ack: 0x6CCF9FA6  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:20.272854 24.189.230.118:2539 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6298 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xE93C62D4  Ack: 0x6CAB0206  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:20.412195 24.189.230.118:2541 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6310 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xE93E2CC9  Ack: 0x6C679D76  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:20.524055 24.189.230.118:2544 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:6318 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xE9414B87  Ack: 0x6C4DC9C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-21:43:29.892087 24.189.230.118:2925 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:7471 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xEA68F8DF  Ack: 0x6CD5B74F  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:18:02.868803 24.242.253.122:1810 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:20542 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x2A0CAD34  Ack: 0xEFA49F0A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-22:29:45.429162 66.196.65.35:43743 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33730 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x111C17BD  Ack: 0x1BAAC9F1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70018775 2876690181 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:41:59.540863 24.219.28.221:1804 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:44941 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x833B4C85  Ack: 0x4AD91963  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:00.059526 24.219.28.221:1851 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:45061 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x83601BB4  Ack: 0x4ABC5BAA  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:11.380191 24.219.28.221:2562 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:47071 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x85913590  Ack: 0x4B5D724D  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:20.690859 24.219.28.221:3071 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:48393 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x8727D8B2  Ack: 0x4B4DC3DF  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:30.010121 24.219.28.221:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49664 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x88B46B34  Ack: 0x4BFD988F  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-22:42:30.362863 24.219.28.221:3602 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49734 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x88C77B45  Ack: 0x4C7367F2  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-22:42:30.719932 24.219.28.221:3626 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49829 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x88D96D36  Ack: 0x4C602F29  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.039703 24.219.28.221:3658 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49915 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x88F384CB  Ack: 0x4C285FAC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.348352 24.219.28.221:3681 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:49984 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x8906776F  Ack: 0x4C1CA777  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.662791 24.219.28.221:3699 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50035 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x89141D41  Ack: 0x4C7FEEAC  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:31.972419 24.219.28.221:3720 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50091 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x892522A2  Ack: 0x4C2BD67B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:32.368929 24.219.28.221:3745 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50144 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x893828F9  Ack: 0x4CF3BBA9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:32.671901 24.219.28.221:3763 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50186 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x894726ED  Ack: 0x4C4A5173  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:35.908550 24.219.28.221:3930 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:50614 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89CBFB52  Ack: 0x4C56DD0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:38.861954 24.219.28.221:3930 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51062 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x89CBFB52  Ack: 0x4C56DD0B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:39.073377 24.219.28.221:4108 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51094 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x8A5A4016  Ack: 0x4C992885  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-22:42:39.440072 24.219.28.221:4124 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:51138 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x8A68380B  Ack: 0x4CD9A257  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:13:08.780785 200.149.157.153:4455 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:18122 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x4172F617  Ack: 0xBF7EF89C  Win: 0x4248  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:13:08.885376 200.149.157.153:4455 -> 192.168.1.6:80
TCP TTL:108 TOS:0x0 ID:18123 IpLen:20 DgmLen:1454 DF
***A**** Seq: 0x4172FB9D  Ack: 0xBF7EF89C  Win: 0x4248  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:33:29.795264 66.196.65.35:42532 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:31661 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8AF6834B  Ack: 0xD185878  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70401179 2878648928 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:36:19.230643 80.117.71.238:1860 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:13874 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18E03F13  Ack: 0x172020A9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:36:19.273908 80.117.71.238:1860 -> 192.168.1.6:80
TCP TTL:101 TOS:0x0 ID:13875 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x18E044C7  Ack: 0x172020A9  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:16.832623 24.160.157.79:4828 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:43729 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x26701386  Ack: 0x44DC3FAD  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.228858 24.160.157.79:4839 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:44780 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x267916A1  Ack: 0x44799340  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.440278 24.160.157.79:4847 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:49739 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x267FDE80  Ack: 0x44558557  Win: 0x4470  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.676900 24.160.157.79:4853 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:57721 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x2685D935  Ack: 0x447A6D22  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:17.907642 24.160.157.79:4856 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60666 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x26888190  Ack: 0x44748D9D  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:48:18.117692 24.160.157.79:4860 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60677 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x268B783B  Ack: 0x44A958FF  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/11-23:48:21.607621 24.160.157.79:4917 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:60843 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x26BE2275  Ack: 0x44D55067  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]