SnortSnarf alert page

Destination: 192.168.1.6: #7401-7500

SnortSnarf v021111.1

Signature section (91123)

Top 20 source IPs

Top 20 dest IPs

Looking using input module SnortFileInput, with sources:

/home/rivettmj/snort_alertlog/alert

Earliest: 20:38:22.350526 on 06/12/2003
Latest: 13:55:48.468385 on 06/14/2003

22 different signatures are present for 192.168.1.6 as a destination

1 instances of (spp_stream4) STEALTH ACTIVITY (SYN FIN scan) detection
1 instances of WEB-IIS ISAPI .printer access
1 instances of SHELLCODE x86 setuid 0
1 instances of DDOS shaft synflood
2 instances of WEB-CGI formmail access
2 instances of SHELLCODE x86 NOOP
2 instances of SMTP HELO overflow attempt
2 instances of SHELLCODE x86 inc ebx NOOP
3 instances of WEB-MISC bad HTTP/1.1 request, Potentially worm attack
3 instances of WEB-CGI newdesk access
4 instances of WEB-IIS WEBDAV nessus safe scan attempt
11 instances of ICMP Destination Unreachable (Communication Administratively Prohibited)
38 instances of (snort_decoder): T/TCP Detected
58 instances of WEB-IIS view source via translate header
308 instances of WEB-IIS _mem_bin access
316 instances of WEB-FRONTPAGE /_vti_bin/ access
680 instances of WEB-IIS CodeRed v2 root.exe access
786 instances of WEB-MISC robots.txt access
930 instances of WEB-IIS ISAPI .ida attempt
952 instances of WEB-IIS multiple decode attempt
1500 instances of WEB-IIS unicode directory traversal attempt
2169 instances of WEB-IIS cmd.exe access

There are 624 distinct source IPs in the alerts of the type on this page.

192.168.1.6 Whois lookup at: ARIN RIPE APNIC Geektools

DNS lookup at: Amenesi TRIUMF Princeton

More lookup links: Dshield Sam Spade

See also 192.168.1.6 as an alert source [49361 alerts]

Go to: previous range, next range, all alerts, overview page

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-20:38:22.350526 24.202.106.81:3570 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:20831 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0xA76A6280  Ack: 0xB7011F9D  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-20:55:22.344823 66.196.65.24:49858 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:20228 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x871E3182  Ack: 0xF72A582F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-21:05:20.629869 66.196.65.35:37941 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:62566 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x87072C71  Ack: 0x1C055CD0  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78151739 2918348837 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-22:43:07.117736 66.196.65.35:60479 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:20437 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xA4274694  Ack: 0x8E9F3BD6  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 78738339 2921353514 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/12-23:38:12.439317 66.196.65.24:12156 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:24208 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x41DEE675  Ack: 0x5E804189  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-23:48:14.242140 24.130.90.29:2266 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:59904 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CC71725  Ack: 0x8315FAA5  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/12-23:48:14.248788 24.130.90.29:2266 -> 192.168.1.6:80
TCP TTL:103 TOS:0x0 ID:59905 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5CC71CD9  Ack: 0x8315FAA5  Win: 0x4470  TcpLen: 20

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:44.034988 24.46.127.157:3342 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40104 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x93A83B6D  Ack: 0xBE5D87BF  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:47.976424 24.46.127.157:3369 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40505 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x93BEA6ED  Ack: 0xBEA2EFC0  Win: 0x4470  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:51.940323 24.46.127.157:3604 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40881 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x94860892  Ack: 0xBF262994  Win: 0x4470  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:03:52.097785 24.46.127.157:3607 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40900 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x94886717  Ack: 0xBEE5DAEE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-00:03:52.418938 24.46.127.157:3611 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:40935 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x948C9B1A  Ack: 0xBF40CBFD  Win: 0x4470  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-00:04:01.770054 24.46.127.157:3871 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41588 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x9565F9D0  Ack: 0xC020595E  Win: 0x4470  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:01.917205 24.46.127.157:3876 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41604 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x956A4C13  Ack: 0xBF8BF254  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:02.041953 24.46.127.157:3882 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41611 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95704597  Ack: 0xBFA12D64  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:05.497971 24.46.127.157:3953 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:41791 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x95AD19EC  Ack: 0xC0157AD1  Win: 0x4470  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:08.876269 24.46.127.157:4056 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42029 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96031007  Ack: 0xC0336F18  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:18.663997 24.46.127.157:4320 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42736 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x96E38666  Ack: 0xC128A2B3  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:18.802724 24.46.127.157:4328 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42745 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x96EACC50  Ack: 0xC128BE52  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:18.926156 24.46.127.157:4331 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:42758 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x96ED3D9C  Ack: 0xC0B650CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:21.848045 24.46.127.157:4331 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43066 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x96ED3D9C  Ack: 0xC0B650CE  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:22.042321 24.46.127.157:4442 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43084 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x974D1441  Ack: 0xC1348EFC  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:04:22.350172 24.46.127.157:4444 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:43104 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x974F1222  Ack: 0xC165A942  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:53:16.597286 24.126.123.161:1849 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:2125 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC4494E89  Ack: 0x79BE38AB  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-00:53:16.611960 24.126.123.161:1849 -> 192.168.1.6:80
TCP TTL:106 TOS:0x0 ID:2126 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xC449543D  Ack: 0x79BE38AB  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-00:58:41.859798 66.196.65.24:56288 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:3237 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x58190468  Ack: 0x8E164FE8  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-02:03:57.547527 66.196.65.24:9712 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:51726 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4A434FCA  Ack: 0x847C747B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-03:07:21.087374 66.196.65.35:36260 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:114 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x8CC9576F  Ack: 0x7442FFA3  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 80323608 2929473587 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-03:39:41.887794 66.196.65.24:20167 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28075 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x83FE4355  Ack: 0xEE6DB8B6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:05.361577 24.98.99.141:3679 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9045 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x35930AE1  Ack: 0x4AB08214  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:05.873191 24.98.99.141:3713 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9149 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x35AEBF5C  Ack: 0x4ABCD771  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:06.244008 24.98.99.141:3728 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9208 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35BCAD78  Ack: 0x4A48D90C  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:06.885678 24.98.99.141:3744 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9283 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x35C80E5B  Ack: 0x4B17B9BD  Win: 0xFAF0  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:07.702579 24.98.99.141:3769 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9378 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x35DAE387  Ack: 0x4B0E900E  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-04:04:08.395723 24.98.99.141:3792 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9470 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x35ED7CCE  Ack: 0x4A5207AB  Win: 0xFAF0  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-04:04:09.245557 24.98.99.141:3806 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:9555 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x35FAC7E0  Ack: 0x4A66B114  Win: 0xFAF0  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:19.030306 24.98.99.141:4127 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:10730 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x36FF75A3  Ack: 0x4B403F4F  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:23.046993 24.98.99.141:4239 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:11171 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3759F339  Ack: 0x4BACAEAC  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:32.912144 24.98.99.141:4544 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:12353 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x385975C6  Ack: 0x4C8711A5  Win: 0xFAF0  TcpLen: 20

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:41.656045 24.98.99.141:4875 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:13306 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x3932466E  Ack: 0x4CB3A656  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:51.685739 24.98.99.141:3244 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:14487 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x3A371D04  Ack: 0x4DE2BFE9  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:52.261008 24.98.99.141:3263 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:14568 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3A47EF1A  Ack: 0x4DF011D6  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:52.846084 24.98.99.141:3280 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:14651 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x3A56C529  Ack: 0x4DE6CC9B  Win: 0xFAF0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-04:04:56.803450 24.98.99.141:3421 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:15217 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x3ACBFCDA  Ack: 0x4EBDF2C4  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-05:40:12.733804 64.68.82.36:15800 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:25216 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x7A519CB4  Ack: 0xB4EA516B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 927334894 2934167083 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-06:01:02.120096 66.196.65.35:47309 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:15291 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x355B39DD  Ack: 0x3E31CBE  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 81365631 2934811040 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-06:29:27.687673 66.196.65.24:7021 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:54338 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xDC44214A  Ack: 0x70C65D2B  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-07:56:59.052852 66.196.65.35:45126 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:5525 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xD7029ABE  Ack: 0xB98B0A04  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 82061272 2938374250 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-09:20:36.804967 24.161.243.248:3110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:61018 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB602996  Ack: 0xF59C5D96  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-09:20:36.835810 24.161.243.248:3110 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:61019 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xEB602F4A  Ack: 0xF59C5D96  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-09:26:33.605591 66.196.65.24:3452 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:61927 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xB8ADD027  Ack: 0xD9526CC  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-10:01:01.486983 24.209.210.252:3651 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63160 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9061B97C  Ack: 0x8E7446BD  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-10:01:01.493742 24.209.210.252:3651 -> 192.168.1.6:80
TCP TTL:124 TOS:0x0 ID:63161 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9061BF30  Ack: 0x8E7446BD  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-10:59:29.028286 66.196.65.24:8197 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:457 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x3284D8E8  Ack: 0x6BCB90A2  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-12:38:16.069904 66.196.65.24:21590 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:28393 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xD68E08BC  Ack: 0xE0855B8F  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-12:45:19.190338 24.162.63.181:1599 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34141 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E35506B  Ack: 0xFBB362C7  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-12:45:19.221104 24.162.63.181:1599 -> 192.168.1.6:80
TCP TTL:113 TOS:0x0 ID:34142 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x9E35561F  Ack: 0xFBB362C7  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-15:26:54.435183 24.225.153.162:1363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61053 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E46D6D  Ack: 0x5DCF0274  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-15:26:54.470616 24.225.153.162:1363 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:61054 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xF2E47321  Ack: 0x5DCF0274  Win: 0x4470  TcpLen: 20

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-17:53:44.551486 24.225.137.228:1415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29719 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFE573C  Ack: 0x88D73E15  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-17:53:44.810513 24.225.137.228:1415 -> 192.168.1.6:80
TCP TTL:114 TOS:0x0 ID:29720 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x3BFE5CF0  Ack: 0x88D73E15  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:08:41.396058 66.196.65.35:37310 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:12177 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6DA0D531  Ack: 0xC0FF083F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 85731226 2957172474 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-18:11:18.019759 66.196.65.24:13700 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:19070 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x4B2083E7  Ack: 0xCA46DC1D  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-19:38:42.843618 24.145.197.22:2984 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63672 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1F8C72  Ack: 0x158260E8  Win: 0x16D0  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/13-19:38:42.851639 24.145.197.22:2984 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:63673 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xE1F9226  Ack: 0x158260E8  Win: 0x16D0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-21:50:44.869594 66.196.65.35:54857 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:34935 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x26AC6270  Ack: 0x746A64F  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 87063475 2963996520 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/13-23:05:44.180062 66.196.65.35:41833 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:27485 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x796AD4BD  Ack: 0x23758C50  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 87513371 2966300985 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-01:08:55.570218 24.148.39.97:1583 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:55029 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCDAF593  Ack: 0xF503AC73  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-01:08:55.575490 24.148.39.97:1583 -> 192.168.1.6:80
TCP TTL:115 TOS:0x0 ID:55030 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0xCCDAFB47  Ack: 0xF503AC73  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:09:22.724777 66.196.65.24:15641 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:141 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0x2903D811  Ack: 0xF5BB6E0C  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-01:51:24.334913 66.196.65.35:47339 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:18969 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xDA399309  Ack: 0x95A174ED  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 88507313 2971392144 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1243:8] WEB-IIS ISAPI .ida attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-02:57:07.663610 24.98.239.151:3218 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:20547 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AA62C48  Ack: 0x8DCF5E19  Win: 0x4470  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071][Xref => http://www.securityfocus.com/bid/1065][Xref => http://www.whitehats.com/info/IDS552]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-02:57:07.671842 24.98.239.151:3218 -> 192.168.1.6:80
TCP TTL:110 TOS:0x0 ID:20548 IpLen:20 DgmLen:1500 DF
***A**** Seq: 0x5AA631FC  Ack: 0x8DCF5E19  Win: 0x4470  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-03:26:37.214897 66.196.65.35:40966 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:56583 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x3D1C6F8C  Ack: 0xFCE51A51  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 89078556 2974318173 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-08:41:33.681100 66.196.65.35:53033 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:38185 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x6831146F  Ack: 0xA31A69B9  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 90968052 2983996540 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-10:34:18.850065 66.196.65.35:48907 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:57287 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0x538072C9  Ack: 0x4CA5C07B  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 91644517 2987461530 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-10:55:16.406341 66.196.65.24:16397 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:22205 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xBDEB8C7F  Ack: 0x9C7E30EF  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:04.874158 24.208.193.218:3738 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53608 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x1DE46B12  Ack: 0x9EF75B07  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:05.818561 24.208.193.218:3747 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53727 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x1DED8004  Ack: 0x9F2FCD94  Win: 0xFAF0  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:06.595858 24.208.193.218:3773 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53856 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E032E0C  Ack: 0x9F51ED20  Win: 0xFAF0  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-10:56:07.318240 24.208.193.218:3786 -> 192.168.1.6:80
TCP TTL:120 TOS:0x0 ID:53945 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x1E0F6CDF  Ack: 0x9F00C384  Win: 0xFAF0  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:17:32.165009 66.196.65.24:35134 -> 192.168.1.6:80
TCP TTL:234 TOS:0x0 ID:42184 IpLen:20 DgmLen:224 DF
***AP*** Seq: 0xCDD73D64  Ack: 0xD25435A6  Win: 0x8052  TcpLen: 20
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:29:37.439983 66.196.65.35:44266 -> 192.168.1.6:80
TCP TTL:43 TOS:0x0 ID:9991 IpLen:20 DgmLen:236 DF
***AP*** Seq: 0xEDC5B848  Ack: 0x332B13  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 92336322 2991005093 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:00.997526 24.158.6.15:4065 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:36969 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x64AE0FC3  Ack: 0x5B999932  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1256:7] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:07.042398 24.158.6.15:4096 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37419 IpLen:20 DgmLen:110 DF
***AP*** Seq: 0x64CE3DD4  Ack: 0x5BA8F73B  Win: 0xFC00  TcpLen: 20
[Xref => http://www.cert.org/advisories/CA-2001-19.html]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:11.656626 24.158.6.15:4162 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37778 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x650F9B51  Ack: 0x5C23D008  Win: 0xFC00  TcpLen: 20

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:13.655052 24.158.6.15:4225 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:37937 IpLen:20 DgmLen:120 DF
***AP*** Seq: 0x65505B24  Ack: 0x5C546AAC  Win: 0xFC00  TcpLen: 20

[**] [1:1945:1] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:15.493679 24.158.6.15:4256 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38077 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x656F445D  Ack: 0x5D36CF05  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1288:5] WEB-FRONTPAGE /_vti_bin/ access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:54:17.247543 24.158.6.15:4278 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38212 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x6584C251  Ack: 0x5CD29BF6  Win: 0xFC00  TcpLen: 20

[**] [1:1286:5] WEB-IIS _mem_bin access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-12:54:22.639816 24.158.6.15:4310 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38627 IpLen:20 DgmLen:157 DF
***AP*** Seq: 0x65A58221  Ack: 0x5D47BBCE  Win: 0xFC00  TcpLen: 20

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:24.283394 24.158.6.15:4375 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38785 IpLen:20 DgmLen:185 DF
***AP*** Seq: 0x65E4FE66  Ack: 0x5D9AAA6A  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:982:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:26.116640 24.158.6.15:4402 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:38912 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x65FDE984  Ack: 0x5D8BBD96  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:29.887556 24.158.6.15:4420 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39223 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x6611D2B5  Ack: 0x5D96F42D  Win: 0xFC00  TcpLen: 20

[**] [1:981:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:30.872679 24.158.6.15:4479 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39320 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x664D0DB0  Ack: 0x5D4E68A7  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:983:6] WEB-IIS unicode directory traversal attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:32.009382 24.158.6.15:4496 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39434 IpLen:20 DgmLen:137 DF
***AP*** Seq: 0x665E5F26  Ack: 0x5E3737A9  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:32.204047 24.158.6.15:4514 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39495 IpLen:20 DgmLen:138 DF
***AP*** Seq: 0x666FFDE0  Ack: 0x5DD415F9  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:33.370432 24.158.6.15:4527 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39585 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x667A3817  Ack: 0x5DAD4A43  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:970:5] WEB-IIS multiple decode attempt [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:34.344710 24.158.6.15:4558 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39727 IpLen:20 DgmLen:140 DF
***AP*** Seq: 0x66955E95  Ack: 0x5DBB9393  Win: 0xFC00  TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333]

[**] [1:1002:5] WEB-IIS cmd.exe access [**]
[Classification: Web Application Attack] [Priority: 1] 
06/14-12:54:35.510659 24.158.6.15:4576 -> 192.168.1.6:80
TCP TTL:111 TOS:0x0 ID:39850 IpLen:20 DgmLen:136 DF
***AP*** Seq: 0x66A68364  Ack: 0x5D90101B  Win: 0xFC00  TcpLen: 20

[**] [1:1852:3] WEB-MISC robots.txt access [**]
[Classification: access to a potentially vulnerable web application] [Priority: 2] 
06/14-13:55:48.468385 64.68.82.34:47963 -> 192.168.1.6:80
TCP TTL:40 TOS:0x10 ID:24274 IpLen:20 DgmLen:453 DF
***AP*** Seq: 0x8383F76  Ack: 0x45D855BC  Win: 0x16D0  TcpLen: 32
TCP Options (3) => NOP NOP TS: 938959317 2993653415 
[Xref => http://cgi.nessus.org/plugins/dump.php3?id=10302]

Go to: previous range, next range, all alerts, overview page

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Jun 17 09:09:56 2003

192.168.1.6	Whois lookup at:	ARIN	RIPE	APNIC	Geektools
	DNS lookup at:	Amenesi	TRIUMF	Princeton
	More lookup links:	Dshield	Sam Spade
See also 192.168.1.6 as an alert source [49361 alerts]