SnortSnarf alert page

Destination: 192.168.1.6: #7301-7400

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 23:48:25.383804 on 06/11/2003
Latest: 20:04:29.566029 on 06/12/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:25.383804 24.160.157.79:4961 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61015 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x26D1E31D  Ack: 0x4544C735  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:28.824481 24.160.157.79:1092 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61113 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x2720B90E  Ack: 0x45DF5282  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:29.031855 24.160.157.79:1094 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61129 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x27235188  Ack: 0x452C755B  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:32.629941 24.160.157.79:1137 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61225 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x274EBB01  Ack: 0x45D5BD24  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:32.853842 24.160.157.79:1142 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61235 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x27537D85  Ack: 0x45E29784  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:33.072089 24.160.157.79:1144 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61245 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x27558D79  Ack: 0x45B74EB9  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:33.299854 24.160.157.79:1145 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61254 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x27571191  Ack: 0x456F2D52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:33.502257 24.160.157.79:1147 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61261 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x2759C81F  Ack: 0x4618ABE2  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/11-23:48:37.040073 24.160.157.79:1189 -> 192.168.1.6:80
TCP TTL:112 TOS:0x0 ID:61361 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x27843D58  Ack: 0x45F77031  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:05:51.195902 24.162.150.179:1812 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:175 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21C2C25B  Ack: 0x86B549D7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:05:51.226233 24.162.150.179:1812 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:176 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x21C2C80F  Ack: 0x86B549D7  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:10:44.071440 66.196.65.24:2837 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:61735 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x95D39946  Ack: 0x9A73E1EE  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:35.049578 24.98.99.141:3240 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:45944 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xF6FC3A63  Ack: 0xC98499EB  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:45.514705 24.98.99.141:3650 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47363 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xF847CC10  Ack: 0xCACF599F  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:46.443887 24.98.99.141:3670 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47447 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF858B6F0  Ack: 0xCABAEA48  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:47.263823 24.98.99.141:3725 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:47573 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xF883B526  Ack: 0xCA7E6828  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:23:55.106743 24.98.99.141:3882 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48641 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xF9036EDE  Ack: 0xCB5C1544  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:23:55.622224 24.98.99.141:4063 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:48718 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xF98A3494  Ack: 0xCAB55F16  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:24:02.772944 24.98.99.141:4271 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:49920 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xFA2A619D  Ack: 0xCB94F44F  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:03.366316 24.98.99.141:4439 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50005 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xFAAE2816  Ack: 0xCB67D454  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:06.965872 24.98.99.141:4628 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50555 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB3FA73C  Ack: 0xCC4971AB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:07.507019 24.98.99.141:4634 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:50619 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFB457C33  Ack: 0xCBBED59A  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:11.795037 24.98.99.141:4958 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51241 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBC60618  Ack: 0xCBE8FF89  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:12.361891 24.98.99.141:3023 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:51326 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xFBEBEEF8  Ack: 0xCBC6E4FC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:22.104774 24.98.99.141:3438 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52628 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xFD34438D  Ack: 0xCCB2023F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:22.563158 24.98.99.141:3453 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:52739 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD3FABAE  Ack: 0xCD37DCEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:25.756712 24.98.99.141:3453 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:53257 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xFD3FABAE  Ack: 0xCD37DCEC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:24:32.051828 24.98.99.141:3896 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:54291 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xFE9D3F32  Ack: 0xCD3328CA  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:26:45.747030 24.30.124.220:2869 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:43760 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFEC54B4  Ack: 0xD627C742  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-00:26:45.753881 24.30.124.220:2869 -> 192.168.1.6:80
TCP TTL:107 TOS:0x0 ID:43761 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xFFEC5A68  Ack: 0xD627C742  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-00:44:08.371495 66.196.65.35:54264 -> 192.168.1.6:80
TCP TTL:44 TOS:0x0 ID:33153 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xE751A169  Ack: 0x176E3245  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 70825006 2880819857 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-01:14:06.409079 66.196.65.24:26815 -> 192.168.1.6:80
TCP TTL:235 TOS:0x0 ID:62543 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x733B21C5  Ack: 0x88639FF7  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-02:08:58.728188 66.196.65.35:35953 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:37812 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA45BC3D5  Ack: 0x5800E09A  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71334007 2883427064 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-03:45:50.606973 202.100.20.76:5577 -> 192.168.1.6:80
TCP TTL:29 TOS:0x0 ID:24340 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE8F13E  Ack: 0xC5B3F52A  Win: 0x2000  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-03:45:50.613600 202.100.20.76:5577 -> 192.168.1.6:80
TCP TTL:29 TOS:0x0 ID:24341 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x2FE8F6F2  Ack: 0xC5B3F52A  Win: 0x2000  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-03:50:43.961152 66.196.65.35:37646 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:17063 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3438AB8  Ack: 0xD817CAD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 71944474 2886554001 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-05:39:16.977809 66.196.65.24:11430 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:45855 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x53BDE9F7  Ack: 0x72BC284D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-07:27:39.900309 66.196.65.35:49435 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:22579 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x2424029  Ack: 0xBC3048F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73245972 2893220525 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-09:07:20.021995 66.196.65.35:36903 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:7149 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEC4EFFEF  Ack: 0x849222A1  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 73843938 2896283424 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-09:29:39.857678 66.196.65.24:18990 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:38887 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCD27A040  Ack: 0xD8972F99  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-11:14:23.941867 66.196.65.24:59735 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:30712 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x486170BE  Ack: 0x641EFFC9  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-11:53:52.375704 24.209.210.252:2241 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52399 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB2796BD  Ack: 0xF9EE94EF  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-11:53:52.428272 24.209.210.252:2241 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:52400 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xBB279C71  Ack: 0xF9EE94EF  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:35.081495 24.209.210.252:3685 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13973 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x110C8639  Ack: 0x30840A2C  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:35.111524 24.209.210.252:3685 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:13974 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x110C8BED  Ack: 0x30840A2C  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:38.929863 24.130.219.16:4859 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:42932 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA1B582FD  Ack: 0x301FEE78  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:39.763773 24.130.219.16:4887 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:42990 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0xA1C43542  Ack: 0x301E352A  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:44.433450 24.130.219.16:4951 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43239 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA1F7C707  Ack: 0x30BEDE00  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:45.734477 24.130.219.16:4982 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43318 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0xA20A12BA  Ack: 0x31DBEBFC  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:46.391976 24.130.219.16:3015 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43380 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA21C6B54  Ack: 0x3176514B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:08:46.837396 24.130.219.16:3023 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43413 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA224E788  Ack: 0x3232057C  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:08:51.167219 24.130.219.16:3084 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43686 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0xA25F47DA  Ack: 0x31C1D028  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:55.753421 24.130.219.16:3134 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43909 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0xA293AF41  Ack: 0x32127AD6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:56.303121 24.130.219.16:3148 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:43953 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2A2F5ED  Ack: 0x31F2E3D0  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:08:57.147146 24.130.219.16:3153 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44003 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2A91588  Ack: 0x3201D675  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:01.960036 24.130.219.16:3211 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44281 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA2E1FFC2  Ack: 0x32D58984  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:12.261111 24.130.219.16:3348 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44882 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0xA370AF46  Ack: 0x32ED6609  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:13.075858 24.130.219.16:3354 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44928 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0xA3784890  Ack: 0x33BC7BE7  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:14.159762 24.130.219.16:3369 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:44983 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3862B4E  Ack: 0x335518DB  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:14.754827 24.130.219.16:3384 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45036 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0xA3950BF5  Ack: 0x339A288F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-12:09:18.821208 24.130.219.16:3438 -> 192.168.1.6:80
TCP TTL:105 TOS:0x0 ID:45272 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0xA3CC2C91  Ack: 0x337B1C22  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:16:03.979943 64.210.196.198:33032 -> 192.168.1.6:80
TCP TTL:50 TOS:0x0 ID:7351 IpLen:20 DgmLen:219 DF
***AP*** Seq: 0xA2F92A7  Ack: 0x4D4C1D4F  Win: 0x16D0  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:42:11.826981 66.196.65.35:49249 -> 192.168.1.6:80
TCP TTL:42 TOS:0x0 ID:56674 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD5F420F  Ack: 0xB02B9ED5  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75133016 2902886344 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-12:53:11.930936 66.196.65.24:23659 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:59675 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xA71060C  Ack: 0xD9EAA4F2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-13:06:36.864545 24.209.210.252:4596 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:57581 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x58F78B3D  Ack: 0xC252E31  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-13:06:36.896979 24.209.210.252:4596 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:57582 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x58F790F1  Ack: 0xC252E31  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-14:35:22.247193 66.196.65.24:59380 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28799 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x5A17193D  Ack: 0x5B870CF6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-14:42:08.367771 66.196.65.35:51721 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:30466 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x5AC48D43  Ack: 0x74D43FA6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 75852615 2906572273 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:01.580886 24.191.37.113:3564 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62726 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x5C36ACB3  Ack: 0xC811A3F3  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:01.817322 24.191.37.113:3567 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62742 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x5C39FE38  Ack: 0xC757D971  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:01.936412 24.191.37.113:3571 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62751 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C3C5CDB  Ack: 0xC78DB4C8  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.062717 24.191.37.113:3574 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62768 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x5C3EA98C  Ack: 0xC829D38B  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.216036 24.191.37.113:3578 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62779 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5C429C21  Ack: 0xC788E8A5  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-15:04:02.356729 24.191.37.113:3585 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62798 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C47FD5B  Ack: 0xC78E3A19  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-15:04:02.477013 24.191.37.113:3587 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62807 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x5C49E2FF  Ack: 0xC78F62C5  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.606274 24.191.37.113:3589 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62816 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x5C4BE637  Ack: 0xC76D50FE  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.770779 24.191.37.113:3597 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62832 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C51F0D2  Ack: 0xC78EFF5E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:02.909802 24.191.37.113:3600 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62849 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C5491B5  Ack: 0xC820166C  Win: 0xFAF0  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:03.036231 24.191.37.113:3603 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62859 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C57B22F  Ack: 0xC79BCB24  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:03.153084 24.191.37.113:3605 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:62868 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x5C59D906  Ack: 0xC7A32CA1  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:06.633531 24.191.37.113:3709 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63135 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x5CB16C81  Ack: 0xC79C8A32  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:06.760891 24.191.37.113:3713 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63150 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5CB4B9B6  Ack: 0xC8907A8C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:09.777559 24.191.37.113:3713 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63327 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5CB4B9B6  Ack: 0xC8907A8C  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:09.890178 24.191.37.113:3795 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63341 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x5CFA9097  Ack: 0xC87284EF  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-15:04:10.008706 24.191.37.113:3802 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:63352 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x5CFF7C75  Ack: 0xC7FC494A  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-15:46:59.444740 66.196.65.24:28096 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:854 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x41BF9B13  Ack: 0x69661B21  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-16:11:27.156366 24.99.77.52:1879 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24759 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0x22E45EC5  Ack: 0xC6114EF6  Win: 0xB5C9  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-16:11:27.157564 24.99.77.52:1879 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:24760 IpLen:20 DgmLen:1400 DF
***A**** Seq: 0x22E46415  Ack: 0xC6114EF6  Win: 0xB5C9  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-16:48:36.222497 66.196.65.24:34291 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:27066 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x71833FE9  Ack: 0x5349CB0B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:42:13.972202 24.136.217.109:3642 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20278 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x379E3ED5  Ack: 0x1D91037B  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:42:13.982224 24.136.217.109:3642 -> 192.168.1.6:80
TCP TTL:116 TOS:0x0 ID:20279 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x379E4489  Ack: 0x1D91037B  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-17:43:20.625181 66.196.65.35:43123 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:29689 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3CA50498  Ack: 0x221DF024  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 76939830 2912141204 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:45:30.913866 24.209.98.148:4211 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31E41C24  Ack: 0x2AAC8FB3  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-17:45:30.928002 24.209.98.148:4211 -> 192.168.1.6:80
TCP TTL:55 TOS:0x0 ID:46169 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x31E421D8  Ack: 0x2AAC8FB3  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-18:02:24.066204 66.196.65.24:64338 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:63456 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x38C1459F  Ack: 0x6A3AC058  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:485:2] ICMP Destination Unreachable (Communication Administratively Prohibited) [**]
[Classification: Misc activity] [Priority: 3] 
06/12-18:11:35.597433 12.126.33.98 -> 192.168.1.6
ICMP TTL:235 TOS:0x0 ID:26818 IpLen:20 DgmLen:56
Type:3  Code:13  DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.1.6:39848 -> 208.244.233.4:113
TCP TTL:49 TOS:0x0 ID:19566 IpLen:20 DgmLen:60 DF
Seq: 0x8BDAB2C1  Ack: 0x97FAE83E
** END OF DUMP

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-19:50:27.121761 24.209.49.251:2121 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:26167 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5C170BF0  Ack: 0x1AEE950  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-19:50:27.152278 24.209.49.251:2121 -> 192.168.1.6:80
TCP TTL:119 TOS:0x0 ID:26168 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5C1711A4  Ack: 0x1AEE950  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-20:04:29.559785 24.136.138.173:1292 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11447 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD04916DE  Ack: 0x3789A4BA  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-20:04:29.566029 24.136.138.173:1292 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:11448 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xD0491C92  Ack: 0x3789A4BA  Win: 0x4470  TcpLen: 20

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]